2019
DOI: 10.1145/3314397
|View full text |Cite
|
Sign up to set email alerts
|

Perils of Zero-Interaction Security in the Internet of Things

Abstract: The Internet of Things (IoT) demands authentication systems which can provide both security and usability. Recent research utilizes the rich sensing capabilities of smart devices to build security schemes operating without human interaction, such as zero-interaction pairing (ZIP) and zero-interaction authentication (ZIA). Prior work proposed a number of ZIP and ZIA schemes and reported promising results. However, those schemes were often evaluated under conditions which do not reflect realistic IoT scenarios. … Show more

Help me understand this report
View preprint versions

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
37
0

Year Published

2019
2019
2022
2022

Publication Types

Select...
5
1
1

Relationship

1
6

Authors

Journals

citations
Cited by 22 publications
(37 citation statements)
references
References 31 publications
0
37
0
Order By: Relevance
“…In this paper, we discussed the challenges we encountered when reproducing and validating five state-of-the-art Zero-Interaction Security (ZIS) schemes on a realistic dataset [1]. They included problems in understanding and replicating the published schemes due to ambiguous descriptions and a lack of published source code and datasets, issues with the data collection and processing, and the subsequent release of the dataset.…”
Section: Resultsmentioning
confidence: 99%
See 1 more Smart Citation
“…In this paper, we discussed the challenges we encountered when reproducing and validating five state-of-the-art Zero-Interaction Security (ZIS) schemes on a realistic dataset [1]. They included problems in understanding and replicating the published schemes due to ambiguous descriptions and a lack of published source code and datasets, issues with the data collection and processing, and the subsequent release of the dataset.…”
Section: Resultsmentioning
confidence: 99%
“…Reproducing the work of others, collecting data and releasing it with the codebase were the main contributions of our study [1], which are often considered "not challenging" or "not novel" enough by reviewers, and hence, fall largely into the category of (almost) unpublishable results per se. In this article, we want to illustrate the difficulties we faced in our study by first describing the challenges encountered when reproducing five ZIS schemes such as the absence of the source code and documentation, ambiguities, and unspecified parameters.…”
mentioning
confidence: 99%
“…Finally, as experimentally demonstrated by the authors in [69], the effectiveness of audiobased TFA schemes is strongly dependent on the particular physical context where they are applied. For instance, considering the Sound-Proof scheme proposed in [57], the authors in [69] discovered very different values of EERs not only in different physical contexts (e.g., car, static office, and office with mobile heterogeneous devices), but also when each physical context is in a different condition. For instance, when deployed in a car, Sound-Proof achieves an equal error rate of 0.071 in a city scenario, while its performance drops down to EER values of 0.124 when the car is parked, by using the same setup of the protocol parameters.…”
Section: Lessons Learnedmentioning
confidence: 93%
“…The heterogeneity of microphones and speakers, as well as their different tolerance to the noise in different application scenarios, take part in degrading the performance of audiobased pairing schemes when moved away from a suitable application scenario. For instance, as shown by the authors in [69], the same Zero-Interaction audio-based solution report very different performance in indoor and outdoor scenarios. To overcome these limitations, researchers should design coefficient and comparison methods able to both remove inherent inaccuracies in the devices' hardware, and evaluate similarities and differences between recorded sounds in heterogeneous application domains.…”
Section: Research Challenges and Future Research Directionsmentioning
confidence: 94%
“…While the growing number of connected devices enable powerful new use cases, they introduce vulnerabilities in networks and open them up for attacks that risk, at the very least, to jeopardize users' privacy. This is becoming a growing concern of the UbiComp community that recently investigated IoT device security schemes operating without user intervention [14]; needs in control and accountability of IoT devices in the smart home [20]; and privacy and control over intimate data recorded by connected devices [24].…”
Section: Introductionmentioning
confidence: 99%