Study On The Proximity Interaction Security In Internet Of Things

With the proliferation of smart devices,massive machine-type communications,and sharing economy,proximity interaction(interaction between objects within close physical proximity)has gradually become an important and high-frequency interaction form in the Internet of Things(Io T),and it can be further divided into two categories: machine-machine interaction and human-machine interaction.For instance,two smartphones can use Air Drop to transfer files wirelessly,or users can control smart voice assistants via voice commands.The advantages of the proximity interaction,e.g.,wireless,low-latency,and high-throughput,have significantly improved the efficiency of people's daily life,yet also introduce security threats.For instance,malicious attackers attempt to eavesdrop,modify,or forge the messages transmitted between proximal objects,and control smart devices to execute illegal operations(e.g.,open the door or window),thereby posing serious threats to the privacy and property security of users.Moreover,the rapid spread of the sharing economy and smart infrastructure has given rise to the demand for a large number of proximity interactions between previously unknown objects.In this case,there are no pre-shared credentials(e.g.,passwords,fingerprints,etc.)exchanged by two parties in advance,which poses a challenge to the protection of identity security and data security during the interaction.Thus,there is an urgent need to conduct research on key proximity interaction security techniques,investigate the security problems of machine-machine interaction and human-machine interaction,and then propose systematic protection methods to effectively improve the proximity interaction security of Io T.Specifically,we take smart home as the entry point to study two key research questions of “trustworthy location” and “trustworthy content”,and propose the attacks and protection methods from two perspectives of device authentication and voice interaction for the proximity interactions.·Proximity-based Authentication Based on Home-limited Channel:Device authentication is the primary link to ensure the security of machine-machine interaction.In a typical smart home scenario,residents and internal visitors can use indoor devices and services(e.g.,network connection)while previously unknown objects located outside the house have no right to access and use these indoor devices and services.Thus,we can verify whether the location of the access object is trusted,i.e.,indeed located inside the house,and grant access rights to the object with a “trustworthy location”.To this end,we first rely on the endogenous physical security of smart homes and introduce the concept of home-limited channel,of which the signal transmission range is within a home.Then we investigate transmission media with the property of boundary-attenuated,imperceptible,and lightweight,and choose three candidates,i.e.,infrared light,ultrasound,modulated visible light.Finally,we propose Hlc Auth,a proximity-based device authentication technique based on home channels.By leveraging the perceptual difference between legitimate indoor devices and outdoor attackers,we design a communication protocol based on the challenge-response mechanism to achieve keyless and mutual device authentication.Through the above steps,Hlc Auth overcomes the challenge of multi-dimensionally limited resources of Io T devices.·Proximity-based Authentication Based on Contextual Similarity:To address the issues of the proximity interactions between previously unknown objects,we propose Sen CS,a proximity-based device authentication technology based on contextual similarity.Sen CS utilizes co-sensing environmental changes or human actions as proof-of-proximity to realize device authentication.However,the deeper integration of the Internet of Things and the real physical world lead to the widespread adoption of sensors.Due to the diversity of applications,various Io T devices may deploy different sensors with heterogeneous modalities.Notably,the measurements of these heterogeneous sensors can have different shapes and time lags when perceiving the same physical context.Moreover,proximity-based services generally require real-time authentication with low latency to enhance user experience.To overcome the challenges imposed by heterogeneity and time constraints,we first utilize the time interval between successively human actions(e.g.,walking)to generate heterogeneous contextual fingerprints at a millisecond level.These modality-independent fingerprints enable the contextual similarity comparison between heterogeneous devices.Then we further improve the discriminability of the generated heterogeneous contextual fingerprint by leveraging a step-level interval detection algorithm based on a minimum salience vector,a graded encoding scheme,and a cyclic shift operation based on the shared global timestamp.Finally,we design an authentication protocol based on a fuzzy commitment scheme,which realizes the contextual similarity comparison between two heterogeneous parties while creating a trusted session key for encrypting the subsequent communication.·Generating and Detecting Audio Adversarial Examples Based on Speed Variation:Due to the advantages of efficient input and convenient operation,voice interaction has gradually become an important human-computer interaction scenario in Io T proximitybased services.Meanwhile,the safety of automatic speech recognition(ASR)directly determines the security of the controlled devices and their affiliated systems.However,prior studies have revealed that malicious attackers can generate audio adversarial examples(AE)that can cause the ASR systems to misrecognize the input audio as any target phrase by adding small yet unnoticeable perturbations to the input audio.Therefore,the key to improving the proximal security of voice interaction is to ensure the “trustworthy content” of received commands.In this paper,we propose TSMAE,a novel audio adversarial example attack based on speed variations,i.e.,purely speeds up or slows down part of the original audio to affect the recognition result.We firstly study the impact mechanism of speed variation on automatic speech recognition from statistical experiments and theoretical analysis.Based on the statistical rules of misrecognition results,we propose two types of TSMAE generation methods: one-segment untargeted attacks and scenariointerest targeted attacks.Finally,we utilize particle swarm optimization algorithms and constrained natural language generation methods to improve the generation speed and robustness of TSMAE.Our proposed method breaks through the traditional fixed paradigm of generating audio adversarial examples by adding perturbations and opens up a new dimension of voice interaction security.In addition,we propose an audio adversarial example detection method based on prosodic features and liveness detection,which effectively resists the threat of TSMAE.