Y. Wu, B. Chen, Z. Zhao and Y. Cheng, "Attack and Countermeasure on Interlock-Based Device Pairing Schemes," in IEEE Transactions on Information Forensics and Security, vol. 13, no. 3, pp. 745-757, March 2018. doi: 10.1109/TIFS.2017.2766048
In recent years, researchers have proposed several secure device pairing schemes that allow mobile devices in close proximity to establish a trusted communication channel between them without sharing any secret in advance. These schemes use the correlation of some physical measurements (magnetic field, acceleration, etc.,) made independently by the two pairing devices to reconcile them. Their security against a Man-in-the- Middle (MitM) attacker relies on the difficulty for the MitM attacker to obtain a measurement data similar to the two pairing devices. As a key step in the reconciliation process, an interlock protocol is used in several recent schemes (e.g., Magpairing and ShaVe) to ensure that the measurement data is not leaked. However, the present paper points out that these schemes apply the interlock protocol improperly, making themselves vulnerable to MitM attacks. The analysis and experimental results show that the proposed MitM attack almost surely succeeds with very low computation overhead. We also propose countermeasures on the presented attack.
10.13039/501100001381-NRF, Prime Minister’s Office, Singapore, under the Energy Programme and administrated by the EMA through EP Award;Human-Centered Cyber-physical Systems Programme at ADSC through A*STAR, Singapore;Guangdong Innovative and Entrepreneurial Research Team Program