Existing secure pairing methods for IoT devices lacking traditional UIs (e.g., keyboards) suffer from a fundamental trade-off between usability and security: proximity-based schemes are vulnerable to co-location attacks; inertial-sensing approaches require hardware not universally available; and fuzzy commitment protocols incur information loss, leading to high mispairing rates. This paper proposes a secure pairing scheme leveraging ubiquitous physical interactions—such as button presses or knob rotations. It introduces the first inertial-sensor-free operation sensing technique; designs a deterministic key agreement protocol with zero information loss, eliminating inherent errors of fuzzy commitment; and integrates acoustic, capacitive, and RF side-channel modeling with synchronized feature extraction. Experiments demonstrate robustness against co-location attacks, a mispairing rate below 10⁻⁶, average pairing time under 3 seconds, and cross-platform compatibility with smartphones, smartwatches, and other resource-constrained IoT devices.

Secure pairing is crucial for ensuring the trustworthy deployment and operation of Internet of Things (IoT) devices. However, traditional pairing methods are often unsuitable for IoT devices due to their lack of conventional user interfaces, such as keyboards. Proximity-based pairing approaches are usable but vulnerable to exploitation by co-located malicious devices. While methods based on a user's physical operations (such as shaking) on IoT devices offer greater security, they typically rely on inertial sensors to sense the operations, which most IoT devices lack. We introduce a novel technique called Universal Operation Sensing, enabling IoT devices to sense the user's physical operations without the need for inertial sensors. With this technique, users can complete the pairing process within seconds using simple actions such as pressing a button or twisting a knob, whether they are holding a smartphone or wearing a smartwatch. Moreover, we reveal an inaccuracy issue in the fuzzy commitment protocol, which is frequently used for pairing. To address it, we propose an accurate pairing protocol, which does not use fuzzy commitment and incurs zero information loss. The comprehensive evaluation shows that it is secure, usable and efficient.