SECURE DEVICE ASSOCIATION: TRENDS AND ISSUES Presenter Gicheol Wang Yasir Arfat Malkani, Dan Chalmers, and Ian Wakeman

presented by gcwang Outline  Introduction  Problem  Challenges  Background  Summary and Future Directions for Research

presented by gcwang Introduction – Mobile Ad Hoc Environments  More and more devices every day  Varying size and capabilities  Varying connection methods (e.g. Cable, Bluetooth, etc)  Varying user interface (rich, moderate and poor)  Spontaneous method of interaction  Increasing Mobility in devices  Use of wireless technology in some form  e.g ,Bluetooth, Infrared, Zigbee, Wibree, etc  Frequent associations and disassociations  e.g. pairing of Bluetooth enable headset with mobile phone or MP3 player, pairing IR remote with laptop, etc

presented by gcwang Problem Intended Communication ___________ Actual Communication Man-in-the-middle attacker A B E Solution Establishing secure channel between the pairing devices Eavesdropping Disclosure of sensitive information to 3 rd Party Manipulation Illegitimate analysis and modification of data Can cause Denial-of-Service (DoS) E can gain control over the device B

presented by gcwang Challenges  No prior context  Devices lack prior knowledge of each other due to ad hoc nature  No pre-shared secret key  Traditional key exchange/agreement approaches (e.g. Diffie- Hellman) are not secure against MiTM attack  Variations in device capabilities  Communication channels  User-interfaces  Power and computational resources  Sensing technology, etc

presented by gcwang Attack Types in Device Association Model  Eavesdropping and MiTM attack  Discussed in previous slides  Denial-of-Service (DoS) attack  Prevent communication between wirelessly connected nodes  Prevents pairing partners to establish a secure channel  Bidding-Down attack  It is possible, where a list of choices to establish a secure channel is available  The goal is to fool (bid-down) the devices to use weaker security than is possible  Compromised Devices  Difficult to prevent at the protocol level  Could suggest pairing with only the adversary’s device  Could run a weak pairing protocol

presented by gcwang Background  Resurrecting Duckling Security Model  Talking to Strangers  Visual Out-of-Band Channels  Audio Out-of-Band Channels  Accelerometer-Based Approaches  Radio-Signals Based Approaches  Biometrics-Based Approaches  Button Enabled Device Association (BEDA)  Industry and Standardization Bodies

presented by gcwang Resurrecting Duckling Security Model  Exchange encryption key in plain-text form using a physical medium, such as cable  No cryptography required  Cables are cumbersome  Not all the devices have similar physical interface

presented by gcwang Actual Communication Intended Communication Talking to Strangers  Extended Resurrecting Duckling security model  Two-phase authentication  Use infrared as an out-of-band (OOB) channel  Susceptible to eavesdropping  e.g. Two remotes and one projector  Rene Mayrhofer et al.  Use laser [4, (2007)] and Ultrasound [5, (2007)]  Requires interface and/or additional hardware, such as laser/ultrasound transceiver

presented by gcwang Visual Out-of-Band Channels  Seeing-is-Believing (SiB) by McCune et al.  Use camera phones and bar codes to create visual OOB channel  Secure Device Pairing Based on Visual Channel by Saxena et al.  Proposed an improvement to SiB through the use of LED and short authenticated integrity checksums  Not all devices are equipped with camera  Might not be enough light at some places to scan bar codes properly  Not all devices have big enough displays to show 2D bar codes  In some situations, camera equipped devices cannot be placed sufficiently near  Camera-equipped devices are not allowed in security- sensitive areas

presented by gcwang Audio Out-of-Band Channels  Loud and Clear (L&C)  Use audio as OOB channel for human-assisted authentication  Derive auditorially-robust, syntactically correct, but nonsensical (MadLib) sentence from hash of a public key  Compare the vocalized sentences  Human-Assisted Pure Audio Device Pairing (HAPADEP)  Pairing two devices that have no common standard wireless channel at the time of pairing  Use audio to exchange both cryptographic material and protocol messages  Not applicable to pairing scenarios where one of the devices does not have a display and/or a speaker (or microphone in case of HAPADEP)  Not suitable for hearing-impaired users  Not feasible in noisy environments  Places burden on user to compare the two Madlib sentences or Melodies

presented by gcwang Accelerometer-Based Approaches  Smart-its-Friend by Holmquist et al.  Use common readings from the embedded accelerometers in the devices  Security has not been the major concern  Are You With ME by Lester et al.  Use accelerometers’ data to show that a set of devices is being carried by the same person  Shake-Well-Before-Use by Mayrhofer et al.  Combine cryptographic primitives with accelerometer data analysis for secure device-to-device authentication  Require accelerometer in each device  Large variety of devices can not be shaken together

