P-Shake: Towards Secure Authentication and Communication between Mobile Devices

Ubiquitous mobile device applications exchange information through wireless channels (e.g., Bluetooth). However, the nature of the wireless channel raises multiple security communication problems (e.g., Man-in-the-Middle attack). In this paper, we propose P-Shake, a mechanism to achieve secure authentication and communication between mobile devices over insecure wireless channels, without any prior knowledge and synchronizing the internal clocks. In P-Shake, we first introduce the moving average filter and high-pass filter to mitigate the impacts of both tiny and relative movements of the mobile devices on the original acceleration data from accelerometers. Second, we employ Pearson correlation coefficient to authenticate the mobile devices by measuring the overall correlation of the acquired smoothed acceleration data. Third, we extract the common secrets between mobile devices to generate high-entropy session key. We make security analysis and extensive experiments to evaluate the security and performance of P-Shake. The results illustrate that P-Shake could achieve secure authentication and communication with higher feasibility than previous works.