Perils of Zero-Interaction Security in the Internet of Things

Fomichev, Mikhail; Maaß, Max; Almon, Lars; Molina, Alejandro; Hollick, Matthias

doi:10.1145/3314397

Cited by 19 publications

(37 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this paper, we discussed the challenges we encountered when reproducing and validating five state-of-the-art Zero-Interaction Security (ZIS) schemes on a realistic dataset [1]. They included problems in understanding and replicating the published schemes due to ambiguous descriptions and a lack of published source code and datasets, issues with the data collection and processing, and the subsequent release of the dataset.…”

Section: Resultsmentioning

confidence: 99%

“…Reproducing the work of others, collecting data and releasing it with the codebase were the main contributions of our study [1], which are often considered "not challenging" or "not novel" enough by reviewers, and hence, fall largely into the category of (almost) unpublishable results per se. In this article, we want to illustrate the difficulties we faced in our study by first describing the challenges encountered when reproducing five ZIS schemes such as the absence of the source code and documentation, ambiguities, and unspecified parameters.…”

mentioning

confidence: 99%

See 1 more Smart Citation

Zero-Interaction Security-Towards Sound Experimental Validation

Fomichev

Maaß

Hollick

2019

GetMobile: Mobile Comp. and Comm.

Self Cite

View full text Add to dashboard Cite

Reproducibility and realistic datasets are crucial for advancing research. Unfortunately, they are often neglected as valid scientific contributions in many young disciplines, with computer science being no exception. In this article, we show the challenges encountered when reproducing the work of others, collecting realistic data in the wild, and ensuring that our own work is reproducible in turn. The presented findings are based on our study investigating the limits of zero-interaction security (ZIS)- a novel concept, leveraging sensor data collected by Internet of Things (IoT) devices to pair or authenticate devices. In particular, we share our experiences in reproducing five state-of-the-art ZIS schemes, collecting a comprehensive dataset of sensor data from the real world, evaluating these schemes on the collected data, and releasing the data, code, and documentation to facilitate reproducibility of our results.

show abstract

Section: Resultsmentioning

confidence: 99%

mentioning

confidence: 99%

Zero-Interaction Security-Towards Sound Experimental Validation

Fomichev

Maaß

Hollick

2019

GetMobile: Mobile Comp. and Comm.

Self Cite

View full text Add to dashboard Cite

show abstract

“…Finally, as experimentally demonstrated by the authors in [69], the effectiveness of audiobased TFA schemes is strongly dependent on the particular physical context where they are applied. For instance, considering the Sound-Proof scheme proposed in [57], the authors in [69] discovered very different values of EERs not only in different physical contexts (e.g., car, static office, and office with mobile heterogeneous devices), but also when each physical context is in a different condition. For instance, when deployed in a car, Sound-Proof achieves an equal error rate of 0.071 in a city scenario, while its performance drops down to EER values of 0.124 when the car is parked, by using the same setup of the protocol parameters.…”

Section: Lessons Learnedmentioning

confidence: 93%

“…The heterogeneity of microphones and speakers, as well as their different tolerance to the noise in different application scenarios, take part in degrading the performance of audiobased pairing schemes when moved away from a suitable application scenario. For instance, as shown by the authors in [69], the same Zero-Interaction audio-based solution report very different performance in indoor and outdoor scenarios. To overcome these limitations, researchers should design coefficient and comparison methods able to both remove inherent inaccuracies in the devices' hardware, and evaluate similarities and differences between recorded sounds in heterogeneous application domains.…”

Section: Research Challenges and Future Research Directionsmentioning

confidence: 94%

Short-Range Audio Channels Security: Survey of Mechanisms, Applications, and Research Challenges

Caprolu

Sciancalepore

Pietro

2021

IEEE Commun. Surv. Tutorials

View full text Add to dashboard Cite

Short-range audio channels have appealing distinguishing characteristics: ease of use, low deployment costs, and easy to tune frequencies, to cite a few. Moreover, thanks to their seamless adaptability to the security context, many techniques and tools based on audio signals have been recently proposed. However, while the most promising solutions are turning into valuable commercial products, acoustic channels are also increasingly used to launch attacks against systems and devices, leading to security concerns that could thwart their adoption. To provide a rigorous, scientific, security-oriented review of the field, in this paper we survey and classify methods, applications, and use-cases rooted on short-range audio channels for the provisioning of security services-including Two-Factor Authentication techniques, pairing solutions, device authorization strategies, defense methodologies, and attack schemes. Moreover, we also point out the strengths and weaknesses deriving from the use of short-range audio channels. Finally, we provide open research issues in the context of short-range audio channels security, calling for contributions from both academia and industry.

show abstract

“…While the growing number of connected devices enable powerful new use cases, they introduce vulnerabilities in networks and open them up for attacks that risk, at the very least, to jeopardize users' privacy. This is becoming a growing concern of the UbiComp community that recently investigated IoT device security schemes operating without user intervention [14]; needs in control and accountability of IoT devices in the smart home [20]; and privacy and control over intimate data recorded by connected devices [24].…”

Section: Introductionmentioning

confidence: 99%

Safer

Oser

Feger

Woźniak

et al. 2020

Proc. ACM Interact. Mob. Wearable Ubiquitous Technol.

View full text Add to dashboard Cite

Users of Internet of Things (IoT) devices are often unaware of their security risks and cannot sufficiently factor security considerations into their device selection. This puts networks, infrastructure and users at risk. We developed and evaluated SAFER, an IoT device risk assessment framework designed to improve users' ability to assess the security of connected devices. We deployed SAFER in a large multinational organization that permits use of private devices. To evaluate the framework, we conducted a mixed-method study with 20 employees. Our findings suggest that SAFER increases users' awareness of security issues. It provides valuable advice and impacts device selection. Based on our findings, we discuss implications for the design of device risk assessment tools, with particular regard to the relationship between risk communication and user perceptions of device complexity. CCS Concepts: • Security and privacy → Usability in security and privacy; • Human-centered computing → Empirical studies in HCI; Ubiquitous and mobile computing systems and tools; Information visualization.

show abstract

Perils of Zero-Interaction Security in the Internet of Things

Cited by 19 publications

References 31 publications

Zero-Interaction Security-Towards Sound Experimental Validation

Zero-Interaction Security-Towards Sound Experimental Validation

Short-Range Audio Channels Security: Survey of Mechanisms, Applications, and Research Challenges

Safer

Contact Info

Product

Resources

About