Exploiting the Physical Environment for Securing the Internet of Things

Using the randomness provided by the physical environment to build security solutions has received much attention recently. In particular, the shared entropy provided by measuring ambient audio, luminosity modalities or electromagnetic emanations has been used to build location-based, proximity-based, or context-based security mechanisms. The majority of those protocols is based on a standard model consisting channel probing, quantization, information reconciliation, privacy amplification, and key verification. The main problem for almost all approaches is the limited understanding of the security that is provided. For example, security analyses often only address single components and not the entire system or are based on broad abstractions of the physical source of randomness. Further, a big open question is the feasibility of such systems for low-resource platforms. Our first contribution is a detailed, optimized realization of a key establishment system. We demonstrate the feasibility of deriving a shared secret from correlated quantities on resource-constrained devices with tight power budget. Our system was realized on the popular ARM Cortex-M3 processor that reports detailed resource requirements. The second major contribution is a summary and abstraction of previous works together with a rigorous security analysis. We substantiate our investigation by presenting practical attack results.