ProxiMate : Proximity Based Secure Pairing using Ambient Wireless Signals

Similar documents
Secret Key Extraction in MIMO like Sensor Networks Using Wireless Signal Strength

ECE 476/ECE 501C/CS Wireless Communication Systems Winter Lecture 6: Fading

ECE 476/ECE 501C/CS Wireless Communication Systems Winter Lecture 6: Fading

ECE 476/ECE 501C/CS Wireless Communication Systems Winter Lecture 6: Fading

Device Pairing at the Touch of an Electrode

Methodology for Analysis of LMR Antenna Systems

A Practical Method to Achieve Perfect Secrecy

Contactless snooping: Assessing the real threats

Problems from the 3 rd edition

Spectrum Sensing Brief Overview of the Research at WINLAB

EECS 380: Wireless Technologies Week 7-8

Diversity. Spring 2017 ELE 492 FUNDAMENTALS OF WIRELESS COMMUNICATIONS 1

EENG473 Mobile Communications Module 3 : Week # (12) Mobile Radio Propagation: Small-Scale Path Loss

Wireless Network Security Spring 2016

KEY ESTABLISHMENT TECHNIQUE FOR SECURE DIVERSIFIED WIRELESS NETWORK

CSIsnoop: Attacker Inference of Channel State Information in Multi-User WLANs

WIRELESS COMMUNICATION TECHNOLOGIES (16:332:546) LECTURE 5 SMALL SCALE FADING

Noncoherent Communications with Large Antenna Arrays

Performance Analysis of Different Ultra Wideband Modulation Schemes in the Presence of Multipath

On the Security of Millimeter Wave Vehicular Communication Systems using Random Antenna Subsets

Jamming-resistant Broadcast Communication without Shared Keys

1 Interference Cancellation

Eavesdropping Near Field Contactless Payments: A Quantitative Analysis

Wireless Network Security Spring 2015

Implementation of an attack scheme on a practical QKD system

Key Agreement Algorithms for Vehicular Communication Networks Based on Reciprocity and Diversity Theorems

Wideband Channel Characterization. Spring 2017 ELE 492 FUNDAMENTALS OF WIRELESS COMMUNICATIONS 1

Prof. Xinyu Zhang. Dept. of Electrical and Computer Engineering University of Wisconsin-Madison

INTERFERENCE OF SOUND WAVES

Eliminating Reconciliation Cost in Secret Key Generation for Body-Worn Health Monitoring Devices

Robust Location Distinction Using Temporal Link Signatures

An adaptive protocol for distributed beamforming Simulations and experiments

MIMO-Assisted Channel-Based Authentication in Wireless Networks

Sensitivity of Series Direction Finders

HY448 Sample Problems

Communication Channels

UNIT-1. Basic signal processing operations in digital communication

Differential-Phase-Shift Quantum Key Distribution

Do You Know Where Your Radios Are? Phase-Comparison Direction Finding

Analysis of symmetric key establishment based on reciprocal channel quantization

9.4 Temporal Channel Models


MAGIK: An Efficient Key Extraction Mechanism Based on Dynamic Geomagnetic Field

Implementing a Wide Area High Accuracy UTC Service via eloran

Fundamentals of Digital Communication

Distributed Beamforming for Safer Wireless Power Transferring

Key Generation Exploiting MIMO Channel Evolution: Algorithms and Theoretical Limits

Massive MIMO: Signal Structure, Efficient Processing, and Open Problems I

HELP: Helper-Enabled In-Band Device Pairing Resistant Against Signal Cancellation

Chapter 4 DOA Estimation Using Adaptive Array Antenna in the 2-GHz Band

Chapter 4 Investigation of OFDM Synchronization Techniques

Chapter-1: Introduction

Secret Key Generation Based on Channel and Distance Measurements

Device-Free Decade: the Past and Future of RF Sensing Systems (at least 16 minutes worth) Neal Patwari HotWireless October 2017

CHAPTER 2 WIRELESS CHANNEL

MSIT 413: Wireless Technologies Week 3

CS434/534: Topics in Networked (Networking) Systems

Receiver Design for Noncoherent Digital Network Coding

Solution: Alice tosses a coin and conveys the result to Bob. Problem: Alice can choose any result.

a. Find the minimum number of samples per second needed to recover the signal without loosing information.

