Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony.

Slides:

Advertisements

Similar presentations

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

Advertisements

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

1 Security in Wireless Protocols Bluetooth, , ZigBee.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

NFC Security What is NFC? NFC Possible Security Attacks. NFC Security Attacks Countermeasures. Conclusion. References.

CSC 774 Advanced Network Security

Technical Issues Regarding Near Field Communication Group 16 Tyler Swofford Matthew Kotan.

1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.

Secure In-Band Wireless Pairing Shyamnath Gollakota Nabeel Ahmed Nickolai Zeldovich Dina Katabi.

Tight Bounds for Unconditional Authentication Protocols in the Moni Naor Gil Segev Adam Smith Weizmann Institute of Science Israel Modeland Shared KeyManual.

Digital Signatures and Hash Functions. Digital Signatures.

More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Wireless Security.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

1 Wireless LAN Security Presented by Vikrant Karan.

EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

Security Risks for Ad Hoc Networks and how they can be alleviated By: Jones Olaiya Ogunduyilemi Supervisor: Jens Christian Godskesen © Dec

Can we get Wi-Fi connectivity for 15 µW? Bryce Kellogg.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.

CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.

1 Authentication Protocols Celia Li Computer Science and Engineering York University.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Network and WiFi By: Clara-Hannah S., Amelia H., and Margot d’I.

Topic 6 – Wireless Technology and handheld devices 1)TechMed scenario covers The uses of wireless technologies and handheld devices In the scenario: “Some.

IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.

Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

Presented by: Arpit Jain Guided by: Prof. D.B. Phatak.

SafeSlinger Easy-to-Use and Secure Public-Key Exchange Michael Farb (CMU), Yue-Hsun Lin (CMU), Tiffany Hyun-Jin Kim (CMU), Jonathan McCune (Google), Adrian.

Computer Networks. Network Connections Ethernet Networks Single wire (or bus) runs to all machines Any computer can send info to another computer Header.

Network Security – Part 2 (Continued) Lecture Notes for May 8, 2006 V.T. Raja, Ph.D., Oregon State University.

Wireless Communication. Learning Objectives: By the end of this topic you should be able to: describe wireless communication methods, describe wireless.

Wireless or wired connection of the technician’s smartphone to Cable Ties network.

Leveraging Channel Diversity for Key Establishment in Wireless Sensor Networks Matthew J. Miller Nitin H. Vaidya University of Illinois at Urbana-Champaign.

Wireless Communication Methods

An Analysis of Bluetooth Security

Integrity-regions: Authentication Through Presence in Wireless Networks Srdjan Čapkun 1 and Mario Čagalj 2 1 Department of Computer Science, ETH Zurich.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.

Secure Pairing of Wireless Devices by Multiple Antenna Diversity Liang Cai University of California, Davis Joint work with Kai Zeng, Hao Chen, Prasant.

Submitted By: A.Anjaneyulu INTRODUCTION Near Field Communication (NFC) is based on a short-range wireless connectivity, designed for.

Presented by: Suparita Parakarn Kinzang Wangdi Research Report Presentation Computer Network Security.

CSCE 522 Identification and Authentication. CSCE Farkas2Reading Reading for this lecture: Required: – Pfleeger: Ch. 4.5, Ch. 4.3 Kerberos – An Introduction.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

Authentication Issues and Solutions CSCI 5857: Encoding and Encryption.

Authentication. Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0: Alice says “I am Alice” Failure scenario?? “I am Alice”

Security in Near Field Communication Strengths and Weaknesses

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.

Focus On Bluetooth Security Presented by Kanij Fatema Sharme.

Adversary models in wireless security Suman Banerjee Department of Computer Sciences Wisconsin Wireless and NetworkinG Systems (WiNGS)

COEN 351 E-Commerce Security

Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.

Authentication What you know? What you have? What you are?

SEMINAR ON IP SPOOFING. IP spoofing is the creation of IP packets using forged (spoofed) source IP address. In the April 1989, AT & T Bell a lab was among.

1 Authentication Protocols Rocky K. C. Chang 9 March 2007.

CSCE 201 Identification and Authentication Fall 2015.

Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Acoustic Eavesdropping through Wireless Vibrometry University of Wisconsin – Madison, Chinese Academy of Sciences School of Electronic Information and.

By: Kevin LaMantia COSC 380.  What is Ambient Backscatter?  How it works and was designed  Potential applications of Ambient Backscatter.

Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.

1/18 Talking to Strangers: Authentication in Ad-Hoc Wireless Networks Dirk Balfanz 외 2 명 in Xerox Palo Alto Research Center Presentation: Lee Youn-ho.

