Exploiting the Physical Environment for Securing the Internet of Things

Christian Zenger, Jan Zimmer, Mario Pietersz, Jan-Felix Posielek, Chris­tof Paar

New Security Paradigms Workshop, NSPW 2015, Twente, The Netherlands, September 8–11, 2015


Using the randomness provided by the physical environment for building security solutions has received much attention in recent years. In particular, the shared entropy provided by measuring ambient audio, luminosity modalities or electromagnetic emanations, have been used to build location-, proximity-, or context-based security mechanisms. The majority of those protocols is based on a three-phase standard model, consisting of quantization, information reconciliation, and privacy amplification. The main problem for almost all approaches is the limited understanding of the security that is provided. For example, security analyses often only address single components and not the entire system, or are based of broad abstractions of the physical randomness source. As the first contribution, we provide a detailed, optimized realization of a key establishment system. We demonstrate the feasibility of deriving a shared secret from correlated quantity on resource-constrained devices, which are on a tight power budget. Our systems was realized on the popular ARM Cortex-M3 processor which report detailed resource requirements. The second major contribution is a summary and abstraction of previous works together with a rigorous security analysis. We substantiate our investigation by presenting practical attack results.