Integrity-regions: Authentication Through Presence in Wireless Networks Srdjan Čapkun 1 and Mario Čagalj 2 1 Department of Computer Science, ETH Zurich.

Slides:

Advertisements

Similar presentations

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.

Advertisements

Usable Bootstrapping of Secure Ad Hoc Communication Ersin Uzun PARC 1.

Chris Karlof and David Wagner

Secure Location Verification with Hidden and Mobile Base Stations -TMC Apr, 2008 Srdjan Capkun, Kasper Bonne Rasmussen, Mario Cagalj, Mani Srivastava.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

Technical Issues Regarding Near Field Communication Group 16 Tyler Swofford Matthew Kotan.

Frank Stajano Presented by Patrick Davis 1.  Ubiquitous Computing ◦ Exact concept inception date is unknown ◦ Basically background computing in life.

 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.

Secure In-Band Wireless Pairing Shyamnath Gollakota Nabeel Ahmed Nickolai Zeldovich Dina Katabi.

Interlock Protocol - Akanksha Srivastava 2002A7PS589.

Tight Bounds for Unconditional Authentication Protocols in the Moni Naor Gil Segev Adam Smith Weizmann Institute of Science Israel Modeland Shared KeyManual.

Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig Carnegie Mellon University Message-In-a-Bottle: User-Friendly and Secure Cryptographic Key Deployment.

More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.

1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

LAAC: A Location-Aware Access Control Protocol YounSun Cho, Lichun Bao and Michael T. Goodrich IWUAC 2006.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

UCB Security Jean Walrand EECS. UCB Outline Threats Cryptography Basic Mechanisms Secret Key Public Key Hashing Security Systems Integrity Key Management.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

Mini-Project 2006 Secure positioning in vehicular networks based on map sharing with radars Mini-Project IC-29 Self-Organized Wireless and Sensor Networks.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Secure Localization using Dynamic Verifiers Nashad A. Safa Joint Work With S. Sarkar, R. Safavi-Naini and M.Ghaderi.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

1 Jean-Pierre Hubaux EPFL/School of Information and Communication Secure Mobility.

Key Establishment Techniques: Key Distribution and Key Agreement

Security Risks for Ad Hoc Networks and how they can be alleviated By: Jones Olaiya Ogunduyilemi Supervisor: Jens Christian Godskesen © Dec

1 Laboratory for Computer Communications and Application (LCA) Swiss Federal Institute of Technology (EPFL) Srdjan Čapkun joint work with Jean-Pierre Hubaux.

Chapter 9 Cryptographic Protocol Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

Dan Boneh Basic key exchange The Diffie-Hellman protocol Online Cryptography Course Dan Boneh.

Seeing-Is-Believing: Using Camera Phones for Human- Verifiable Authentication Jonathan M. McCune Adrian Perrig Michael K. Reiter Carnegie Mellon University.

Seeing-Is-Believing: using camera phones for human-verifiable authentication Jonathan M. McCune, Adrian Perrig and Michael K. Reiter Int. J. Security and.

Strong Password Protocols

Trusted Computing Technologies for Embedded Systems and Sensor Networks Adrian Perrig Carnegie Mellon University.

Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks Peng Ning, An Liu North Carolina State University and Wenliang Du Syracuse.

Cryptology Digital Signatures and Digital Certificates Prof. David Singer Dept. of Mathematics Case Western Reserve University.

SafeSlinger Easy-to-Use and Secure Public-Key Exchange Michael Farb (CMU), Yue-Hsun Lin (CMU), Tiffany Hyun-Jin Kim (CMU), Jonathan McCune (Google), Adrian.

Physical Contact in Ad-Hoc Wireless Network Nie Pin

Brian Padalino Sammy Lin Arnold Perez Helen Chen

How Does Topology Affect Security in Wireless Ad Hoc Networks? Ioannis Broustis CS 260 – Seminar on Network Topology.

