Acoustic Eavesdropping attacks on constrained wireless devices pairing

The term “pairing” refers to the operation of bootstrapping secure communication between two wireless devices, and authenticating pairing security is an well-established research direction. The resistance requirement against eavesdropping and man-in-the-middle attacks is easy to satisfy for pairing if there exists an global infrastructure enabling devices to share an trusted offline or online third party , a certification authority, a PKI or any preconfigured secrets, which is regretfully impossible in practice. Ergo, design of secure channel communication during pairing is an challenging research problem. Secure wireless devices pairing is based on auxiliary or out-of-band(OOB)——audio, visual or tactile communication. Unlike the radio communication channels, OOB channels are human-perceptible due to the property that OOB communication naturally provides authentication and integrity. Namely, the intended source of an OOB message can be validated therefore the adversaries have no chance to manipulate the OOB messages in transit although  he/she can eavesdrop. A natural work-around to the aforementioned problem is to pair devices based on secret as well as authenticated OOB channels( referred to as AS-OOB) . In this model, the adversaries are incapable of manipulating OOB communications and even eavesdropping upon it. However, A-OOB pairing of constrained devices turns to be complicated since manual mechanism for pairing constrained devices is prone to fatal human errors, which will eventually be translated into man-in-the-middle attacks. An fatal human error is defined as an error that violates the secrecy goal of the pairing mechanism , resulting in one of the pairing devices paired with a man-in-the-middle attacker’s device without the device user knowing about it.

The focus of this paper is securing pairing constrained devices that lacks good quality output interfaces(i.e., a speaker or display ) , input interfaces(i.e., keypads), or receivers (e.g., microphone and camera), and may be not physically accessible such as headsets, access points and medical implants.The authors analyzes the security of AS-OOB pairing and take a closer look at three notable prior AS-OOB pairing proposals. They challenge the assumptions upon which the security of these proposals relies on and demonstrate the feasibility of eavesdropping over acoustic emanations associated with these methods. Finally, they conclude the aforementioned three prior AS-OOB paring mechanisms hold a weaker level of security than was originally assumed or desired for the pairing operation.The contributions of this paper are as follows:

(1)The authors investigate acoustic eavesdropping attacks on pairing applications geared for constrained devices, including IMD pairing(which uses direct acoustic signals), and PIN-Vibra and BEDA(in which the acoustic signals are a by-product of the vibration/button clicking)

(2)The authors study eavesdropping in a realistic setting(from distances up to a few feet away) and compare the results from different distances using very inexpensive equipment(a PC microphone). Previous research on keyboard and printer acoustic emanations concentrated on recordings from a single very close by distance or used special equipment(parabolic microphone) for farther recordings which is less persuasive.