SyncBleed: A Realistic Threat Model and Mitigation Strategy for Zero-Involvement Pairing and Authentication (ZIPA).
CoRR(2023)
摘要
Zero Involvement Pairing and Authentication (ZIPA) is a promising technique
for auto-provisioning large networks of Internet-of-Things (IoT) devices.
Presently, these networks use password-based authentication, which is difficult
to scale to more than a handful of devices. To deal with this challenge, ZIPA
enabled devices autonomously extract identical authentication or encryption
keys from ambient environmental signals. However, during the key negotiation
process, existing ZIPA systems leak information on a public wireless channel
which can allow adversaries to learn the key. We demonstrate a passive attack
called SyncBleed, which uses leaked information to reconstruct keys generated
by ZIPA systems. To mitigate SyncBleed, we present TREVOR, an improved key
generation technique that produces nearly identical bit sequences from
environmental signals without leaking information. We demonstrate that TREVOR
can generate keys from a variety of environmental signal types under 4 seconds,
consistently achieving a 90-95% bit agreement rate across devices within
various environmental sources.
更多查看译文
关键词
authentication,realistic threat model,zipa,zero-involvement
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要