presented by gcwang Radio-Signals Based Approaches  Radio-Based approaches require no or minimal hardware and/or user involvement  Shake-Them-Up by Castelluccia et al.  Movement-based technique for pairing two resource-constrained devices, such as sensors.  Use the source indistinguishability property of radio signals  Susceptible to attack by an eavesdropper that exploits the differences in the base-band frequencies of the two radio sources  Amigo by Varshavsky et al.  Utilize commonality of radio signals from locally available wireless access points  Extended Diffie-Hellman key exchange protocol with the addition of a key verification stage  Not applicable in the scenarios where radio-date is not available  Hard to identify the intended device when many other devices surround it

presented by gcwang Biometrics-Based Approaches  Biometrics are a common technique for identifying human beings  Feeling-is-Believing (FiB) by Buhan et al.  Investigated grip pattern  Proposed to generate a shared secret key from biometric data using quantization and cryptanalysis  Secure Ad-hoc Pairing with Biometrics (SAfE) by Buhan et al.  Keys are extracted from images during the pre-authentication phase  Both of the techniques are based on Balfanz et al. model  Logic and calculations to accurately recognize the biometric- patterns are a heavy burden on its applications  Issue regarding the accuracy of recognition techniques still need more research and improvement  Require biometrics reader in both of the devices

presented by gcwang Button Enabled Device Association (BEDA)  Transfer the short secret key from one device to the other using ‘button-presses’  Then, the short secret key is used to authenticate the public keys of the devices  There are four variants of BEDA  Button-to-Button (B-to-B)  Involves the user simultaneously pressing buttons on both of the devices within certain random time-intervals  Each of these intervals are used to derive 3-bits of the short secret key  Display-to-Button (D-to-B)  Emits visual signals by showing a blinking square on its screen.  The user reacts to blinking square events by pressing the button on the other device.  Short-Vibration-to-Button (SV-to-B)  Transmits signals through short vibration events instead of blinking square  Long-Vibration-to-Button (LV-to-B)  Signals are emitted through either the start or the end of a long vibration

presented by gcwang Industry and Standardization Bodies Bluetooth Pairing

presented by gcwang Industry and Standardization Bodies  Near Field Communication (NFC) Technology  Short-range, high-frequency, low-bandwidth wireless connectivity standard  Use magnetic field induction  Operates on MHz freq. with data transfer rate of up to 424 kbps with a bandwidth of 14 KHz  Supports two modes of communication: active-mode and passive-mode  Applications: pairing two devices, smart posters, contactless-credit-cards, etc  Wireless USB Association (WUSB)  WUSB group was formed in 2004 to define the WUSB specifications  It is a short-range (up to 10 m), high-bandwidth wireless communication technology  Replace wired USB  Wi-Fi Protected Setup (WPS)  Wi-Fi Alliance officially launched Wi-Fi Protected Setup (WPS) in early 2007  Secure establishment and configuration of wireless home networks  Windows Connect now-Net  Goal is to provide a way to set up secure wireless networks  Works for both in-band wireless devices and out-of-band Ethernet devices

presented by gcwang Some Other Approaches  LoKey by Nicholson et al.,  Uses SMS messages to authenticate key exchanged over the internet  Drawbacks: Delay and substantial monetary cost  Manual Authentication for Wireless Devices by Gehrmann et al.  Enable handheld devices to authenticate their public keys by some kind of user interaction  User manually exchanges short message authentication codes between the devices  A Generic Framework for Secure Device Association by Malkani et al.  Device first register their capabilities with the directory service  Then, client queries the directory service to discover and acquire the required information to initiate the pairing process

presented by gcwang Co-location Server 1. Device Description 1. Device Description 1. Device Description 2. Client’s Query 3. Server Response Authentication Process Directory 1. Device Description 3. Server Response Resource (Target Device) Client Device Some Other Approaches

presented by gcwang Summary and Future Directions for Research  No single solution or standard for device pairing  Too many solutions  Entering pins (e.g. Bluetooth devices) and passwords (e.g. WEP/WPA)  Comparing two audible sequences  Exchanging cryptographic material through the use of pure audio  Verifying hashes of public keys  Moving around and/or shaking devices together  Comparing ‘Blinking’ pattern and ‘Beeping’ sequence  Using SMS messages  Button presses, etc

presented by gcwang Summary and Future Directions for Research  Pairing protocols vary in the:  Strength of their security  The level of required user intervention  Their susceptibility to environmental conditions  Required physical capabilities of the devices  Required proximity between the devices  Majority of the users are non-technical  Difficult to remember the different kinds of steps for establishing secure channel in varying situations and scenarios

presented by gcwang Summary and Future Directions for Research  We need to:  Investigate ways of integrating different pairing protocols within a general architecture for providing secure and usable pairing mechanisms for a large set of ad hoc scenarios  Integrate discovery mechanism into pairing schemes  Design and develop new tools that can be used to evaluate the existing as well as new pairing schemes