Swipe2Pair: Secure and Fast In-Band Wireless Device Pairing

TL;DR

Swipe2Pair addresses the challenge of secure, universal in-band device pairing by leveraging device proximity and random transmission power, enabling mutual authentication with a single swift swipe. The protocol combines an interlock-based exchange of randomized Tx/Rx power, elliptic-curve Diffie-Hellman key agreement, and dual proximity checks: valley-shape pathloss and channel fading variation, to robustly distinguish adjacent devices from remote attackers. A hierarchical security analysis against General, Advanced, and Supreme attackers, together with extensive experiments in multiple environments, demonstrates sub-second pairing and strong resistance to sophisticated threats, including those able to infer location or motion. This approach eliminates the need for OOB channels or extra sensors, offering a practical, usable solution for securing IoT device onboarding across diverse wireless technologies.

Abstract

Wireless device pairing is a critical security mechanism to bootstrap the secure communication between two devices without a pre-shared secret. It has been widely used in many Internet of Things (IoT) applications, such as smart-home and smart-health. Most existing device pairing mechanisms are based on out-of-band channels, e.g., extra sensors or hardware, to validate the proximity of pairing devices. However, out-of-band channels are not universal across all wireless devices, so such a scheme is limited to certain application scenarios or conditions. On the other hand, in-band channel-based device pairing seeks universal applicability by only relying on wireless interfaces. Existing in-band channel-based pairing schemes either require multiple antennas separated by a good distance on one pairing device, which is not feasible in certain scenarios, or require users to repeat multiple sweeps, which is not optimal in terms of usability. Therefore, an in-band wireless device pairing scheme providing high security while maintaining high usability (simple pairing process and minimal user intervention) is highly desired. In this work, we propose an easy-to-use mutual authentication device pairing scheme, named Swipe2Pair, based on the proximity of pairing devices and randomization of wireless transmission power. We conduct extensive security analysis and collect considerable experimental data under various settings across different environments. Experimental results show that Swipe2Pair achieves high security and usability. It only takes less than one second to complete the pairing process with a simple swipe of one device in front of the other.

Figures (8)

• Figure 1: System model comprising adjacent pairing devices A and B, and a remote attacker M who could precisely estimate the location and motion of pairing devices.
• Figure 2: Workflow of Swipe2Pair
• Figure 3: Public key exchange with randomized Tx power and ECDH key derivation
• Figure 4: From the original pathloss data computed through the Tx and Rx powers, the robust peak-valley detection algorithm is implemented to detect a valley shape from noisy data. If the valley shape is detected, we search for the start and end points of the valley shape and extract the valley shape data for security checks.
• Figure 5: ROC of channel fading variation check in three different environments.