Touch to Pair: Secure and Usable IoT Pairing without Information Loss

TL;DR

This paper presents a novel IoT pairing method that is both secure and user-friendly, enabling quick pairing through simple actions without requiring inertial sensors, and introduces a new protocol to prevent information loss.

Contribution

The paper introduces Universal Operation Sensing for sensor-free user operation detection and TimeWall, a secure, accurate pairing protocol avoiding fuzzy commitment.

Findings

Universal Operation Sensing enables quick, sensor-free user actions for pairing.

TimeWall achieves zero information loss and enhances pairing accuracy.

Evaluation confirms security, usability, and efficiency of the proposed methods.

Abstract

Secure pairing is essential for trustworthy deployment and operation of Internet of Things (IoT) devices. However, traditional pairing methods are unsuitable due to the lack of user interfaces such as keyboards. Proximity-based approaches are usable but vulnerable to nearby attackers, while methods relying on physical operations (e.g., shaking) offer higher security but require inertial sensors that most IoT devices lack. We introduceUniversal Operation Sensing, which enables IoT devices to detect user operations without inertial sensors. With this technique, users can complete pairing within seconds through simple actions, such as pressing a button or twisting a knob, using either a smartphone or a smartwatch. We further identify an accuracy issue caused by information loss in the commonly used fuzzy-commitment protocol. To address this issue, we propose TimeWall, an accurate pairing protocol that avoids fuzzy commitment and incurs zero information loss. A comprehensive evaluation shows that it is secure, usable, and efficient.