Presentation is loading. Please wait.

Presentation is loading. Please wait.

Markus Miettinen N. Asokan Thien Duc Nguyen

Published byGabriel Curtis Modified over 6 years ago

Similar presentations

Presentation on theme: "Markus Miettinen N. Asokan Thien Duc Nguyen"— Presentation transcript:

1 Context-Based Zero-Interaction Pairing and Key Evolution for Advanced Personal Devices
Markus Miettinen N. Asokan Thien Duc Nguyen Ahmad-Reza Sadeghi Majid Sobhani Presented by Xiaopeng Li

2 Overview Introduction Problem and Assumptions Strategy
Implementation and Evaluation Security Analysis Conclusion

3 Introduction Two emerging classes of personal devices: Internet-of-Things (IoT) applications and wearables. IoT devices include Nest smoke detectors and thermostats, the Oral-B toothbrush and the Spotter smart home sensors. Similarly, new wearable devices include wristbands used for activity monitoring, augmented reality gadgets like the Google Glass, smart watch devices (e.g. Samsung Galaxy Gear) and many more.

4 Introduction Focus on Pairing for Personal Devices
Pairing means the process of setting up a shared security association (e.g. a shared symmetric key) between the devices. Traditional approaches for key agreement between personal devices relay on some form of active user involvement to authenticate pairing. For example, the user may be asked to compare authentication strings displayed on the devices. Relying on user involvement to authenticate pairing is cumbersome. The goal of this paper is to develop an secure approach for zero-interaction paring that is suitable for IoT and wearable device scenarios.

5 Problem & Assumptions Several Terms
Correct Peers: Pairing must be established only between the devices belonging to the same user. Wrong Peers: Conversely devices owned by other users are wrong peers. The security goal is to ensure that only a pairing between correct peers is accepted as genuine.

6 Problem & Assumptions Focus on two scenarios: IoT scenario and wearable scenario. Two apartments. Assume that all devices are able to communicate with one another. d1 and d2 in the user’s home should establish a secure pairing without user interaction, while making sure that a trusted pairing is not erroneously established with device A.

7 Problem & Assumptions wearable scenario
The user has a smartphone d1 and a smart watch d2, turns it on and starts using it. The newly activated smart watch d2 actively searches for smartphones nearby and establishes an initial pairing with all such devices. Similarly d1 will accepts any initial pairing from any wearable device that contacts it. The two devices accept the pairing key when they have sufficient confidence in the authenticity of each other.

8 Problem & Assumptions Assumptions
The adversary A can be be benign or malicious , just trying to pair with other devices it can discover in its proximity. The wrong peer A is permanently near device d1 and can communicate with it over a wireless link. In the wearable device scenario, the adversary A is either a malicious attacker trying to play a man in the middle attack on the user and his wearable device, or it could be just someone else’s device searching for its own peer device. We assume that A is from time to time present in the same context as d1. However, A is not able to follow the user constantly.

9 Problem & Assumptions Objective
Authentication: User devices securely establish authenticated pairing with the correct peer devices, i.e. a user’s device d1 accepts a pairing with d2 iff d1 and d2 are owned by the same user. Authenticated pairings are not established with wrong peers A. Zero-interaction: The pairing must happen without user interaction.

10 Strategy One-shot context-based pairing does not work!!!
One of existing zero-interaction pairing solutions is context-based pairing. This approach leverage the fact that co-present devices will perceive roughly the same ambient context via their on-board sensors – thus each device takes a snapshot of its ambient context and use the resulting “context fingerprint ” to authenticate key agreement. Drawbacks: 1. It imposes strict requirements on the fingerprinting technique such as the need for tight time synchronization between devices. 2. Momentary co-presence of two devices does not always imply that the devices belong to the same user. The adversary might very well be present. One-shot context-based pairing does not work!!!

11 Strategy Proposed Context-based key evolution approach
Assumption 1 - the adversary cannot continuously share the same context with user devices; Assumption 2 - two devices that have established an initial pairing can utilize the common information about their ambient context observed over time to iteratively evolve their pairing key. With each successful iteration, the belief in the authenticity of the counterpart is increased.