1 Anonymous Roaming Authentication Protocol with ID-based Signatures Lih-Chyau Wuu Chi-Hsiang Hung Department of Electronic Engineering National Yunlin.

Bootstrapping Security Associations in Wireless (Sensor) Networks Mario Čagalj University of Split, FESB ACROSS, 2013.

Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony.

Using Directional Antennas to Prevent Wormhole Attacks Lingxuan HuDavid Evans Department of Computer Science University of Virginia.

Key Management in Mobile and Sensor Networks Class 17.

Providing Transparent Security Services to Sensor Networks Hamed Soroush, Mastooreh Salajegheh and Tassos Dimitriou IEEE ICC 2007 Reporter ：呂天龍 1.

Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.

SECURITY SCHEMES FOR AMI Jincheol Kim et al. – Korea – Distribution business and impact of regulation – 0845 Jincheol Kim, Seongji Ahn, Youngeok Kim Jongman.

Authors: Yih-Chun Hu, Adrian Perrig, David B. Johnson

Presented by: Suparita Parakarn Kinzang Wangdi Research Report Presentation Computer Network Security.

Security in Near Field Communication Strengths and Weaknesses

Doc.: IEEE /200 Submission September 2000 Ron Brockmann, Intersil Plug-n-Play Security in the Home & Small Business Ron Brockmann Intersil.

Focus On Bluetooth Security Presented by Kanij Fatema Sharme.

Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.

Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication McCune, J.M., Perrig, A., Reiter, M.K IEEE Symposium on Security and.

Protocol Analysis. CSCE Farkas 2 Cryptographic Protocols Two or more parties Communication over insecure network Cryptography used to achieve goal.

Interleaving and Collusion Attacks on a Dynamic Group Key Agreement Scheme for Low-Power Mobile Devices * Junghyun Nam 1, Juryon Paik 2, Jeeyeon Kim 2,

Security in Wireless Networks Mike Swift CSE b Summer 2003.

Integrating A Key Distribution Procedure Into The Digital Signature Standard B. Arazi Electronics Letters Vol. 29, No. 11, Pg May 1993 Adviser:

Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Security Review Q&A Session May 1. Outline  Class 1 Security Overview  Class 2 Security Introduction  Class 3 Advanced Security Constructions  Class.

Diffie-Hellman Key Exchange first public-key type scheme proposed by Diffie & Hellman in 1976 along with the exposition of public key concepts – note:

Secure positioning in Wireless Networks Srdjan Capkun, Jean-Pierre Hubaux IEEE Journal on Selected area in Communication Jeon, Seung.

@Yuan Xue Case Study (Mid-term question) Bob sells BatLab Software License Alice buys BatLab Credit card information Number of.

Proximity-based Access Control for Implantable Medical Devices

FTM Frame Exchange Authentication

Presentation transcript:

Integrity-regions: Authentication Through Presence in Wireless Networks Srdjan Čapkun 1 and Mario Čagalj 2 1 Department of Computer Science, ETH Zurich 2 FESB, University of Split, Croatia ACM WiSe 2006

2 Key Establishment: Diffe-Hellman g a mod p g b mod p K AB =(g b ) a mod p K AB =(g a ) b mod p Mallory Alice Bob

3 Man in the Middle Attack (MITM)

4 Solution to the MITM: Authentication of DH Contributions g a mod p A B g b mod p, sig B (g b,g a ) sig A (g a,g b ) Uses signatures... (DH contributions are authenticated) A B here are the public keys TTP

5 Our goal: Avoiding Certificates (Reliance on TTPs) g a mod p A B g b mod p A B Visual recognition, conscious establishment of keys h( g a ) h( g b )