Zhiqing Luo1, Wei Wang1, Jiang Xiao1,

Presentation transcript:

Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony LaMarca

Secure Spontaneous Interaction Phone + hotel room TV and keyboard Exchange of private info Phone and hands free Paying for groceries, tickets, cola

Naïve Solution Diffie-Hellman a Alice b Bob

Naïve Solution Diffie-Hellman a Alice b Bob g, g a

Naïve Solution Diffie-Hellman a Alice b K  g ab Bob g, g a

Naïve Solution Diffie-Hellman a Alice b K=g ab Bob g, g a gbgb

Naïve Solution Diffie-Hellman a K=g ba Alice b K=g ab Bob g, g a gbgb

Who is my device really communicating with? The Problem

Who is my device really communicating with? Spoofing The Problem a Alice b Bob

Who is my device really communicating with? Spoofing The Problem a Alice b Bob x X

Who is my device really communicating with? Spoofing The Problem a Alice x X

Who is my device really communicating with? Spoofing The Problem a Alice x Bob

Who is my device really communicating with? Spoofing The Problem aK=gxaaK=gxa Alice x K=g ax Bob g, g a gxgx

Who is my device really communicating with? Spoofing Man in the middle The Problem a Alice b Bob x X

Who is my device really communicating with? Spoofing Man in the middle The Problem a K 1 =g xa Alice b K 2 =g xb Bob g, g a gxgx x K 1 =g ax K 2 =g bx X g, g x gbgb

Who is my device really communicating with? Spoofing Man in the middle Solution: Ensure communication with device that is close  Assumption: attacker is not between legitimate devices The Problem a K 1 =g xa Alice b K 2 =g xb Bob g, g a gxgx x K 1 =g ax K 2 =g bx X g, g x gbgb

Existing Solutions Use a cable Use short range communication  Bluetooth  Infrared  Laser  Ultrasound  Near field communication (NFC) Ask user to verify pairing  Displaying keys  Playing music, images

Existing Solutions Use a cable Use short range communication  Bluetooth  Infrared  Laser  Ultrasound  Near field communication (NFC) Ask user to verify pairing  Displaying keys  Playing music, images BlueSniper Rifle by Flexis

Key Idea Secure pairing requires a shared secret Devices in close proximity perceive a similar radio environment Derive shared secret from common radio environment  Listen to traffic of ambient radio sources Use knowledge of common radio environment as proof of proximity

Advantages No extra hardware  Leverage radio already available on device No user involvement to verify pairing Not subject to eavesdropping  Secret derived by listening to ambient sources

Requirements on Radio Environment 1.Temporal variability Signal fluctuates randomly at a single location over time

Requirements on Radio Environment 2.Spatial variability Values at different locations have low correlation

Requirements on Radio Environment 3.Devices in proximity should perceive similar environment 5 cm 10 m 85% common pkts40% common pkts

Potential Authentication Methods Proximity-based authentication token  Diffie-Hellman  Authenticate using the token Proximity-based encryption keys  Directly from the common environment  Less CPU intensive?

Amigo: Diffie-Hellman + Proximity Token Devises monitor radio environment following Diffie-Hellman key exchange Send to each other a signature Each device verifies that signature similar to own observation  Signature does not have to remain secret after exchange is over

Signature Verification Signature: sequence of hash of packet + RSSI Segment size 1 second

Classifier 2 stage boosted binary stump classifier Stage 1: Filters noisy data  Marks as invalid instances with % of common pkts bellow threshold (75% works well) Stage 2: Assigns a score to valid instances  Function of differences in signal strength  Converts scores into votes based on threshold  Tally votes for all instances

Commitment Protocol Reveal man-in-middle attack while exchanging signatures Forces attacker to forge data Break signature S into n blocks Generate nonce Each period exchange K nonce ( Hash (K session_key ),Hash(id),s i ) Send nonce a K 1 =g xa Alice b K 2 =g xb Bob K nA (H(K 1 )H(A)S i ) x K 1 =g ax K 2 =g bx X K nB (H(K 2 )H(B)S i )

Scenario 1 : Simple Attacker 6 laptops  Friendly 5cm away  Attackers 1,3,5,10 meters WiFi – Orinoco Gold All at same height Line of sight 1m 3m 10m 5m Best case for attacker

Traces 2 traces: training and testing  2 months apart  2 different location in the lab 10 minute trace 30 – 50 thousand pkts per laptop 11 access points 45 – 58 WiFi radio sources

Simple Attacker Can pair within 5 seconds Can detect attacker 3 meters away or more 1 meter is a problem

Local Entropy: Obstacles False Positives Line-of-sight (1m)81% Drywall (10cm)100% Human (1m)12% Concrete wall (30cm)0% Human blocking attacker’s line of sight goes a long way to improve performance

Local Entropy: Movement Hand waving helps!

5 laptops  Friendly 1 m away  Attackers 3,5,10 meters All at same height Line of sight Stretching Co-Location 1m 3m 10m 5m

Stretching Co-Location

Scenario 2 : Attacker with Site Knowledge Before pairing  Attacker samples exact pairing spot  Creates RSSI distribution for every wireless source it hears While pairing  Pkts from know source  assign RSSI from distribution  Pkts from unknown source Option 1 Discard Option 2 Leave unchanged(best)

Scenario 2 : Attacker with Site Knowledge With hand waving false rate positives reaches 0 within 5 seconds

Scenario 3: “Omnipotent” Attacker Controls all radio sources  Knows which pkts were received by victim Oracle: RSSI from current distribution

Conclusions Possible to use knowledge of radio environment to prove physical proximity Advantages  No extra hardware  No user involvement to verify pairing  Not subject to eavesdropping Two potential methods  Location-based authentication token  Location-based encryption keys

Future Work System robustness  Different cards and antennas  Different environments Improve accuracy  Software radios  Multiple radios Proximity-based encryption keys

Questions? Eyal de Lara Varshavsky, Scannell, LaMarca, de Lara “Amigo: Proximity-based Authentication of Mobile Devices” 9th Int. Conference on Ubiquitous Computing (UbiComp) Innsbruck, Austria, Sep. 2007