Secure communication based on noisy input data Fuzzy Commitment schemes. Stephan Sigg

Detection, Estimation, and Modulation Theory

Practical Implementation of Physical-Layer Key Generation using Standard WLAN Cards and Performance Evaluation

Vehicle Networks. Wireless communication basics. Univ.-Prof. Dr. Thomas Strang, Dipl.-Inform. Matthias Röckl

Does The Radio Even Matter? - Transceiver Characterization Testing Framework

Communication using Synchronization of Chaos in Semiconductor Lasers with optoelectronic feedback

Modeling Mutual Coupling and OFDM System with Computational Electromagnetics

CS441 Mobile & Wireless Computing Communication Basics

Frequently Asked Questions

Background Dirty Paper Coding Codeword Binning Code construction Remaining problems. Information Hiding. Phil Regalia

Wireless Channel Propagation Model Small-scale Fading

Chapter 2 Channel Equalization

Compact MIMO Antenna with Cross Polarized Configuration

Multi-Path Fading Channel

Announcement : Wireless Networks Lecture 3: Physical Layer. A Reminder about Prerequisites. Outline. Page 1

Wireless Networks (PHY): Design for Diversity

Security in Sensor Networks. Written by: Prof. Srdjan Capkun & Others Presented By : Siddharth Malhotra Mentor: Roland Flury

Propagation Channels. Chapter Path Loss

THE broadcast nature of wireless communication links

EE107 Communication Systems. Introduction

ICRF Mode Conversion Flow Drive Studies with Improved Wave Measurement by Phase Contrast Imaging

VSWR AND ANTENNA SYSTEMS Copyright by Wayne Miller 2018 Revision 4 page 1 of 6

Cognitive Wireless Network : Computer Networking. Overview. Cognitive Wireless Networks

Waveform Encoding - PCM. BY: Dr.AHMED ALKHAYYAT. Chapter Two

RECOMMENDATION ITU-R F.1402*, **

Project PHYLAWS (Id ) PHYsical LAyer Wireless Security. Deliverable D.4.4

Mobile Radio Propagation Channel Models

ELECTROMAGNETIC COMPATIBILITY HANDBOOK 1. Chapter 8: Cable Modeling

3.1 Introduction to Modulation

ELT Receiver Architectures and Signal Processing Fall Mandatory homework exercises

UNIT 1 - introduction to GPS

Channel. Muhammad Ali Jinnah University, Islamabad Campus, Pakistan. Multi-Path Fading. Dr. Noor M Khan EE, MAJU

Dr. Ali Muqaibel. Associate Professor. Electrical Engineering Department King Fahd University of Petroleum & Minerals Dhahran, Saudi Arabia

Lecture #2. EE 471C / EE 381K-17 Wireless Communication Lab. Professor Robert W. Heath Jr.

Multipath fading effects on short range indoor RF links. White paper

INTRODUCTION TO WIRELESS SENSOR NETWORKS. CHAPTER 3: RADIO COMMUNICATIONS Anna Förster

Breaking Through RF Clutter

ENGG2310-B Principles of Communication Systems Last Lecture

Effects of Fading Channels on OFDM

DFS (Dynamic Frequency Selection) Introduction and Test Solution

Transcription:

ProxiMate : Proximity Based Secure Pairing using Ambient Wireless Signals Suhas Mathur AT&T Security Research Group Rob Miller, Alex Varshavsky, Wade Trappe, Narayan Madayam Suhas Mathur (AT&T) firstname AT att.com ACM Mobisys, 30 June 2011