6 Existing Solutions Stajano and Anderson propose the “resurrecting duckling” security policy model (physical contact) Balfanz et al. “location-limited channel” (e.g., an infrared link) Asokan and Ginzboorg propose a solution based on a shared password Perrig and Song, hash visualization (image comparison) Maher presents several methods to verify DH public parameters (short string comparison), found flawed by Jakobsson Jakobsson and Larsson proposed two solutions to derive a strong key from a shared weak key Dohrmann and Ellison propose a method for key verification that is similar to DH-SC (short word comparison) Gehrmann et al., (short string comparison) Goodrich et al. Loud And Clear: Human Verifiable Authentication Based on Audio Cagalj et al. (short string comparison (1/2 string size)) Capkun, et al. key establishment for self-organized mobile networks (IR channel, mobility) Castellucia, Mutaf (device signal indistinguishability) Cagalj, Capkun, Hubaux, distance-based verification, channel anti- blocking Cagalj, Capkun,... Integrity-codes (awareness of presence)

7 The Seriousness of the MITM Attack Devices using low-power radios can avoid it? –not all radios can control their tx power –the ranges are highly unpredictable –the attacker can use high-gain directional antennas and increase its listening range up to 10x –neighboring/hidden devices I will establish keys in my own living room, I do not need security... –maybe your neighbor steals your dvd UWB output? –you meet someone at a conference... –ad hoc groups of emergency staff, police,... –... –yes, you probably do not need any security in your living room

8 Our Solution: Integrity-regions Main idea: message authentication through distance verification (e.g. ultrasonic distance-bounding) Assumption: the user can assume or visually verify that there are no malicious devices within the integrity region No certificates or preshared keys exchanged prior to the protocol execution

9 Integrity Region Protocol A B d M A’s integrity region d* (c,o) = commit(g b ) c,B d*=(t R -t S )v sound [1] verify (c,o) [2] verify that d* is within its (A's) integrity region d (i.e., d*  d) [3] verify that there are no devices at any distance d**  d* [4] if verifications (1-3) pass, A accepts message g b as genuine NA  oNA  o US channel tRtR NANA tStS

10 Diffie-Hellman with Integrity Regions Given g a Pick N A, N A  U {0,1} k m A  0  g a  N A (c A,o A )  commit (m A ) AliceBob * Given g b Pick N B  U {0,1} k m B  1  g b  N B (c B,o B )  commit (m B ) cAcA cBcB oBoB m B  open (c B,o B ) Verify 1 in m B s A  N A  N B oAoA m A  open (c A,o A ) Verify 0 in m A s B  N B  N A * R B  N A  s B NANA RBRB tStS tRtR d A =(t R -t S )v sound Verify s A = N A  R B * * Only Alice verifies her integrity region. If verification OK, Alice and Bob accept m B and m A, respectively.

11 Analysis of the Implementation with Ultrasound A B d M A’s integrity region d* c,B NA  oNA  o US channel tRtR NANA tStS (c,o) = commit(g b ) (c*,o*) = commit(g m ) c*,B N A  o*

12 Main Consequence of Integrity Regions Forcing the attacker to be physically close to the devices to perform the MITM attack. without integrity regions with integrity regions

13 Integrity-regions with (Omni)directional Antennas

14 Example Application Scenarios Setup of wireless sensor networks (establishment of keys) no attackers in this space (sensors’ I-region) Setup of a home network

15 Summary/Future Work Physical presence of the attacker (i.e., the attacker cannot be omnipresent (physically)) Honest devices (users) can have an awareness of presence (distance, space, surrounding devices) One solution: Integrity regions, message authentication through distance verification Impact on (mobile) ad hoc / sensor networks: –verification of the distance prevents MITM attacks on key establishment from remote locations –enables P2P key establishment / key pairing

16 Authentication Through Presence (Awareness) M. Čagalj, S. Čapkun, R. Rengaswamy, I.Tsigkogiannis, M. Srivastava, and J.-P. Hubaux. Integrity (I) codes: Message Integrity Protection and Authentication Over Insecure Channels. In Proceedings of the IEEE Symposium on Security and Privacy, 2006 M. Čagalj, S. Čapkun, and J.-P. Hubaux, Key Agreement in Peer-to-Peer Wireless Networks Proceedings of the IEEE (Special Issue on Security and Cryptography), 94(2), 2006