Device(-to-Device) Authentication Nitesh Saxena Polytechnic University.

Slides:



Advertisements
Similar presentations
Usable Bootstrapping of Secure Ad Hoc Communication Ersin Uzun PARC 1.
Advertisements

Contents Different O.S. and platforms. Different programming languages. Possibilities for mobiles. GPS, digital compass, accelerometer,… Augmented reality.
Daniel Bichler Page 1 Security and Privacy in Pervasive Computing Environments PhD project –Infineon AIM SC D TD, Munich –Started on
Hash Function. What are hash functions? Just a method of compressing strings – E.g., H : {0,1}*  {0,1} 160 – Input is called “message”, output is “digest”
Secure In-Band Wireless Pairing Shyamnath Gollakota Nabeel Ahmed Nickolai Zeldovich Dina Katabi.
© Paradigm Publishing, Inc. 2-1 Chapter 2 Input and Processing Chapter 2 Input and Processing.
Presentation by: Serena, Ann & Nicole
Tight Bounds for Unconditional Authentication Protocols in the Moni Naor Gil Segev Adam Smith Weizmann Institute of Science Israel Modeland Shared KeyManual.
Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig Carnegie Mellon University Message-In-a-Bottle: User-Friendly and Secure Cryptographic Key Deployment.
Essential Introduction to Computers. What is a Computer? An electronic device, operating under the control of instructions stored in its own memory, that.
COMPUTER CONCEPTS Computer Information Systems. COURSE COMPETENCIES Explain the functions of computer system components. Describe the information processing.
09/23/05 1/27 Usable Security Bluetooth Pairing Nitesh Saxena Polytechnic University.
Device(-to-Device) Authentication Nitesh Saxena Polytechnic Institute of NYU.
Device-to-Device Authentication Nitesh Saxena Polytechnic Institue of NYU.
SOUPS July 24, 2008 Universal Device Pairing using an Auxiliary Device Nitesh Saxena, Md. Borhan Uddin and Jonathan Voris Polytechnic Institute of New.
Computer Parts There are many parts that work together to make a computer work.
Adapted from CTAE Resources Network PROFITT Curriculum Basic Computer Skills Module 1 Hardware.
Parts of a Computer.
Introduction ‘Have you ever played video games before? Look at the joystick movement. When you move the joystick to the left, the plane on the TV screen.
Microcontroller: Introduction
Seeing-Is-Believing: Using Camera Phones for Human- Verifiable Authentication Jonathan M. McCune Adrian Perrig Michael K. Reiter Carnegie Mellon University.
Seeing-Is-Believing: using camera phones for human-verifiable authentication Jonathan M. McCune, Adrian Perrig and Michael K. Reiter Int. J. Security and.
Bluetooth Network Prepared By: Sara Ayad Aldehany.
8. INPUT, OUTPUT and storage DEVICES i/o units
COMPONENTS OF THE SYSTEM UNIT
Wireless Networking 102.
Physical Contact in Ad-Hoc Wireless Network Nie Pin
Information Systems and Internet Security (ISIS) Lab Research overview and some recent projects Nasir Memon Polytechnic Institute of NYU.
   Input Devices Main Memory Backing Storage PROCESSOR
Microsoft Office 2010 Introduction to Computers and How to Purchase Computers and Mobile Devices.
1/46 SPIES: Security and Privacy In Emerging computing and networking Systems Nitesh Saxena Polytechnic Institute of NYU
GENERAL COMPUTER Jeopardy ABCDE Points A What is this? Go back.
SECURE DEVICE ASSOCIATION: TRENDS AND ISSUES Presenter Gicheol Wang Yasir Arfat Malkani, Dan Chalmers, and Ian Wakeman.
Lecture 12.1: User-Enabled Device Authentication CS 436/636/736 Spring 2013 Nitesh Saxena.
Lecture 8: User-Enabled Device Authentication CS 436/636/736 Spring 2014 Nitesh Saxena.
© Paradigm Publishing Inc. 2-1 Chapter 2 Input and Processing.
Lecture 12.1: User-Enabled Device Authentication - I CS 436/636/736 Spring 2012 Nitesh Saxena.
An Overview of Using Computers
1 Low-cost Manufacturing, Usability, and Security: An Analysis of Bluetooth Simple Pairing and Wi-Fi Protected Setup Cynthia KuoCarnegie Mellon University.
Introduction to the Computer System. What is a computer ? A computer is an electronic device that can accept data and instruction, process them or store.
July 24, 2008 SOUPS 2008 Universal Device Pairing using an Auxiliary Device Nitesh Saxena, Md. Borhan Uddin and Jonathan Voris Polytechnic Institute of.
Microsoft Office 2007 Essential Introduction to Computers.
Distributed systems – Part 2  Bluetooth 4 Anila Mjeda.
Integrity-regions: Authentication Through Presence in Wireless Networks Srdjan Čapkun 1 and Mario Čagalj 2 1 Department of Computer Science, ETH Zurich.
© Paradigm Publishing Inc. 2-1 Chapter 2 Input and Processing.
Center for Cyber-Security and Privacy1 Loud And Clear Security Michael T. Goodrich, Michael Sirivianos, John Solis, Gene Tsudik and Ersin Uzun.
Lecture 12.2: User-Enabled Device Authentication II CS 436/636/736 Spring 2012 Nitesh Saxena.
TOOLS FOR COLLECTING Robbie Brender Nicole Wirkerman.
Secure Pairing of Wireless Devices by Multiple Antenna Diversity Liang Cai University of California, Davis Joint work with Kai Zeng, Hao Chen, Prasant.
발표자 : 현근수 Bluetooth. Overview wireless protocol short-range communications technology single digital wireless protocol connecting multiple devices mobile.
Focus On Bluetooth Security Presented by Kanij Fatema Sharme.
Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication McCune, J.M., Perrig, A., Reiter, M.K IEEE Symposium on Security and.
Research Overview Nitesh Saxena Research areas: computer and network security, applied cryptography.
By Noordiana Kasim. MODERN I/O DEVICES 1. PRINTER 2. MONITOR 3. KEYBOARD 4. AUDIO SPEAKER 5. DVD DRIVE.
Lecture 8: Usable Security: User-Enabled Device Authentication CS 436/636/736 Spring 2015 Nitesh Saxena.
PARTS OF A COMPUTER 2 Hardware Computer Hardware is any of the physical parts of the computer you can touch. There are 4 categories: 1. Input Devices.
REST OF THE COMPUTER BEFORE THE INTERNET. Understand Your Computer  Bit  Binary digit  0 or 1  Byte  8 bits  Unique combinations of 8 bits of 0s.
Digital Literacy: Computer Basics
1 CHAPTER 2 Hardware. 2 CPU : Central Processing Unit -Every PC system unit contains at least one chip called microprocessor (cpu) attached on motherboard.
Voice Controlled Home Automation System Group 13 Zhe Gong Hongchuan Li.
Computer Basics Just How Does a Computer Work?
Development of a Bluetooth based web camera module.
Introduction to Computers
Computer Information Systems
Wireless Technologies
Computer Basics: Parts of a Computer? Part I
Technology Literacy Hardware.
William Claycomb and Dongwan Shin
CSCI1600: Embedded and Real Time Software
CSCI1600: Embedded and Real Time Software
Presentation transcript:

Device(-to-Device) Authentication Nitesh Saxena Polytechnic University

The Problem: “Pairing” How to bootstrap secure communication between Alice’s and Bob’s devices when they have  no prior context  no common trusted CA or TTP Examples (single user setting)  Pairing a bluetooth cell phone with a headset  Pairing a WiFi laptop with an access point

PIN-based Bluetooth Pairing

Authentication 1 2

(In)Security of PIN-based Pairing Long believed to be insecure for short PINs  Why? First to demonstrate this insecurity; Shaked and Wool [Mobisys’05]

Attack Implementation Coded in C on linux platform  Given a piece of code for SAFER algorithm, implemented the encryption functions E 22, E 21, E 1 Hardware for sniffing: bluetooth packet analyzer with windows software Log Parser (in perl): reads the sniffer log, and parse it to grab IN_RAND, RAND_A \xor K init, RAND_B \xor K init, AU_RAND_A, AU_RAND_B, SRES

Timing Measurements of Attack Theoretically: O(10^L), with decimal digits  Assuming the PINs are chosen uniformly at random Empirically, on a PIII 700MHz machine: No. of digits in PIN (L) CPU time (sec)

Timing of Attack and User Issues ASCII PINs: O(90^L), assuming there are 90 ascii characters that can be typed on a mobile phone  Assuming random pins However, in practice the actual space will be quite small  Users choose weak PINs;  User find it hard to type in ascii characters on mobile devices Another problem: shoulder surfing (manual or automated)

