Pairing between wireless devices may be secured by the use of an auxiliary channel such as audio, visuals or vibrations. A simple approach to pairing involves one of the devices initiating the transmission of a key, or keying material like a short password, over the auxiliary channel to the other device. A successful pairing is achieved when the receiving device is able to decode the key without any errors while the attacker is unable to eavesdrop the key. In this paper, we focus on the security of the vibration channel when used for the key transmission. As shown in some recent work, sending the keying material over a clear vibrational channel poses a significant risk of an acoustic side channel attack. Specifically, an adversary can listen onto the acoustic sounds generated by the vibration motor of the sending device and infer the keying material with a high accuracy. To counteract this threat, we propose a novel pairing scheme, called Vibreaker (a ``Vibrating speaker''), that involves active injection of acoustic noise in order to mask the key signal. In this scheme, the sending device artificially injects noise in the otherwise clear audio channel while transmitting the keying material via vibrations. We experiment with several choices for the noise signal and demonstrate that the security of the audio channel is significantly enhanced with Vibreaker when appropriate noise is used. The scheme requires no additional effort by the user, and imposes minimum hardware requirement and hence can be applied to many different contexts, such as pairing of IoT and implanted devices, wearables and other commodity gadgets.
[1]
Nitesh Saxena,et al.
On pairing constrained wireless devices based on secrecy of auxiliary channels: the case of acoustic eavesdropping
,
2010,
CCS '10.
[2]
N. Asokan,et al.
Secure device pairing based on a visual channel
,
2006,
2006 IEEE Symposium on Security and Privacy (S&P'06).
[3]
Ersin Uzun,et al.
Usability Analysis of Secure Pairing Methods
,
2007,
Financial Cryptography.
[4]
A. W. Roscoe,et al.
Usability and security of out-of-band channels in secure device pairing protocols
,
2009,
SOUPS.
[5]
Kevin Fu,et al.
Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses
,
2008,
2008 IEEE Symposium on Security and Privacy (sp 2008).
[6]
N. Asokan,et al.
Vibrate-to-unlock: Mobile phone assisted user authentication to multiple personal RFID tags
,
2011,
2011 IEEE International Conference on Pervasive Computing and Communications (PerCom).
[7]
Romit Roy Choudhury,et al.
Ripple: Communicating through Physical Vibration
,
2015,
NSDI.