Zero Involvement Pairing and Authentication (ZIPA) is a promising technique for autoprovisioning large networks of Internet-of-Things (IoT) devices. In this work, we present the first successful signal injection attack on a ZIPA system. Most existing ZIPA systems assume there is a negligible amount of influence from the unsecured outside space on the secured inside space. In reality, environmental signals do leak from adjacent unsecured spaces and influence the environment of the secured space. Our attack takes advantage of this fact to perform a signal injection attack on the popular Schurmann & Sigg algorithm. The keys generated by the adversary with a signal injection attack at 95 dBA is within the standard error of the legitimate device.

翻译：零参与配对与认证（ZIPA）是一种为大规模物联网设备网络进行自动配置的有前景技术。本文首次实现了对ZIPA系统的成功信号注入攻击。现有大多数ZIPA系统假设非安全外部空间对安全内部空间的影响可忽略不计，但实际上环境信号确实会从相邻非安全空间泄露，并对安全空间的环境产生影响。我们的攻击利用这一事实，对流行的Schurmann & Sigg算法实施了信号注入攻击。攻击者采用95 dBA的信号注入攻击所生成的密钥，其误差范围与合法设备的标准误差相当。