The Problem: “Pairing” Idea  make use of a physical channel between devices  with least involvement from Alice and Bob Authenticated: Audio, Visual, Tactile

Seeing-is-Believing (McCune et al. [Oakland’05]) Protocol ( Balfanz, et al. [NDSS’02] ) AB pk A pk B H(pk A ) H(pk B ) Insecure Channel Rohs, Gfeller [PervComp’04] Secure if  H(.) weak CR 80-bit for permanent 48-bit for ephemeral Authenticated Channel

Challenges OOB channels are low-bandwidth! One of the device might not have a receiver! Neither has a receiver and only one has a good quality transmitter  (Non-)Universality! [Usability Evalutation!] Protocols might be slow – multiple executions! Multiple devices – scalability!

Challenges OOB channels are low-bandwidth! One of the device might not have a receiver! One of the device might not have a receiver! Neither has a receiver and only one has a good quality transmitter Neither has a receiver and only one has a good quality transmitter  (Non-)Universality! Usability! Usability! Protocols might be slow – multiple executions! Protocols might be slow – multiple executions! Multiple devices -- scalability Multiple devices -- scalability

Protocol: Short Authenticated Strings (SAS) A B pk A,c A pk B,c B dAdA dBdB Secure (with prob k ) Insecure Channel Authenticated Channel SAS A SAS B c A,d A  comm(pk A,R A ) R A ε {0,1} k R B ε {0,1} k c B,d B  comm(pk B,R B ) SAS A = R A R B SAS B = R A R B Accept (pk B,B) if SAS B = R A R B Accept (pk B,A) if SAS A = R A R B Vaudenay [Crypto’05] R A  open(pk A,c A,d A ) R B  open(pk B,c B,d B ) Laur et al. [eprint’05] Pasini-Vaudenay [PKC’06]

Challenges OOB channels are low-bandwidth! OOB channels are low-bandwidth! One of the devices might not have a receiver!  e.g., keyboard-desktop; AP-phone Neither has a receiver and only one has a good quality transmitter Neither has a receiver and only one has a good quality transmitter  (Non-)Universality! [Usability!] [Usability!] Protocols might be slow – multiple executions! Protocols might be slow – multiple executions! Multiple devices -- scalability Multiple devices -- scalability

Unidirectional SAS (Saxena et al. [S&P’06]) A B pk A, H(R A ) pk B, R B RARA hs(R A,R B ;pk A,pk B ) Galois MAC Success/Failure Secure (with prob ) if  15-bit AU hs() Blinking-Lights Insecure Channel Authenticated Channel User I/O Muliple Blinking LEDs (Saxena-Uddin [MWNS’08])

Challenges OOB channels are low-bandwidth! OOB channels are low-bandwidth! One of the device might not have a receiver! One of the device might not have a receiver! Neither has a receiver and only one has a good quality transmitter  e.g., AP-laptop/PDA [Usability!] [Usability!] Protocols might be slow – multiple executions! Protocols might be slow – multiple executions! Multiple devices -- scalability Multiple devices -- scalability

Drawbacks with Prior Research Geared for specific pairing scenario None are universally applicable  Require hardware and interfaces not common across all devices User doesn’t know what method to use on what pair of devices  confusion! We believe: universality would immensely improve security as well as usability

A Universal Pairing Method Prasad-Saxena [ACNS’08] Use existing SAS protocols The strings transmitted by both devices over physical channel should be  the same, if everything is fine  different, if there is an attack/fault Both devices encode these strings using a pattern of  Synchronized beeping/blinking  The user acts as a reader and verifies if the two patterns are same or not

Is This Usable? Our test results are promising  Users can verify both good test cases and bad ones Blink-Blink the easiest  Very low errors (less than 5%)  Execution time ~22s Then, Beep-Blink  Very low errors with a learning instance (less than 5%)  Execution time ~15s Beep-Beep turns out error-prone

Further Improvement: Auxiliary Device Saxena et al. [SOUPS’08] Auxiliary device needs a camera and/or microphone – a smart phone Does not need to be trusted with cryptographic data Does not need to communicate with the devices A B Success/Failure

Further Improvement: Auxiliary Device Blink-Blink  ~14s (compared to 22s of manual scheme) Beep-Blink  Approximately takes as long as the same as manual scheme  No learning needed In both cases,  False negatives are eliminated  False positives are reduced It was preferred by most users

