Document Type

Conference Proceeding

Publication Date

2024

Publication Title

2024 IEEE Workshop on Design Automation for CPS and IoT (DESTION) Conference Proceeding

Pages

9-15

Publisher Name

IEEE

Abstract

Zero Involvement Pairing and Authentication (ZIPA) is a promising technique for auto-provisioning large networks of Internet-of-Things (IoT) devices. In this work, we present the first successful signal injection attack on a ZIPA system. Most existing ZIPA systems assume there is a negligible amount of influence from the unsecured outside space on the secured inside space. In reality, environmental signals do leak from adjacent unsecured spaces and influence the environment of the secured space. Our attack takes advantage of this fact to perform a signal injection attack on the popular Schurmann & Sigg algorithm. The keys generated by the adversary with a signal injection attack at 95 dBA is within the standard error of the legitimate device.

Comments

Author Posting © IEEE, 2024. This is the author's version of the work. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.” The definitive version of this work was published at 2024 IEEE Workshop on Design Automation for CPS and IoT (DESTION) Conference Proceeding,https://doi.ieeecomputersociety.org/10.1109/DESTION62938.2024.00008

Creative Commons License

Creative Commons Attribution 4.0 International License
This work is licensed under a Creative Commons Attribution 4.0 International License.

Download

Share

COinS