Overview 1 The Secure Pairing problem 2 How wireless channels can help 3 ProxiMate in detail Suhas Mathur (AT&T) firstname AT att.com ACM Mobisys, 30 June 2011

The Secure Pairing problem

Alice & Bob have no prior trust relationship Alice Bob

Alice & Bob have no prior trust relationship They d like to exchange a secret message. Alice Bob

Alice & Bob have no prior trust relationship They d like to exchange a secret message. Alice Bob Eve

But they don t share a key Alice Bob Eve

Alice? Bob Eve

Alice Diffie Hellman key exchange Bob Eve

Alice Diffie Hellman key exchange Bob Eve Computational Secrecy (Computationally bounded Eve) k = key, Y = Eve s observations It is computationally infeasible to compute k from Y.

Alice Diffie Hellman key exchange Bob Eve But how does Alice know that she is talking to Bob? Easy to spoof identity on the wireless channel, when there is no prior trust relationship.

How can Wireless Channels help?

What is a Wireless Channel?

What is a Wireless Channel? It is the distortion h(t) produced by environment between transmitter and receiver = a randomly varying complex number (= a + j.b)

What is a Wireless Channel? It is the distortion h(t) produced by environment between transmitter and receiver = a randomly varying complex number (= a + j.b)

What is a Wireless Channel? It is the distortion h(t) produced by environment between transmitter and receiver = a randomly varying complex number (= a + j.b) h(t) decorrelates in space and time: Space: Over distances of λ/2 (= 6 cm @ 2.4 GHz) Time: Over one coherence time T c ( 100s of msec @ 2.4 GHz)

ProxiMate: Use a public RF source for secure pairing

ProxiMate: Use a public RF source for secure pairing

ProxiMate: Use a public RF source for secure pairing Assumption: Alice-Bob closer to each other than to Eve

Provides Alice & Bob (but not Eve) with a continuous, private source of randomness

Provides Alice & Bob (but not Eve) with a continuous, private source of randomness ProxiMate: 1 Use this source to generate a secret key at Alice and Bob

Provides Alice & Bob (but not Eve) with a continuous, private source of randomness ProxiMate: 1 Use this source to generate a secret key at Alice and Bob 2 If K alice = K Bob, then Alice & Bob know they are in proximity

Provides Alice & Bob (but not Eve) with a continuous, private source of randomness ProxiMate: 1 Use this source to generate a secret key at Alice and Bob 2 If K alice = K Bob, then Alice & Bob know they are in proximity 3 Use the key for encrypting all further communication.

ProxiMate in detail

Example trace 6 5 x 10 4 Alice Bob Amplitude 4 3 2 1 0 0 5 10 15 20 25 Time (Sec) Peter-to-Alice and Peter-to-Bob channels FM radio, 88.7 MHz Alice and Bob are 34 cm = wavelength 10 apart.

A & B locally compute quantizer threshold (e.g. median) 6 5 x 10 4 Alice Bob Amplitude 4 3 2 1 0 0 5 10 15 20 25 Time (Sec) Peter-to-Alice and Peter-to-Bob channels FM radio, 88.7 MHz Alice and Bob are 34 cm = wavelength 10 apart.

Quantize at intervals > Coherence time 6 5 x 10 4 Alice Bob Amplitude 4 3 2 1 0 0 5 10 15 20 25 Time (Sec) Bits obtained by Alice and Bob: A s Bits: 101001010101011010100100101 = w. B s Bits: 101000010101011110100100101 = w

A & B want identical keys, of which Eve knows nothing

A & B want identical keys, of which Eve knows nothing A s Bits: 101001010101011010100100101 = w. B s Bits: 101000010101011110100100101 = w

A & B want identical keys, of which Eve knows nothing A s Bits: 101001010101011010100100101 = w. B s Bits: 101000010101011110100100101 = w 1 A sends B code-offset P of w wrt a codeword c 1 in known code C.

