Acoustic Eavesdropping Attacks on Constrained Wireless Device Pairing

Secure “pairing” of wireless devices based on auxiliary or out-of-band (OOB)-audio, visual, or tactile-communication is a well-established research direction. Specifically, authenticated as well as secret OOB (AS-OOB) channels have been shown to be quite useful for this purpose. Pairing can be achieved by simply transmitting the key or short password over the AS-OOB channel, avoiding potential serious human errors. This paper analyzes the security of AS-OOB pairing. Specifically, we take a closer look at three notable prior AS-OOB pairing proposals and challenge the assumptions upon which the security of these proposals relies, i.e., the secrecy of underlying audio channels. The first proposal (IMD Pairing) uses a low frequency audio channel to pair an implanted RFID tag with an external reader. The second proposal (PIN-Vibra) uses an automated vibrational channel to pair a mobile phone with a personal RFID tag. The third proposal (BEDA) uses vibration (or blinking) on one device and manually synchronized button pressing on another device or simultaneous button pressing on two devices. We demonstrate the feasibility of eavesdropping over acoustic emanations associated with these methods and conclude that they provide a weaker level of security than was originally assumed or desired for the pairing operation.

[1]  Ersin Uzun,et al.  Usability Analysis of Secure Pairing Methods , 2007, Financial Cryptography.

[2]  N. Asokan,et al.  Secure device pairing based on a visual channel , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[3]  E. Uzun,et al.  BEDA : Button-Enabled Device Association , 2007 .

[4]  Derek Greene,et al.  Unsupervised Learning and Clustering , 2008, Machine Learning Techniques for Multimedia.

[5]  N. Asokan,et al.  Vibrate-to-unlock: Mobile phone assisted user authentication to multiple personal RFID tags , 2011, 2011 IEEE International Conference on Pervasive Computing and Communications (PerCom).

[6]  Kevin Fu,et al.  Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[7]  Volker Roth,et al.  Simple and effective defense against evil twin access points , 2008, WiSec '08.

[8]  Manfred Pinkal,et al.  Acoustic Side-Channel Attacks on Printers , 2010, USENIX Security Symposium.

[9]  Joshua R. Smith,et al.  Design of a Passively-Powered, Programmable Sensing Platform for UHF RFID Systems , 2007, 2007 IEEE International Conference on RFID.

[10]  Claudio Soriente,et al.  Secure pairing of interface constrained devices , 2009, Int. J. Secur. Networks.

[11]  Christian Gehrmann,et al.  Manual authentication for wireless devices , 2004 .

[12]  Michael K. Reiter,et al.  Seeing-is-believing: using camera phones for human-verifiable authentication , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[13]  Nitesh Saxena,et al.  Efficient Device Pairing Using "Human-Comparable" Synchronized Audiovisual Patterns , 2008, ACNS.

[14]  E. B. Newman,et al.  A Scale for the Measurement of the Psychological Magnitude Pitch , 1937 .

[15]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[16]  Geoffrey Holmes,et al.  Clustering for classification , 2011, 2011 7th International Conference on Information Technology in Asia.

[17]  Sotiris B. Kotsiantis,et al.  Supervised Machine Learning: A Review of Classification Techniques , 2007, Informatica.

[18]  Eran Tromer,et al.  Acoustic cryptanalysis : on nosy people and noisy machines , 2004 .

[19]  Rakesh Agrawal,et al.  Keyboard acoustic emanations , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[20]  Diana K. Smetters,et al.  Talking to Strangers: Authentication in Ad-Hoc Wireless Networks , 2002, NDSS.

[21]  Srdjan Capkun,et al.  Proximity-based access control for implantable medical devices , 2009, CCS.

[22]  Feng Zhou,et al.  Keyboard acoustic emanations revisited , 2005, CCS '05.

[23]  Cristina V. Lopes,et al.  Acoustic Modems for Ubiquitous Computing , 2003, IEEE Pervasive Comput..

[24]  Nitesh Saxena,et al.  Treat 'em like other devices: user authentication of multiple personal RFID tags , 2009, SOUPS.

[25]  Nitesh Saxena,et al.  On pairing constrained wireless devices based on secrecy of auxiliary channels: the case of acoustic eavesdropping , 2010, CCS '10.

[26]  Nitesh Saxena,et al.  Secure Pairing of "Interface-Constrained" Devices Resistant against Rushing User Behavior , 2009, ACNS.

[27]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[28]  Biing-Hwang Juang,et al.  Fundamentals of speech recognition , 1993, Prentice Hall signal processing series.

[29]  Arun Kumar,et al.  Caveat Emptor: A Comparative Study of Secure Device Pairing Methods , 2009, PerCom.