With the advent of the Internet of Things (IoT), establishing a secure channel between smart devices becomes crucial. Recent research proposes zero-interaction pairing (ZIP), which enables pairing without user assistance by utilizing devices' physical context (e.g., ambient audio) to obtain a shared secret key. The state-of-the-art ZIP schemes suffer from three limitations: (1) prolonged pairing time (i.e., minutes or hours), (2) vulnerability to brute-force offline attacks on a shared key, and (3) susceptibility to attacks caused by predictable context (e.g., replay attack) because they rely on limited entropy of physical context to protect a shared key. We address these limitations, proposing FastZIP, a novel ZIP scheme that significantly reduces pairing time while preventing offline and predictable context attacks. In particular, we adapt a recently introduced Fuzzy Password-Authenticated Key Exchange (fPAKE) protocol and utilize sensor fusion, maximizing their advantages. We instantiate FastZIP for intra-car device pairing to demonstrate its feasibility and show how the design of FastZIP can be adapted to other ZIP use cases. We implement FastZIP and evaluate it by driving four cars for a total of 800 km. We achieve up to three times shorter pairing time compared to the state-of-the-art ZIP schemes while assuring robust security with adversarial error rates below 0.5%.
翻译:随着Tings Internet(IoT)的出现,建立智能装置之间安全通道变得至关重要。最近的研究提出零互动配对(ZIP),通过利用设备物理环境(例如环境音频)获得共享秘密密钥,使配对无需用户协助即可配对。最先进的ZIP计划受到三个限制:(1) 延长配对时间(即,分钟或小时),(2) 在一个共享的钥匙上很容易受到断线攻击,(3) 容易受到可预测环境(例如,重放攻击)造成的攻击,因为它们依赖有限的物理环境的变异性来保护共用密钥。我们处理这些限制,提出快速ZIP,这是一个新的ZIP计划,大大缩短配对时间,同时防止离线和可预测的背景攻击。特别是,我们最近采用了Fuzzy密码授权Key Exchange(fPAKAKEK)协议,利用传感器的融合,最大限度地发挥优势。我们即时速ZIP对内装装置进行快速配对接,以展示其可行性,并展示如何将快速驱动ZIP系统的设计与四公里比,我们用快速比ZIP公司更短的时间来进行比。我们可以对Z的情况评估。