"A Signal Injection Attack Against Zero Involvement Pairing and Authentication for the Internet of Things" by Isaac Ahlgren

George K. Thiruvathukal, PhD

Follow Contact

Article

A Signal Injection Attack Against Zero Involvement Pairing and Authentication for the Internet of Things

6th Workshop on Design Automation for CPS and IoT (DESTION 2024)

Isaac Ahlgren, Loyola University Chicago
Jack West
Kyuin Lee, University of Houston
George K. Thiruvathukal, Loyola University Chicago
Neil Klingensmith, Loyola University Chicago

Link

Document Type

Conference Proceeding

Publication Date

5-13-2024

Disciplines

Computer Sciences and
OS and Networks

Abstract

Zero Involvement Pairing and Authentication (ZIPA) is a promising technique for auto-provisioning large networks of Internet-of-Things (IoT) devices. In this work, we present the first successful signal injection attack on a ZIPA system. Most existing ZIPA systems assume there is a negligible amount of influence from the unsecured outside space on the secured inside space. In reality, environmental signals do leak from adjacent unsecured spaces and influence the environment of the secured space. Our attack takes advantage of this fact to perform a signal injection attack on the popular Schurmann & Sigg algorithm. The keys generated by the adversary with a signal injection attack at 95 dBA is within the standard error of the legitimate device.

Identifier

arXiv:2311.04433v1

Comments

Accepted for publication at 6th Workshop on Design Automation for CPS and IoT (DESTION 2024).

Creative Commons License

Creative Commons Attribution 4.0 International

Citation Information

Ahlgren, I., West, J., Lee, K., Thiruvathukal, G.K., & Klingensmith, N. (2023). SyncBleed: A Realistic Threat Model and Mitigation Strategy for Zero-Involvement Pairing and Authentication (ZIPA). In Proceedings of 6th Workshop on Design Automation for CPS and IoT (DESTION 2024). arXiv:2311.04433v1.