Plug-and-Secure IoT
08/08/16 05:05

Hi all,


at Robert Bosch GmbH's Corporate Research, we developed an building block for the IoT more secure. It is so easy to use even for an unskilled user that we call it "plug-and-secure".


The huge number of connected devices in the Internet of Things comes along with a huge number of potential security threats. Establishing a secure connectivity represents a major challenge in this respect since few smart devices have comfortable user interfaces (e.g. for entering passwords), and many have limited processing power, which prohibits the usage of complex algorithms. Our idea contributes to the solution of this problem by establishing a secure connection for resource-constraint IoT devices in a plug-and-play manner.


A person wants to securely integrate new device (e.g. a XDK) into the Smart Home. The person activates the device, which connects to a wireless access point. Then both devices automatically establish symmetric cryptographic keys based upon physical properties of the common wireless link between them. This way, the communication may already be encrypted. The access point then asks the person via a trusted device (e.g. a smartphone) to perform a certain gesture with the new device for authentication purposes. The user performs this gesture and the corresponding sensor values gathered by the XDK during this period are fed back to the access point via the already encrypted radio link. The access point verifies that the measured sensor values match the requested gesture. If this is the case, the device has been successfully authenticated as well. Hence, a confidential and fully secured connection has been set up in a fairly easy-to-use manner :-) .

Implementation Details

From the TI CC3100 wireless processor on the XDKs (cp. the pictures, which show the general principle as well as the demonstrator in action) each device obtains received signal strength values, when exchanging data packets between each other. These measurements are random and very similar for the both nodes. But for RF devices in other locations they differ largely, which means that the two legitimate parties share a common secret, which is the raw material for the generation of the cryptographic key. On both devices, the software then converts the RSSI values into bits depending upon whether a RSSI value is above or below a calculated threshold. Then, using a forward error correction scheme, both sides correct mismatches of bits by exchanging error correction information via a public connection and finally compress the key, which can then be used for encryption.

For authentication the helper devices connects to the access point via a SSL-secured connection. It displays a gesture, which the user is requested to perform with the sensor XDK. The sensor sends relevant sensor data (e.g., acceleration, gyroscope, compass) to the access point over the recently established encrypted connection. The access points checks whether the sensor data match the gesture. If so, the sensor is authenticated

From now on, access point and sensor can exchange data confidentially and secure, while the user had minimum effort with the setting-up.


[X] I accept the XDK competition terms and conditions

+6 (6 Votes)