Short: Vibreaker: Securing Vibrational Pairing with Deliberate Acoustic Noise

S Abhishek Anand, Nitesh Saxena

Pairing between wireless devices may be secured by the use of an auxiliary channel such as audio, visuals or vibrations. A simple approach to pairing involves one of the devices initiating the transmission of a key, or keying material like a short password, over the auxiliary channel to the other device. A successful pairing is achieved when the receiving device is able to decode the key without any errors while the attacker is unable to eavesdrop the key.

In this paper, we focus on the security of the vibration channel when used for the key transmission. As shown in some recent work, sending the keying material over a clear vibrational channel poses a significant risk of an acoustic side channel attack. Specifically, an adversary can listen onto the acoustic sounds generated by the vibration motor of the sending device and infer the keying material with a high accuracy. To counteract the threat, we propose a novel pairing scheme, called Vibreaker (a “Vibration speaker”), that involves active injection of acoustic noise in order to mask the key signal. In this scheme, the sending device artificially injects noise in the otherwise clear audio channel while transmitting the keying material via vibrations. We experiment with several choices for the noise signal and demonstrate that the security of the audio channel is significantly enhanced with Vibreaker when appropriate noise is used. The scheme requires no additional effort by the user, and imposes minimum hardware requirements and hence can be applied to many different contexts, such as pairing of IoT and implanted devices, wearables and other commodity gadgets.

This paper looks at the security of authenticated and secure out-of-band (AS-OOB) channels that are based on the use of mechanical vibrations to communicate a pairing secret between two devices. Some earlier work has shown such vibration-based channels to be vulnerable against audio eavesdropping, as the typical generation of vibrations also causes audio leakage. As a remedy against such eavesdropping attacks, this paper presents “Vibreaker”, a system that protects the vibration- based pairing against eavesdropping adversaries by using masking signals emitted by the pairing devices. The purpose of the masking signal is to cloak the acoustic leakage emanating from the vibrations used in the pairing process. Two kinds of masking signals are analysed, white noise and fake vibration noise.

The paper first demonstrates the feasibility of eavesdropping attacks based on audio leakage by reimplementing the attack presented in literature. It then presents the design of the countermeasure that is based on emitting audio-based cloaking signals during the pairing process. The effectiveness of the countermeasure is evaluated by qualitative analysis of the resulting audio signal that an eavesdropper adversary observes at a relatively close distance to the pairing devices. The evaluation shows that the introduction of the cloaking signal effectively masks the acoustic signal emanating from the pairing vibrations. This makes it very difficult for the adversary to retrieve the correct pairing secret based on the audio signal it can observe.

While this paper does a good job in describing the countermeasure and reasoning for its efficiency, the evaluation remains at a qualitative level, as no detailed numeric data about the performed tests and their success rates are provided. Another point of criticism is that only a basic method for decoding the pairing signal by the adversary is assumed. As the authors acknowledge, further studies would be necessary to verify the efficacy of the proposed countermeasure also against adversaries that utilize more advanced methods based on, e.g., machine-learning algorithms to retrieve information about the pairing signal. Nevertheless the paper provides interesting information as a proof-of- concept for utilizing acoustic cloaking for securing vibration-based AS-OOB pairing channels.