Pedan, Stanislav I.Melnik, Maksim V.Alieksieiev, Mykola O.İnci Umakoğlu2025-04-092025-04-092024Method for improving security of IoT devices pairing / Stanislav I. Pedan, Maksim V. Melnik, Mykola O. Alieksieiev, İnci Umakoğlu // Information and telecommunication sciences : international research journal. – 2024. – Vol. 15, N. 2. – Pp. 13-19. – Bibliogr.: 9 ref.https://ela.kpi.ua/handle/123456789/73302Background. The usage of IoT technologies leads to the social, technological and financial development of society. While complex systems play an important role in the IoT, the design, integration and use of simple devices really drive the technology's widespread adoption. At the same time, ensuring a high level of security for simple IoT devices is a difficult task. The reasons for this are device limited computing resources and low power consumption requirements. It prevents the implementation of most modern cryptographic protocols for simple IoT devices. From a security point of view, the most critical communication stage is device pairing, when shared encryption keys are formed to establish a secure communication channel. Objective. The purpose of the paper is to analyse the main vulnerabilities of a simple IoT device pairing process and develop a method for improving security of this process. The method should provide proximity-based device authentication and pairing process protection against known attacks, such as man-in-the-middle attack. Methods. The method of pairing process security improvement includes proximity-based device authentication using analysis of the wireless signal strength. The security of the authentication method is proven analytically and by results of practical experiments with measurement of wireless signal strength change with distance and obstacles between devices. Results. Performed research demonstrated that the proposed method guarantees secure user authentication at a close distance between devices and protection against attacker located at least 10 meters from the paired device. Provided theoretical calculations and experimental results show that the level of attacker's wireless signal power increase required for a successful attack exceeds technical capabilities of existing communication devices. Conclusions. The article solves an important issue of improving the security of simple device pairing. The proposed method of proximity-based IoT device authentication provides pairing process protection against man-in-the-middle attacks. Mathematical calculations were confirmed by conducting a number of experiments to research wireless signal power change depending on the distance and types of obstacles between devices. The proposed authentication method can be integrated into the existing JustWorks protocol for connecting simple IoT devices using the BLE communication channel.ensecurityauthenticationInternet of Thingsmain-in-the-middle attackBluetooth Low EnergyJustWorksRSSIбезпекаавтентифікаціяІнтернет речейатака типу «людина посередині»ArticlePp. 13-19https://doi.org/10.20535/2411-2976.22024.13-19004.02