Secure Pairing with Wearable Devices by Using Ambient Sound and Light
LIU Dong1, CHEN Jing1†, DENG Qisi2, Arouna KONATE 1, TIAN Zairong21. State Key Laboratory of Software Engineering / School of Computer, Wuhan University, Wuhan 430072, Hubei, China; 2. Beijing Guangyude Vision Tech Co., Ltd , Beijing 100118, China
Wearable devices usually work together with smart phones. To ensure only legitimate smart phones can read the data, they must conduct pairing to establish a shared key. Traditional pairing methods require that the pairing devices have a keyboard or screen for user interaction. However, due to the size limitation, keyboards or screens are hard to be installed in the wearable devices. To solve this problem, we propose a novel pairing method by using ambient sound and light. In this new scheme, any pairing request from smart phone will trigger wearable device vibration. Only after users press the confirm key on the device can the pairing process continues. Then pairing devices collect ambient sound and light at the predetermined time and establish a shared key by using the Diffie-Hellman protocol. To protect against potential man-in-the-middle attacks in the key establishment process, an improved interlock protocol with sound and light comparison is conducted to authenticate the key. If both the sound and light collected by the pairing devices are similar enough, the key is accepted. Otherwise, it is rejected. Compared with current context based pairing methods, our scheme does not impose strict synchronization on devices to collect ambient context data. Moreover, our scheme need not collect and exchange contextual information for multiple times to resist offline brute force attacks. The experimental results and security analysis prove the effectiveness of our scheme.
 Mirzadeh S, Haitham C, Rahim T. Secure device pairing: A survey [J]. Communications Surveys & Tutorials, 2014, 16(1): 17-40.
 Ming K C, Mayrhofer R, Gellersen H. A survey of user interaction for spontaneous device association [J]. ACM Computing Surveys (CSUR), 2014, 47(1): 1-40.
 Bluetooth Special Interest Group. Bluetooth Core Specification 4.2[EB/OL]. [2014-11-20]. https://www.bluetooth.org/ en-us/Specifica-tion /adopted-specifications.
 Varshavsky A, Scannell A, LaMarca A, et al. Amigo: Prox-imity-based authentication of mobile devices [C] // UbiComp 2007: Ubiquitous Computing. Berlin, Heidelberg: Springer-Verlag, 2007.
 Mathur S, Miller R, Varshavsky A, et al. Proximate: Proximity-based secure pairing using ambient wireless signals [C]//Pro of the 9th International Conference on Mobile Systems, Applications, and Services. New York: ACM Press, 2011: 211-224.
 Schurmann D, Sigg S. Secure communication based on ambient audio [J]. IEEE Transactions on Mobile Computing, 2013, 12(2): 358-370.
 Miettinen M, Asokan N, Nguyen D T. Context-Based ze-ro-interaction pairing and key evolution for advanced per-sonal devices [C] // Pro of ACM CCS2012. New York: ACM Press, 2014: 880-891.
 Rivest R L, Shamir A. How to expose an eavesdropper [J]. Comm ACM, 1984, 27(4): 393-394.
 Mayrhofer R, Gellersen H. Shake well before use: Intuitive and secure pairing of mobile devices [J]. IEEE Trans MobComput, 2009, 8(6) : 792-806.
 Halevi T, Ma D, Saxena N, et al. Secure proximity detection for NFC devices based on ambient sensor data [C] // Proc 17th European Symposium on Research in Computer Security (ESORICS), volume 7459 of Lecture Notes in Computer Science. Berlin: Springer-Verlag, 2012, 7459: 379-396.
 Truong T H, Gao X, Shrestha B, et al. Comparing and fusing different sensor modalities for relay attack resistance in zero-interaction authentication [C] // Proc of International Conference on Pervasive Computing and Communications (2014), PerCom ’14. Budapest: IEEE Press, 2014, 9074(8): 163-171.
 Miettinen M, Asokan N, Koushanfar F, et al. I know where you are: Proofs of presence resilient to malicious provers [C] // Proceedings of the 10th ACM Symposium on Infor-mation, Computer and Communications Security, ASIA CCS ’15. New York: ACM Press, 2015: 567-577.
 Karapanos N, Marforio C, Soriente C, et al. Sound-Proof: Usable two-factor authentication based on ambient sound [C] // Pro of 24th USENIX Security Symposium (2015), USENIX Sec ’15, 2015. Santa Clara: USENIX Press, 2015: 483-498.