Cryptology ePrint Archive: Report 2015/940

Secure Association for the Internet of Things

Almog Benin and Sivan Toledo and Eran Tromer

Abstract: Existing standards (ZigBee and Bluetooth Low Energy) for networked low-power wireless devices do not support secure association (or pairing) of new devices into a network: their association process is vulnerable to man-in-the-middle attacks. This paper addresses three essential aspects in attaining secure association for such devices.

First, we define a user-interface primitive, oblivious comparison, that allows users to approve authentic associations and abort compromised ones. This distills and generalizes several existing approve/abort mechanisms, and moreover we experimentally show that OC can be implemented using very little hardware: one LED and one switch.

Second, we provide a new Message Recognition Protocol (MRP) that allows devices associated using oblivious comparison to exchange authenticated messages without the use of public-key cryptography (which exceeds the capabilities of many IoT devices). This protocol improves upon previously proposed MRPs in several respects.

Third, we propose a robust definition of security for MRPs that is based on universal composability, and show that our MRP satisfies this definition.

Category / Keywords: secret-key cryptography / Authentication,Embedded devices, Lightweight cryptography, Bluetooth, Out of band channel, Universal composability

Original Publication (with major differences): SIOT 2015

Date: received 25 Sep 2015

Contact author: almogbenin at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20150928:195245 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]