A & B want identical keys, of which Eve knows nothing A s Bits: 101001010101011010100100101 = w. B s Bits: 101000010101011110100100101 = w 1 A sends B code-offset P of w wrt a codeword c 1 in known code C. 2 B uses P along with w to determine w.

A & B want identical keys, of which Eve knows nothing A s Bits: 101001010101011010100100101 = w. B s Bits: 101000010101011110100100101 = w 1 A sends B code-offset P of w wrt a codeword c 1 in known code C. 2 B uses P along with w to determine w. 3 Eliminate information leaked out to Eve via P by discarding H(P) bits.

Experimental evaluation

Experimental evaluation

Experimental evaluation 1 USRP/GNUradio - bridges the physical & software worlds.

Experimental evaluation 1 USRP/GNUradio - bridges the physical & software worlds. 2 TV channels ( 600 MHz) and FM channels ( 100 MHz)

Experimental evaluation 1 USRP/GNUradio - bridges the physical & software worlds. 2 TV channels ( 600 MHz) and FM channels ( 100 MHz) 3 Metrics of interest:

Experimental evaluation 1 USRP/GNUradio - bridges the physical & software worlds. 2 TV channels ( 600 MHz) and FM channels ( 100 MHz) 3 Metrics of interest: Rate (secret bits per sec)

Experimental evaluation 1 USRP/GNUradio - bridges the physical & software worlds. 2 TV channels ( 600 MHz) and FM channels ( 100 MHz) 3 Metrics of interest: Rate (secret bits per sec) Bit-error-rate (fraction of bits that differ at A & B)

Experimental evaluation 1 USRP/GNUradio - bridges the physical & software worlds. 2 TV channels ( 600 MHz) and FM channels ( 100 MHz) 3 Metrics of interest: Rate (secret bits per sec) Bit-error-rate (fraction of bits that differ at A & B) Mutual Information: Statistical dependence between two quantities

Bit-error-rate Vs. distance between two receivers Fraction of bits that differ (ε) 0.5 0.4 0.3 0.2 0.1 TV FM 0 0 0.2 0.4 0.6 Distance between receivers (in λ)

Shaking devices helps Rate

Shaking devices helps Rate 1 Coherence time T c 1/Rate estimated using level crossing rate.

Shaking devices helps Rate 1 Coherence time T c 1/Rate estimated using level crossing rate. 2 T c can be increased if Alice and Bob physically shaken together.

Shaking devices helps Rate 1 Coherence time T c 1/Rate estimated using level crossing rate. 2 T c can be increased if Alice and Bob physically shaken together. Coherence time estimates Time (sec) 0.35 0.3 0.25 0.2 0.15 0.1 0.05 0 Stationary moving slowly moving fast Time (Sec) 1.45 1.25 1.05 0.85 0.65 0.45 Stationary moving slowly moving fast TV FM

Shaking devices helps Rate 1 Coherence time T c 1/Rate estimated using level crossing rate. 2 T c can be increased if Alice and Bob physically shaken together. Coherence time estimates Time (sec) 0.35 0.3 0.25 0.2 0.15 0.1 0.05 0 Stationary moving slowly moving fast Time (Sec) 1.45 1.25 1.05 0.85 0.65 0.45 Stationary moving slowly moving fast TV FM 2x in rate by shaking.

Shaking devices helps Rate 1 Coherence time T c 1/Rate estimated using level crossing rate. 2 T c can be increased if Alice and Bob physically shaken together. Coherence time estimates Time (sec) 0.35 0.3 0.25 0.2 0.15 0.1 0.05 0 Stationary moving slowly moving fast Time (Sec) 1.45 1.25 1.05 0.85 0.65 0.45 Stationary moving slowly moving fast TV FM 2x in rate by shaking. Shaking also provides resistance to passive attackers within λ/2!

Monitoring multiple sources

Monitoring multiple sources

Monitoring multiple sources

Monitoring multiple sources Rate # of Independent sources of randomness.

