VoltKey

Abstract

The explosive proliferation of Internet-of-Things (IoT) ecosystem fuels the needs for a mechanism for the user to easily and securely interconnect multiple heterogeneous devices with minimal involvement. However, the current paradigm of context-unaware pairing and authentication methods (e.g., using a preset or user-defined password) poses severe challenges in the usability and security aspects due to the limited and siloed user interface that requires substantial effort on establishing or maintaining a secure network. In this paper, we present VoltKey, a method that transparently and continuously generates secret keys for colocated devices, leveraging spatiotemporally unique noise contexts observed in commercial power line infrastructure. We introduce a novel scheme to extract randomness from power line noise and securely convert it into the same key by a pair of devices. The unique noise pattern observed only by trusted devices connected to a local power line prevents malicious devices without physical access from obtaining unauthorized access to the network. VoltKey can be implemented on top of standard USB power supplies as a platform-agnostic bolt-on addition to any IoT devices or wireless access points that are constantly connected to the power outlet. Through extensive experiments under various realistic deployment environments, we demonstrate that VoltKey can successfully establish a secret key among colocated devices with over 90% success rate, while effectively rejecting malicious devices that do not have access to the local power line (but may have access to a spatially nearby line).