Not-so-Secret Authentication: The SyncBleed Attacks and Defenses for Zero-Involvement Authentication Systems

Isaac Ahlgren; Rushikesh Shirsat; Omar Achkar; George K. Thiruvathukal; Kyu In Lee; Neil Klingensmith

doi:10.6084/m9.figshare.28935059

Not-so-Secret Authentication: The SyncBleed Attacks and Defenses for Zero-Involvement Authentication Systems

Isaac Ahlgren, Rushikesh Shirsat, Omar Achkar, George K. Thiruvathukal, Kyu In Lee, Neil Klingensmith

University of Houston

Research output: Contribution to conference › Paper

Abstract

Zero-involvement authentication (ZIA) offers a promising solution for autoprovisioning large IoT device networks by enabling devices to extract identical authentication keys from ambient environmental signals without user intervention.

However, we demonstrate that existing ZIA systems leak critical information during key negotiation when they exchange synchronization messages over public wireless channels.

Our novel passive attack, SyncBleed, exploits these leaked messages to reconstruct ZIA-generated keys, successfully cracking approximately 50% of keys in under one second in our testbed experiments.

To address this vulnerability, we introduce TREVOR (Time shift REsistant VEctor ExtractOR), which generates nearly identical bit sequences from environmental signals without exchanging any synchronization information. TREVOR produces keys in under 4~seconds with 90--95% bit agreement rates between legitimate devices across various environmental sources, while maintaining complete resistance to SyncBleed attacks.

Original language	American English
DOIs	https://doi.org/10.6084/m9.figshare.28935059
State	Published - May 6 2025

Access to Document

10.6084/m9.figshare.28935059License: Unspecified

Cite this

@conference{45084ac838d047d78a55bf0a73fdaec8,

title = "Not-so-Secret Authentication: The SyncBleed Attacks and Defenses for Zero-Involvement Authentication Systems",

abstract = "Zero-involvement authentication (ZIA) offers a promising solution for autoprovisioning large IoT device networks by enabling devices to extract identical authentication keys from ambient environmental signals without user intervention. However, we demonstrate that existing ZIA systems leak critical information during key negotiation when they exchange synchronization messages over public wireless channels. Our novel passive attack, SyncBleed, exploits these leaked messages to reconstruct ZIA-generated keys, successfully cracking approximately 50\% of keys in under one second in our testbed experiments. To address this vulnerability, we introduce TREVOR (Time shift REsistant VEctor ExtractOR), which generates nearly identical bit sequences from environmental signals without exchanging any synchronization information. TREVOR produces keys in under 4\textasciitilde{}seconds with 90--95\% bit agreement rates between legitimate devices across various environmental sources, while maintaining complete resistance to SyncBleed attacks.",

author = "Isaac Ahlgren and Rushikesh Shirsat and Omar Achkar and Thiruvathukal, \{George K.\} and Lee, \{Kyu In\} and Neil Klingensmith",

year = "2025",

month = may,

day = "6",

doi = "10.6084/m9.figshare.28935059",

language = "American English",

}

TY - CONF

T1 - Not-so-Secret Authentication: The SyncBleed Attacks and Defenses for Zero-Involvement Authentication Systems

AU - Ahlgren, Isaac

AU - Shirsat, Rushikesh

AU - Achkar, Omar

AU - Thiruvathukal, George K.

AU - Lee, Kyu In

AU - Klingensmith, Neil

PY - 2025/5/6

Y1 - 2025/5/6

N2 - Zero-involvement authentication (ZIA) offers a promising solution for autoprovisioning large IoT device networks by enabling devices to extract identical authentication keys from ambient environmental signals without user intervention. However, we demonstrate that existing ZIA systems leak critical information during key negotiation when they exchange synchronization messages over public wireless channels. Our novel passive attack, SyncBleed, exploits these leaked messages to reconstruct ZIA-generated keys, successfully cracking approximately 50% of keys in under one second in our testbed experiments. To address this vulnerability, we introduce TREVOR (Time shift REsistant VEctor ExtractOR), which generates nearly identical bit sequences from environmental signals without exchanging any synchronization information. TREVOR produces keys in under 4~seconds with 90--95% bit agreement rates between legitimate devices across various environmental sources, while maintaining complete resistance to SyncBleed attacks.

AB - Zero-involvement authentication (ZIA) offers a promising solution for autoprovisioning large IoT device networks by enabling devices to extract identical authentication keys from ambient environmental signals without user intervention. However, we demonstrate that existing ZIA systems leak critical information during key negotiation when they exchange synchronization messages over public wireless channels. Our novel passive attack, SyncBleed, exploits these leaked messages to reconstruct ZIA-generated keys, successfully cracking approximately 50% of keys in under one second in our testbed experiments. To address this vulnerability, we introduce TREVOR (Time shift REsistant VEctor ExtractOR), which generates nearly identical bit sequences from environmental signals without exchanging any synchronization information. TREVOR produces keys in under 4~seconds with 90--95% bit agreement rates between legitimate devices across various environmental sources, while maintaining complete resistance to SyncBleed attacks.

U2 - 10.6084/m9.figshare.28935059

DO - 10.6084/m9.figshare.28935059

M3 - Paper

ER -