Coresident evil: noisy vibrational pairing in the face of co-located acoustic eavesdropping

An interesting approach to pairing devices involves the use of a vibrational channel, over which the keying material (e.g., a short PIN) is sent. This approach is efficient (only a unidirectional transfer of PIN is needed) and simple (the sending device requires a vibration motor and receiving device requires an accelerometer). However, it has been shown to be susceptible to acoustic emanations usually produced by the vibration motor. Recent research introduced a mechanism to defeat these attacks by attempting to mask the acoustic leakage with deliberate acoustic noises. In this paper, we pursue a systematic investigation of the security of such a "noisy vibrational pairing" mechanism in a strong yet realistic adversarial model where the eavesdropper is co-located with the victim device(s).

Our contributions are two-fold. First, we show that existing noisy vibrational pairing mechanisms - based on white noise as the masking signal - are vulnerable against a co-located eavesdropper (although they may defeat a distant eavesdropper). We build our attack based on standard signal processing and noise filtering techniques, and show that it can result in a complete compromise of pairing security. Second, we propose a defense that bolsters the masking signal with low-frequency audio tones. We present and address the challenges associated with producing such low-frequency sounds with current commodity hardware. We show that our defensive approach can not only resist our above attack but is also robust to more sophisticated, noise filtering and source separation methods when applicable. We also establish that the insertion of low-frequency sounds does not affect the receiving device's capability to sense the vibrations generated by the sending device. The suggested defense may therefore be used to enhance the security of noisy vibrational pairing without affecting its performance on a wide variety of devices.