In-Band Secret-Free Pairing for COTS Wireless Devices

Nirnimesh Ghose, Loukas Lazos, Ming Li

Research output: Contribution to journalArticlepeer-review

3 Scopus citations


Many IoT devices lack the necessary interfaces (keyboards, screens) for entering passwords or changing default ones. For these devices, bootstrapping trust can be challenging. We address the problem of device pairing in the absence of any shared secrets. Pairing is a two-phase process that requires mutual authentication between the two parties and the agreement to a common key that can be used to further bootstrap essential cryptographic mechanisms. We propose a secret-free and in-band trust establishment protocol that achieves the secure pairing of commercial off-the-shelf (COTS) wireless devices with a hub. As compared to the state-of-the-art, our protocol does not require any hardware/firmware modification to the devices, or any out-of-band channels, but can be applied to any COTS device. Furthermore, our protocol is resistant to active signal manipulations attacks that include recently demonstrated signal nullification at an intended receiver. These security properties are achieved in-band with the assistance of a helper device such as a smartphone and by exploiting hard-to-forge signal propagation laws. We perform extensive theoretical analysis to verify the security of the proposed protocol. In addition, we validate our theoretical results with experiments using COTS devices and USRP radios.

Original languageEnglish (US)
Pages (from-to)612-628
Number of pages17
JournalIEEE Transactions on Mobile Computing
Issue number2
StatePublished - Feb 1 2022


  • Bootstrapping
  • COTS wireless devices
  • Internet-of-Things
  • in-band
  • key establishment
  • man-in-the-middle attacks
  • message integrity
  • physical-layer security
  • secret-free
  • trust establishment
  • wireless signal manipulation attacks

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications
  • Electrical and Electronic Engineering


Dive into the research topics of 'In-Band Secret-Free Pairing for COTS Wireless Devices'. Together they form a unique fingerprint.

Cite this