Many Next Generation (NextG) applications feature devices that are capable of communicating and sensing in the Millimeter-Wave (mmWave) bands. Trust establishment is an important first step to bootstrap secure mmWave communication links, which is challenging due to the lack of prior secrets and the fact that traditional cryptographic authentication methods cannot bind digital trust with physical properties. Previously, context-based device pairing approaches were proposed to extract shared secrets from common context, using various sensing modalities. However, they suffer from various limitations in practicality and security. In this work, we propose the first secret-free device pairing scheme in the mmWave band that explores the unique physical-layer properties of mmWave communications. Our basic idea is to let Alice and Bob derive common randomness by sampling physical activity in the surrounding environment that disturbs their wireless channel. They construct reliable fingerprints of the activity by extracting event timing information from the channel state. We further propose an uncoordinated path hopping mechanism to resolve the challenges of beam alignment for activity sensing without prior trust. A key novelty of our protocol is that it remains secure against both co-located passive adversaries and active Man-in-the-Middle attacks, which is not possible with existing context-based pairing approaches. We implement our protocol in a 28GHz mmWave testbed, and experimentally evaluate its security in realistic indoor environments. Results show that our protocol can effectively thwart several different types of adversaries.

翻译：许多下一代（NextG）应用要求设备具备在毫米波频段进行通信和感知的能力。信任建立是启动安全毫米波通信链路的重要第一步，但由于缺乏预共享密钥，且传统加密认证方法无法将数字信任与物理属性绑定，这一过程极具挑战性。此前，基于上下文的设备配对方法被提出，通过利用多种传感模式从共同环境中提取共享密钥，但这些方法在实用性和安全性方面存在诸多局限。在本工作中，我们提出了首个利用毫米波通信独特物理层特性的无密钥设备配对方案。其核心思想是让Alice和Bob通过采样周围环境中干扰无线信道的物理活动来生成公共随机性：从信道状态中提取事件时序信息，从而构建活动的可靠指纹。我们还提出一种非协调的跳路径机制，以解决在无预信任前提下进行活动感知所需的波束对齐问题。本协议的一个关键创新在于，它能同时抵御共址被动窃听者和主动中间人攻击——这是现有基于上下文的配对方案无法实现的。我们在28GHz毫米波测试平台上实现了该协议，并在真实室内环境中对其安全性进行了实验评估。结果表明，该协议能有效抵御多种不同类型的攻击者。