Key Agreement on IoT Devices With Echo Profiling

Secure Device-to-Device (D2D) communication is important for the Internet-of-Things (IoT) devices. Key agreement between devices is the important first step in building a secure D2D channel. Due to the lack of third-party certification, key agreement for IoT devices has to rely on the untrusted channel between them, which makes the pairing process vulnerable to attacks such as eavesdropping, jamming, and predictable channel attack. We solve this problem with a novel key agreement method named, where two nearby devices can generate a symmetric key independently, leveraging the ambient sound signal that can be locally collected by devices. The intuition of this idea is that the propagation delays of the ambient sounds and the echoes will carry fine-grained information about the spatial context of the receiving device, which can be transformed to a special key for that device. So, nearby devices which have similar spatial context will generate similar echo profiles. We implement a prototype of and evaluate its performance in resisting different attacks. The results tell that, with, the key agreement process is even undetectable by an attacker which is only 50cm away from the pairing devices, and is thus resistant to all attacks mentioned above.