Number of seconds needed for a 128-bit key with 10 sources Stationary Moving slow Moving fast TV 11 4.2 3.3 FM 33.62 18.3 15 Prob(Key mismatch) 10 4

What if Eve controls the transmitter? (i.e. Eve = Peter)

What if Eve controls the transmitter? (i.e. Eve = Peter) 1 Eve free to vary the transmit signal however she wants

What if Eve controls the transmitter? (i.e. Eve = Peter) 1 Eve free to vary the transmit signal however she wants 2 Can Alice & Bob extract bits about which Eve has no information?

What if Eve controls the transmitter? (i.e. Eve = Peter) 1 Eve free to vary the transmit signal however she wants 2 Can Alice & Bob extract bits about which Eve has no information? 3 Using Magnitude: No!

What if Eve controls the transmitter? (i.e. Eve = Peter) 1 Eve free to vary the transmit signal however she wants 2 Can Alice & Bob extract bits about which Eve has no information? 3 Using Magnitude: No!

What if Eve controls the transmitter? (i.e. Eve = Peter) 1 Eve free to vary the transmit signal however she wants 2 Can Alice & Bob extract bits about which Eve has no information? 3 Using Magnitude: No! 4 Using Phase: Yes! Because phase wraps around after 2π

What if Eve controls the transmitter? (i.e. Eve = Peter) 1 But Local Osciallators @ Alice and Bob are not synchronized. Thus, only change in phase at A & B will be similar in value.

What if Eve controls the transmitter? (i.e. Eve = Peter) 1 But Local Osciallators @ Alice and Bob are not synchronized. Thus, only change in phase at A & B will be similar in value. 2 Approach: We use differential phase across T c

What if Eve controls the transmitter? (i.e. Eve = Peter) 1 But Local Osciallators @ Alice and Bob are not synchronized. Thus, only change in phase at A & B will be similar in value. 2 Approach: We use differential phase across T c 3 To test, we let Eve transmit a recorded FM signal

What if Eve controls the transmitter? (i.e. Eve = Peter) 1 But Local Osciallators @ Alice and Bob are not synchronized. Thus, only change in phase at A & B will be similar in value. 2 Approach: We use differential phase across T c 3 To test, we let Eve transmit a recorded FM signal 4 Eve knows almost nothing about diff-phase at Alice & Bob.

Summary 1 ProxiMate: secure pairing of wireless devices based on just proximity.

Summary 1 ProxiMate: secure pairing of wireless devices based on just proximity. 2 Secure against even a computationally unbounded adversary.

Summary 1 ProxiMate: secure pairing of wireless devices based on just proximity. 2 Secure against even a computationally unbounded adversary. 3 Prob. of key mismatch can be driven to 0.

Summary 1 ProxiMate: secure pairing of wireless devices based on just proximity. 2 Secure against even a computationally unbounded adversary. 3 Prob. of key mismatch can be driven to 0. 4 Rate at which a common key is generated:

Summary 1 ProxiMate: secure pairing of wireless devices based on just proximity. 2 Secure against even a computationally unbounded adversary. 3 Prob. of key mismatch can be driven to 0. 4 Rate at which a common key is generated: # of sources monitored

Summary 1 ProxiMate: secure pairing of wireless devices based on just proximity. 2 Secure against even a computationally unbounded adversary. 3 Prob. of key mismatch can be driven to 0. 4 Rate at which a common key is generated: # of sources monitored frequency monitored

Summary 1 ProxiMate: secure pairing of wireless devices based on just proximity. 2 Secure against even a computationally unbounded adversary. 3 Prob. of key mismatch can be driven to 0. 4 Rate at which a common key is generated: # of sources monitored frequency monitored E.g.: 4-digit PIN in 0.34 sec with 10 TV sources.

