Generating Device Fingerprints for Smart Device Pairing Using the Unique Spectrum Characteristic From LEDs

Currently, the vast majority of smart devices with LEDs are on the rise. It has been observed that the lights emitted by each LED have unique spectral characteristics. Despite the fact that there are a number of methods out there to generate fingerprints, none seem to explore the possibility of generating fingerprints using this unique feature. In this chapter, the method to perform device fingerprinting using the unique spectrum emitted from the LED lights is discussed. The generated fingerprint is then used in device pairing.

Improving the Privacy-Preserving of Covid-19 Bluetooth-Based Contact Tracing Applications Against Tracking Attacks

Bluetooth is an essential wireless standard for short-distance and low-power wireless networks. Health departments’ contact-tracing applications depended on Bluetooth technology to prevent infectious diseases from spreading, especially COVID-19. The security threats of the Bluetooth-based contact-tracing applications increased because an adversary can use them as surveillance tools that violate the user’s privacy and revealpersonal information. The Bluetooth standard mainly depends on the device address in its authenticated pairing mechanism (Secure Simple Pairing), which can collect with off-the-shelf hardware and software and leads to a tracking attack. To avoid the risk of tracking based on this security vulnerability in the Bluetooth protocol, we suggest a novel authentication protocol based on a noninteractive zero-knowledge scheme to substitute the authentication protocol used in the Bluetooth standard. The new protocol can replace the authentication protocol in the Bluetooth stack without any modification in the device pairing flow. Finally, we prove the security of our proposed scheme against the man-in-themiddle attack and tracking attack. A performance comparison with the authentication algorithm in the BLE standard shows that our method mitigates the tracking attack with low communication messages. Our results help enhance the contact-tracing application’s security in which Bluetooth access is available.

A QR Code Based Group Pairing Approach for Mobile Ad Hoc Networks

Due to the rapid growth of small and smart hand-held devices, mobile ad hoc networks (MANets) are becoming very common nowadays. MANets may consist of a number of small hand-held devices having limited resources in terms of memory, battery and processing power. In order to provide services to the users, these devices are capable of communicating with each other through some radio technology, such as WiFi, Bluetooth or Infrared. Since radio channels are inherently vulnerable to various security threats, it requires that devices in MANets must establish a secure association amongst themselves before exchanging any sensitive information or data. The process of establishing a secure channel between two devices is referred to as device pairing or device association. Device pairing do not rely on traditional mechanisms for security due to the impulsive and ad hoc interactions among the devices. Due to this, researchers have proposed many schemes/protocols to deal with this issue; however, the issue of group pairing (i.e. secure association of more than two devices) is less addressed issue in the literature yet. There could be many scenarios (such as confidential office meetings, paring of group of home appliances in smart-homes, etc) of MANets, where secure group communications is desired. Consequently, this research focuses on this issue and proposes a QR (quick response) code based scheme to establish a secure channel between a numbers of devices. The proposed system is implemented and tested on modern hand-held devices and a usability study of the implemented system is also carried out.

A Proposed Hidden Markov Model Method for Dynamic Device Pairing on Internet of Things End-Devices

Dynamic device pairing is a context-based zero-interaction method to pair end-devices in an IoT System based on Received Signal Strength Indicator (RSSI) values. But if RSSI detection is done in high level, the accuracy is troublesome due to poor sampling rates. This research proposes the Hidden Markov Model method to increase the performance of dynamic device pairing detection. This research implements an IoT system consisting an Access Point, an IoT End Device, an IoT Platform, and an IoT application and performs a comparison of two different methods to prove the concept. The results show that the precision of dynamic device pairing with HMM is better than without HMM and the value is 83,93%.

Security Analysis of Out-of-Band Device Pairing Protocols: A Survey

Numerous secure device pairing (SDP) protocols have been proposed to establish a secure communication between unidentified IoT devices that have no preshared security parameters due to the scalability requirements imposed by the ubiquitous nature of the IoT devices. In order to provide the most user-friendly IoT services, the usability assessment has become the main requirement. Thus, the complete security analysis has been replaced by a sketch of a proof to partially validate the robustness of the proposal. The few existing formal or computational security verifications on the SDP schemes have been conducted based on the assessment of a wide variety of uniquely defined security properties. Therefore, the security comparison between these protocols is not feasible and there is a lack of a unified security analysis framework to assess these pairing techniques. In this paper, we survey a selection of secure device pairing proposals that have been formally or computationally verified. We present a systematic description of the protocol assumptions, the adopted verification model, and an assessment of the verification results. In addition, we normalize the used taxonomy in order to enhance the understanding of these security validations. Furthermore, we refine the adversary capabilities on the out-of-band channel by redefining the replay capability and by introducing a new notion of delay that is dependent on the protocol structure that is more adequate for the ad hoc pairing context. Also, we propose a classification of a number of out-of-band channels based on their security properties and under our refined adversary model. Our work motivates the future SDP protocol designer to conduct a formal or a computational security assessment to allow the comparability between these pairing techniques. Furthermore, it provides a realistic abstraction of the adversary capabilities on the out-of-band channel which improves the modeling of their security characteristics in the protocol verification tools.