On pairing constrained wireless devices based on secrecy of auxiliary channels: the case of acoustic eavesdropping

Secure "pairing" of wireless devices based on auxiliary or out-of-band (OOB) - audio, visual or tactile - communication is a well-established research direction. Lack of good quality interfaces on or physical access to certain constrained devices (e.g., headsets, access points, medical implants) makes pairing a challenging problem in practice. Prior work shows that pairing of constrained devices based on authenticated OOB (A-OOB) channels can be prone to human errors that eventually translate into man-in-the-middle attacks. An alternative and more usable solution is to use OOB channel(s) that are authenticated as well as secret (AS-OOB). AS-OOB pairing can be achieved by simply transmitting the key or a short password over the AS-OOB channel, avoiding potential serious human errors. A higher level goal of this paper is to analyze the security of AS-OOB pairing. More specifically, we take a closer look at three notable prior AS-OOB pairing proposals and challenge the direct or indirect assumption upon which the security of these proposals relies, i.e., the secrecy of underlying or associated audio channels. The first proposal (IMD Pairing [9]) uses a low frequency audio channel to pair an implanted RFID tag with an external reader. The second proposal (PIN-Vibra [20]) uses an automated vibrational channel to pair a mobile phone with a personal RFID tag. The third proposal (BEDA [22]) uses vibration (or blinking) on one device and manually synchronized button pressing on the other device. In particular, we demonstrate the feasibility of eavesdropping over acoustic emanations associated with these methods. Based on our results, we conclude that these methods provide a weaker level of security compared to what was originally assumed or is desired for the pairing operation.

[1]  Arun Kumar,et al.  Caveat Emptor: A Comparative Study of Secure Device Pairing Methods , 2009, PerCom.

[2]  Feng Zhou,et al.  Keyboard acoustic emanations revisited , 2005, CCS '05.

[3]  Diana K. Smetters,et al.  Talking to Strangers: Authentication in Ad-Hoc Wireless Networks , 2002, NDSS.

[4]  Srdjan Capkun,et al.  Proximity-based access control for implantable medical devices , 2009, CCS.

[5]  Rakesh Agrawal,et al.  Keyboard acoustic emanations , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[6]  N. Asokan,et al.  Secure device pairing based on a visual channel , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[7]  Eran Tromer,et al.  Acoustic cryptanalysis : on nosy people and noisy machines , 2004 .

[8]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[9]  Nitesh Saxena,et al.  Efficient Device Pairing Using "Human-Comparable" Synchronized Audiovisual Patterns , 2008, ACNS.

[10]  Christian Gehrmann,et al.  Manual authentication for wireless devices , 2004 .

[11]  Michael K. Reiter,et al.  Seeing-is-believing: using camera phones for human-verifiable authentication , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[12]  Volker Roth,et al.  Simple and effective defense against evil twin access points , 2008, WiSec '08.

[13]  Sotiris B. Kotsiantis,et al.  Supervised Machine Learning: A Review of Classification Techniques , 2007, Informatica.

[14]  Nitesh Saxena,et al.  Secure Pairing of "Interface-Constrained" Devices Resistant against Rushing User Behavior , 2009, ACNS.

[15]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[16]  Kevin Fu,et al.  Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[17]  Derek Greene,et al.  Unsupervised Learning and Clustering , 2008, Machine Learning Techniques for Multimedia.

[18]  Ersin Uzun,et al.  Usability Analysis of Secure Pairing Methods , 2007, Financial Cryptography.

[19]  E. Uzun,et al.  BEDA : Button-Enabled Device Association , 2007 .

[20]  Cristina V. Lopes,et al.  Acoustic Modems for Ubiquitous Computing , 2003, IEEE Pervasive Comput..

[21]  Nitesh Saxena,et al.  Treat 'em like other devices: user authentication of multiple personal RFID tags , 2009, SOUPS.

[22]  Joshua R. Smith,et al.  Design of a Passively-Powered, Programmable Sensing Platform for UHF RFID Systems , 2007, 2007 IEEE International Conference on RFID.

[23]  Claudio Soriente,et al.  Secure pairing of interface constrained devices , 2009, Int. J. Secur. Networks.