TY - GEN
T1 - Eolo
T2 - 2022 IEEE Conference on Communications and Network Security, CNS 2022
AU - Ibrahim, Omar Adel
AU - Oligeri, Gabriele
AU - Di Pietro, Roberto
N1 - Funding Information:
ACKNOWLEDGEMENTS This publication was partially supported by award GSRA6-1-0528-19046, from the QNRF-Qatar National Research Fund, a member of Qatar Foundation, and NATO Science for Peace and Security Programme - MYP G5828 project “SeaSec: DronNets for Maritime Border and Port Security”. The information and views set out in this publication are those of the authors and do not necessarily reflect the official opinion of the QNRF.
Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - Wireless channels are typically protected by crypto-graphic solutions. However, when those solutions cannot be applied (e.g. resource constrained such as Internet of Things (IoT)) or an additional layer of security is deemed necessary, it is possible to resort to auxiliary authenticatable out-of-band (OOB) channels. In this paper, we introduce Eolo, a novel, zero-interaction pairing approach to secure industrial IoT devices. Our solution pairs devices based on correlated ambient air pressure data. Eolo can serve, among others, as a co-location, key-based verification extension mechanism to support key agreement protocols such as Diffie-Hellman (DH). Indeed, the cited protocols are susceptible to man-in-the-middle (MITM) attacks. With our solution, the pairing devices first agree on a shared secret, then verify co-location by exchanging information related to the barometric pressure readings. Our proposed methodology is also experimentally verified by more than 115 hours of real data collected from an extensive measurement campaign in an open outdoor areas. To the best of our knowledge, Eolo represents the first solution leveraging barometric pressure to achieve context-pairing and key verification for devices in close proximity. Further, the applications of the proposed solution extends also well beyond the discussed scenario, being applicable for instance also to underwater context. As such, we believe that the proposed solution, other than being relevant on its own, also opens up further research avenues.
AB - Wireless channels are typically protected by crypto-graphic solutions. However, when those solutions cannot be applied (e.g. resource constrained such as Internet of Things (IoT)) or an additional layer of security is deemed necessary, it is possible to resort to auxiliary authenticatable out-of-band (OOB) channels. In this paper, we introduce Eolo, a novel, zero-interaction pairing approach to secure industrial IoT devices. Our solution pairs devices based on correlated ambient air pressure data. Eolo can serve, among others, as a co-location, key-based verification extension mechanism to support key agreement protocols such as Diffie-Hellman (DH). Indeed, the cited protocols are susceptible to man-in-the-middle (MITM) attacks. With our solution, the pairing devices first agree on a shared secret, then verify co-location by exchanging information related to the barometric pressure readings. Our proposed methodology is also experimentally verified by more than 115 hours of real data collected from an extensive measurement campaign in an open outdoor areas. To the best of our knowledge, Eolo represents the first solution leveraging barometric pressure to achieve context-pairing and key verification for devices in close proximity. Further, the applications of the proposed solution extends also well beyond the discussed scenario, being applicable for instance also to underwater context. As such, we believe that the proposed solution, other than being relevant on its own, also opens up further research avenues.
KW - context-based pairing
KW - contextual security
KW - IoT
KW - pressure-based Authentication
KW - Proximity-based Authentication
KW - zero-interaction
UR - http://www.scopus.com/inward/record.url?scp=85143389562&partnerID=8YFLogxK
U2 - 10.1109/CNS56114.2022.9947258
DO - 10.1109/CNS56114.2022.9947258
M3 - Conference contribution
AN - SCOPUS:85143389562
T3 - 2022 IEEE Conference on Communications and Network Security, CNS 2022
SP - 109
EP - 117
BT - 2022 IEEE Conference on Communications and Network Security, CNS 2022
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 3 October 2022 through 5 October 2022
ER -