SmartMagnet: Proximity-Based Access Control for IoT Devices With Smartphones and Magnets

Ubiquitous smartphones can be powerful tools to access IoT devices. Proximity-based access control (PBAC) is needed such that IoT devices only allow data access by legitimate users in close proximity. Traditional smartphone-based authentication techniques do not satisfy the PBAC requirements. This paper presents SmartMagnet, a novel scheme that combines smartphones and cheap magnets to achieve PBAC for IoT devices. SmartMagnet explores a few cheap, tiny commodity magnets which we propose to attach to or embed into IoT devices, as well as the magnetometer and attitude sensor on commodity smartphones. Each legitimate user performs a self-chosen 3D password gesture near the target IoT device with the enrolled smartphone. Then the system server uses the IoT device’s confidential magnet configuration parameters to reconstruct the user gesture from the magnetometer and attitude sensor data submitted by the smartphone. If the reconstructed gesture matches the stored template of the purported user, the smartphone user is deemed legitimate and allowed access to the IoT device. Extensive experiments confirm the high usability of SmartMagnet and its strong resilience to lost/stolen smartphones and also remote attacks via signal relaying.