The Internet of Things (IoT) demands authentication systems which can provide both security and usability. Recent research utilizes the rich sensing capabilities of smart devices to build security schemes operating without human interaction, such as zero-interaction pairing (ZIP) and zero-interaction authentication (ZIA). Prior work proposed a number of ZIP and ZIA schemes and reported promising results. However, those schemes were often evaluated under conditions which do not reflect realistic IoT scenarios. In addition, drawing any comparison among the existing schemes is impossible due to the lack of a common public dataset and unavailability of scheme implementations.In this paper, we address these challenges by conducting the first large-scale comparative study of ZIP and ZIA schemes, carried out under realistic conditions. We collect and release the most comprehensive dataset in the domain to date, containing over 4250 hours of audio recordings and 1 billion sensor readings from three different scenarios, and evaluate five state-ofthe-art schemes based on these data. Our study reveals that the effectiveness of the existing proposals is highly dependent on the scenario they are used in. In particular, we show that these schemes are subject to error rates between 0.6% and 52.8%.
10:2 • M. Fomichev et al.often called context information [22]. This information is used to build context-based security schemes operating without user interaction such as zero-interaction pairing (ZIP) [20,24,39] and zero-interaction authentication (ZIA) [14,28,36]. We further refer to both as zero-interaction security (ZIS) schemes.The security of ZIS schemes is based on the assumption that context information has high entropy, changes frequently, and is unpredictable from outside the specified environment [31]. Context information, obtained from the ambient environment of an IoT device, is used to derive a shared secret key between colocated devices in ZIP or to serve as a proof of physical proximity between devices in ZIA. For example, similarity in ambient audio sensed by two colocated devices was successfully used in both ZIP [24] and ZIA [14], with the latter scheme becoming part of a commercial product [11]. Other research explored the applicability of different context information in ZIS schemes: temperature, humidity, pressure, and luminosity [20,28], magnetic fields, acceleration and rotation rates [23,26], as well as observed WiFi and Bluetooth beacons [36].ZIS schemes have three main advantages compared to traditional approaches. First, they offer high usability by minimizing user involvement in pairing and authentication procedures. Second, ZIS schemes can scale to a large number of devices, including those that do not share a common sensing modality [13]. Third, ZIS schemes can be built on top of devices' sensing capabilities, reducing modification overhead and facilitating interoperability.Despite the great potential of ZIS schemes to enable a more secure and usable IoT, prior work raised questions about their practica...
