One Key to Rule Them All: Secure Group Pairing for Heterogeneous IoT Devices

• Published in: 2023 IEEE Symposium on Security and Privacy (SP) pp. 3026 - 3042
• Main Authors: Farrukh, Habiba, Ozmen, Muslum Ozgur, Kerem Ors, Faik, Celik, Z. Berkay
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.05.2023
• Subjects: Clustering algorithms; Cryptography; Data privacy; Internet of Things; Partitioning algorithms; Smart homes; Timing
• ISSN: 2375-1207
• DOI: 10.1109/SP46215.2023.10179369

Pairing schemes establish cryptographic keys to secure communication among IoT devices. Existing pairing approaches that rely on trusted central entities, human interaction, or shared homogeneous context are prone to a single point of failure, have limited usability, and require additional sensors. Recent work has explored event timings observed by devices with heterogeneous sensing modalities as proof of co-presence for decentralized pairing. Yet, this approach incurs high pairing time, cannot pair sensors that sense continuous physical quantities and does not support group pairing, making it infeasible for many IoT deployments. In this paper, we design and develop IoTCupid, a secure group pairing system for IoT devices with heterogeneous sensing modalities, without requiring active user involvement. IoTCupid operates in three phases: (a) detecting events sensed by both instant and continuous sensors with a novel window-based derivation technique, (b) grouping the events through a fuzzy clustering algorithm to extract inter-event timings, and (c) establishing group keys among devices with identical inter-event timings through a partitioned group password-authenticated key exchange scheme. We evaluate IoTCupid in smart home and office environments with 11 heterogeneous devices and show that it effectively pairs all devices with only 2 group keys with a minimal pairing overhead.