Challenges OOB channels are low-bandwidth! OOB channels are low-bandwidth! One of the device might not have a receiver! One of the device might not have a receiver! Neither has a receiver and only one has a good quality transmitter Neither has a receiver and only one has a good quality transmitter  (Non-)Universality! [Comparative Usability!] Protocols might be slow – multiple executions! Protocols might be slow – multiple executions! Multiple devices -- scalability Multiple devices -- scalability

Comparative Usability Study: Summary Kumar et al. [Pervasive’09] Manual Comparison  Numbers (Uzun et al. [USEC’06])  Spoken/Displayed Phrases L&C (Goodrich et al. [ICDCS’06])  Images (Random Arts, see  Synchronized Comparison Blink-Blink and Beep-Blink BEDA (Soriente et al. [IWSSI’07]) Automated  SiB (McCune et al. [S&P’05])  Blinking Lights (Saxena et al. [S&P’06])  Audio Transfer (HAPADEP variant) (Soriente et al. [IWSSI’07]) Automated testing framework Three-phases; over a 2 month long period Surprise:  Users don’t like automated methods: handling cameras not easy

Device/Equipment RequirementsUser Actions Pairing MethodSending DeviceReceiving Device Phase I: SetupPhase II: ExchangePhase III: OutcomeOOB Channels Resurrecting DucklingHardware port (e.g., USB) on both and extra cable Connect cable to both devices NONE Cable Talking to StrangersIR port on bothActivate IR on both & find /align IR ports NONE IR Visual Comparison: Image, Number or Phrase Display + user-input on bothNONECompare two images, or two numbers, or two phrases Abort or accept on both devices Visual Seeing is Believing (SiB) Display + user-input Photo camera + user-output Activate photo mode on receiving device Align camera on receiving device with displayed barcode on sending device, take picture Abort or accept on sending device based receiving device decision Visual Blinking Lights LED + user-input User-output + Light detector or video camera Activate light detector or set video mode on receiving device Initiate transmittal of OOB data by sending device Abort or accept on sending device based receiving device decision Visual Loud & Clear  Display-Speaker  Speaker-Speaker User-input on both +  display on one & speaker on other, or  speaker on both NONE Compare: two vocalizations, or display with vocalization Abort or accept on both devices  Audio, or  audio + visual Button-Enabled (BEDA)  Vibrate-Button  LED-Button  Beep-Button User input +  vibration, or  LED, or  beeper User output + One button +Touch or hold both devices For each signal (display, sound or vibration) by sending device, press a button on receiving device Abort or accept on sending device based receiving device decision  Tactile, or  Visual + tactile, or  Audio + tactile Button-Enabled (BEDA)  Button-Button One button on both + user-output on oneTouch or hold both devices Simultaneously press buttons on both devices; wait a short time, repeat, until output signal NONE (unless synch. error) Tactile Copy–and-Confirm Display + user-input Keypad + user-outputNONE Enter value displayed by sending device into receiving device Abort or accept on sending device based on receiving device decision Visual Choose-and-EnterUser input on both devices NONE Select “random” value and enter it into each device NONE (unless synch. Error) Tactile Audio Pairing (HAPADEP) Speaker + user-input Microphone + user-output NONE Wait for signal from receiving device. Abort or accept on sending deviceAudio Audio/Visual Synch.  Beep-Beep  Blink-Blink  Blink-Beep User-input on both +  Beeper on each, or,  LED on each, or  Beeper on one & LED on other NONE Monitor synchronized:  beeping, or  blinking, or  beeping & blinking Abort on both devices if no synchrony  Visual, or  Audio, or  Audio + visual Smart-its-Friends, Shake-Well-Before-Use 2-axis accelerometers on both + user-output on one Hold both devicesShake/twirl devices together, until output signal NONE (unless synch. error) Tactile + motion

Comparative Usability Study: Time

Comparative Usability Study: Ease-of-Use

Comparative Usability Study: Preference

Challenges OOB channels are low-bandwidth! OOB channels are low-bandwidth! One of the device might not have a receiver! One of the device might not have a receiver! Neither has a receiver and only one has a good quality transmitter Neither has a receiver and only one has a good quality transmitter  (Non-)Universality! [Usability!] [Usability!] Protocols might be slow – multiple executions! Protocols might be slow – multiple executions! Multiple devices – scalability  Bootstrapping key pre-distribution on sensors

Sensor Network Initialization Saxena-Uddin [Submitted’08]

Sensor Network Initialization 16 sensors with three LEDs each

Sensor Network Initialization

Other open questions? Pairing using color comparison Two-user setting Group-setting Rushing User?

References Some of them on my publications page