Summary 1 ProxiMate: secure pairing of wireless devices based on just proximity. 2 Secure against even a computationally unbounded adversary. 3 Prob. of key mismatch can be driven to 0. 4 Rate at which a common key is generated: # of sources monitored frequency monitored E.g.: 4-digit PIN in 0.34 sec with 10 TV sources. 5 ProxiMate s complexity is O(n) while Diffie-Hellman is O(n 3 ).

Summary 1 ProxiMate: secure pairing of wireless devices based on just proximity. 2 Secure against even a computationally unbounded adversary. 3 Prob. of key mismatch can be driven to 0. 4 Rate at which a common key is generated: # of sources monitored frequency monitored E.g.: 4-digit PIN in 0.34 sec with 10 TV sources. 5 ProxiMate s complexity is O(n) while Diffie-Hellman is O(n 3 ). 6 ProxiMate can generate a secret key even if RF source is adversarial.

Questions/Comments

Backup Slides

Related work 1 Low power communications not secure: Susceptible to eavesdropping using a high gain directional antenna Bluetooth can be sniffed from over a mile away [Wright06] NFC is convenient but not secure by itself [Haselsteine06] 2 Existing approaches are cumbersome Human intervention (cables, entering PINs) Faraday cage [Perrig07] 3 Ambient wireless signals like WiFi can help establish proximity [AMIGO-Varshavsky07]

Where does the randomness and the spatial & temporal de-correlation come from?

Synchronizing Alice & Bob 1 Alice and Bob demodulate their signals 2 Alice sends Bob a snippet of the demodulated signal to indicate t = 0

How many secret bits / second? 1 Suppose Alice & Bob generate R bits/sec that differ with prob. ɛ

How many secret bits / second? 1 Suppose Alice & Bob generate R bits/sec that differ with prob. ɛ BSC with crossover prob. = ɛ (capacity = 1 Hb (ɛ))

How many secret bits / second? 1 Suppose Alice & Bob generate R bits/sec that differ with prob. ɛ BSC with crossover prob. = ɛ (capacity = 1 Hb (ɛ)) 2 For high ɛ, long codes are needed for reasonable rate Long delay.

How many secret bits / second? 1 Suppose Alice & Bob generate R bits/sec that differ with prob. ɛ BSC with crossover prob. = ɛ (capacity = 1 Hb (ɛ)) 2 For high ɛ, long codes are needed for reasonable rate Long delay. Fraction of bits that differ (ε) 0.6 0.5 0.4 0.3 0.2 0.1 Theoretical curve Rate 1/4 LDPC code, n = 1008 P e = 3.5 * 10 3 0 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 Distance (in units of λ)

How many secret bits / second? 1 Suppose Alice & Bob generate R bits/sec that differ with prob. ɛ BSC with crossover prob. = ɛ (capacity = 1 Hb (ɛ)) 2 For high ɛ, long codes are needed for reasonable rate Long delay. Fraction of bits that differ (ε) 0.6 0.5 0.4 0.3 0.2 0.1 Theoretical curve Rate 1/4 LDPC code, n = 1008 P e = 3.5 * 10 3 0 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 Distance (in units of λ) 3 Can we do better overall by ɛ at the cost of a lower R?

How many secret bits / second? 1 Suppose Alice & Bob generate R bits/sec that differ with prob. ɛ BSC with crossover prob. = ɛ (capacity = 1 Hb (ɛ)) 2 For high ɛ, long codes are needed for reasonable rate Long delay. Fraction of bits that differ (ε) 0.6 0.5 0.4 0.3 0.2 0.1 Theoretical curve Rate 1/4 LDPC code, n = 1008 P e = 3.5 * 10 3 0 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 Distance (in units of λ) 3 Can we do better overall by ɛ at the cost of a lower R? 4 We can trade R for ɛ. Let effective rate: R = R (1 H b (ɛ)) bits per sec

Copyrights disclaimer The Tux logo, the Adium duck and the BSD devil may be trademarks of their respective owners. They are used in this presentation only for illustrative purposes. No personal financial gain was made from this presentation.

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback