### Secure Association for the Internet of Things

Almog Benin, Sivan Toledo, and Eran Tromer

##### Abstract

Existing standards (ZigBee and Bluetooth Low Energy) for networked low-power wireless devices do not support secure association (or pairing) of new devices into a network: their association process is vulnerable to man-in-the-middle attacks. This paper addresses three essential aspects in attaining secure association for such devices. First, we define a user-interface primitive, oblivious comparison, that allows users to approve authentic associations and abort compromised ones. This distills and generalizes several existing approve/abort mechanisms, and moreover we experimentally show that OC can be implemented using very little hardware: one LED and one switch. Second, we provide a new Message Recognition Protocol (MRP) that allows devices associated using oblivious comparison to exchange authenticated messages without the use of public-key cryptography (which exceeds the capabilities of many IoT devices). This protocol improves upon previously proposed MRPs in several respects. Third, we propose a robust definition of security for MRPs that is based on universal composability, and show that our MRP satisfies this definition.

##### Metadata
Available format(s)
Category
Secret-key cryptography
Publication info
Published elsewhere. MAJOR revision.SIOT 2015
Keywords
AuthenticationEmbedded devicesLightweight cryptographyBluetoothOut of band channelUniversal composability
Contact author(s)
almogbenin @ gmail com
History
2015-09-28: received
Short URL
https://ia.cr/2015/940
License

CC BY

BibTeX

@misc{cryptoeprint:2015/940,
author = {Almog Benin and Sivan Toledo and Eran Tromer},
title = {Secure Association for the Internet of Things},
howpublished = {Cryptology ePrint Archive, Paper 2015/940},
year = {2015},
note = {\url{https://eprint.iacr.org/2015/940}},
url = {https://eprint.iacr.org/2015/940}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.