Posts tagged Authentication

A Signal Injection Attack Against Zero Involvement Pairing and Authentication for the Internet of Things

Zero Involvement Pairing and Authentication (ZIPA) is a technique for automatically provisioning large networks of Internet-of-Things (IoT) devices with no user involvement. Prior ZIPA work generally assumes that the environment used for pairing is sufficiently isolated from external, adversarial signals. In our DESTION 2024 paper (see Citation below), we present the first signal-injection attack capable of influencing ZIPA-based key generation, demonstrating that these assumptions can fail in realistic settings.

Read more ...