all InfoSec news
SyncBleed: A Realistic Threat Model and Mitigation Strategy for Zero-Involvement Pairing and Authentication (ZIPA). (arXiv:2311.04433v1 [cs.CR])
cs.CR updates on arXiv.org arxiv.org
Zero Involvement Pairing and Authentication (ZIPA) is a promising technique
for auto-provisioning large networks of Internet-of-Things (IoT) devices.
Presently, these networks use password-based authentication, which is difficult
to scale to more than a handful of devices. To deal with this challenge, ZIPA
enabled devices autonomously extract identical authentication or encryption
keys from ambient environmental signals. However, during the key negotiation
process, existing ZIPA systems leak information on a public wireless channel
which can allow adversaries to learn the key. We …
authentication auto challenge deal devices internet iot large mitigation networks password scale strategy things threat threat model