"Do you feel what I hear?"
That’s a phrase that devices in smart homes may be asking each other in the future as a way to pair themselves without any assistance.
"The idea is to have devices with different sensing capabilities ‘sense’ the same event, which verifies they are in the same home, to decide that it’s safe for them to pair," says Jun Han, a CyLab researcher and recent Ph.D. graduate in the department of Electrical and Computer Engineering (ECE) at Carnegie Mellon’s Silicon Valley campus.
Last week, Han presented a study titled "Do You Feel What I Hear? Enabling Autonomous IoT Device Pairing using Different Sensor Types" at the IEEE Security & Privacy Symposium in San Francisco (watch a video of his presentation).
Han is a member of CMU’s Mobile, Embedded & Wireless Security group led by ECE professor Patrick Tague.
Han’s study comes at a time when the Internet of Things (IoT) is booming. Households already have tens of IoT devices—smart thermostats, internet-connected refrigerators, etc.—and are expected to expand to hundreds of devices per household in the next five years. Since most of these devices do not contain keyboards or displays, pairing them using a password is becoming increasingly impractical.
The solution? Teach the devices to witness the same event, verifying they’re in the same home and are safe to pair.
"If you have a blindfolded person who cannot see, and a person with a hearing disability who cannot hear," Han explains, "… and you put them in the same room and open and close the door, they can talk to each other and come to an agreement that they are witnessing the same event: the door opening and closing."
The idea is to have devices with different sensing capabilities ‘sense’ the same event, which verifies they are in the same home, to decide that it’s safe for them to pair.Jun Han, CyLab researcher and recent Ph.D. graduate, Department of Electrical and Computer Engineering (ECE) at Carnegie Mellon’s Silicon Valley campus
With an event as simple as the opening and closing of a door, multiple IoT devices sensing the event are able to pair completely autonomously. In addition to demonstrating the system’s effectiveness, the proof-of-concept study shows how hard it is for attackers to fool the system.
"What an attacker is trying to do is to fool the legitimate smart home devices that are inside the house into believing that one of the attacker’s devices outside of the house is also inside the house," Han says. "From our experiments, it turns out that it is very difficult for the attacker to be consistently measuring the same fidelity of information as devices inside."
Although the project is an academic research protocol and proof-of-concept implementation, Han believes the path towards commercialization of their concept would be a smooth one.
"We think this is very practical because we do not require vendors to add in extra hardware to the devices," Han says. "All they need to do is settle on the protocol we have implemented and retrofit their software to match ours."
Other authors on the study included ECE Ph.D. student Madhumitha Harishankar, recent ECE Ph.D. graduates Manal Kumar Sinhan and Shijia Pan, ECE alum Albert Jin Chung, Civil and Environmental Engineering professor Hae Young Noh, and Information Networking Institute and ECE professors Pei Zhang and Patrick Tague.