COOB: Hybrid Secure Device Pairing Scheme in a Hostile Environment

Due to the scalability limitations, the secure device pairing of Internet of Things objects cannot be efficiently conducted based on traditional cryptographic techniques using a pre-shared security knowledge. The use of Out-of-Band (OoB) channels has been proposed as a way to authenticate the key establishment process but they require a relatively long time and an extensive user involvement to transfer the authentication bits. However, the context-based schemes exploit the randomness of the ambient environment to extract a common secret without an extensive user intervention under the requirement of having a secure perimeter during the extraction phase, which is considered as a strong security assumption. In this paper, we introduce a novel hybrid scheme, called COOB, that efficiently combines a state-of-the-art fast context-based encoder with our Out-of-Band based scheme. This protocol exploits a nonce exponentiation to achieve the temporary secrecy goal needed for the authentication. Our method provides security against an attacker that can violate the secure perimeter requirement, which is not supported by the existing contextual schemes. This security improvement has been formally validated in the symbolic model using the TAMARIN prover. Based on our implementation of the Out-of-Band channel, COOB enhances the usability by reducing the pairing time up to 39% for an 80-bit OoB exchange while keeping an optimal protocol cost.