12 Strategy The approach utilizes three conceptual components: key evolution, key confirmation and key acceptance. When d1 and d2 encounter each other for the first time, they establish an initial pairing key This initial key agreement is unauthenticated. Key evolution requires a fuzzy commitment scheme that is able to transform a secret value s into a commitment.

13 Strategy Key confirmation
To determine whether the key evolution was successful, both devices calculate candidate pairing keys by using a key derivation function KDF applied on the old pairing key and the key evolution diversifier, i.e. Kr or Kr’, respectively.

14 Strategy Key Acceptance
To determine whether a pairing counterpart is correct or a wrong peer, this paper applies the following strategy: since A has limited ability to continuously monitor the context of a target device d1, it is likely that A will fail in key evolution much more often than a correct peer d2. By keeping track of the number of successful key evolutions each pairing counterpart is able to follow, it becomes therefore possible to distinguish the correct peer d2 from wrong peer A.

15 Strategy Key Acceptance
To distinguish different devices from each other, the authors assign a key chain identifier for each device d. X is the identity that d claims to represent. X = user. Dx denotes the the set of all devices d claiming identity X.

16 Strategy Key Acceptance

17 Implementation & Evaluation
To analyze the feasibility of the proposed strategy, the authors performed several experiments in different contexts investigating how similar fingerprints extracted from ambient luminosity and noise levels are in real contextual settings. The authors set up two scenarios for the experiments: IoT device pairing scenario – a static placement of the test devices Wearable device scenario – test persons carried the data collection devices with them

18 Implementation & Evaluation
IoT scenario – experiment results

19 Implementation & Evaluation
Wearable device scenario – experiment results Two alternative settings: a ’smart watch’ scenario, in which one device plays the role of a smart watch, and the other device is used like a regular smartphone. The other, ’cycling’ scenario, simulates the use of wearable devices as fitness gadgets. Smart watch (only light sensor) - collected traces from co-located devices carried by test persons in a number of mobile and static contexts: walking, in public transport, as well as stays in the home and office contexts. The similarity of fingerprints from the co-located devices was relatively high, 92.6 % on average (minimum 87.3 %, maximum 96.7 %). This provides a good basis for successful key evolution between the co-located devices.

20 Implementation & Evaluation
Wearable device scenario – experiment results ’cycling’ scenario - simulates the use of wearable devices as fitness gadgets. For the cycling scenario we collected 10 traces of con- text measurements captured along a back-and-forth journey on a fixed route of approximately 10 miles. The similarity between the fingerprints of the co-located devices d1 and d2 was on the average 68.6 % for luminosity-based fingerprints (minimum 62.8 %, maximum 74.5 %) and 65.9 % for audio-based fingerprints (minimum 63.6 %, maximum 67.1 %).

21 Security Analysis

22 Security Analysis Attacker not in Same Context as Target
According to Def. 1, the authenticity rating of the correct peer d2 will be higher, if it has performed more successful key evolution steps than the attacker A. Since A has limited ability to be continuously in the same context with the target, it is clear that the attacker will perform less successful key evolution steps, and will not succeed in getting his pairing accepted as genuine.

23 Security Analysis Attacker not in Same Context as Target Random Guess
This paper defines the fingerprint bit corresponding to each snapshot during the key evolution period.

24 Security Analysis Attacker not in Same Context as Target
Profiling-Based Guess An improvement to Random Guess would be to use profiled information about the fingerprint bits to improve A’s chance to fabricate valid fingerprints It turns out that fingerprints with very low surprisal values cannot resist such attacks. The authors add an additional requirement to thwart these attacks: only fingerprints having sufficient total surprisal may be taken into account when evaluating authenticity ratings. What is surprisal

25 Security Analysis Attacker not in Same Context as Target
Use of Partial Information The attacker A may be in the position to utilize partial information about the context fingerprint of the target device d1. Such partial information may be available to the attacker based on the fact that the contextual separation between the attacker’s context and the target context is not complete. If one looks at the bit similarities of adversarial devices to the co-located ones, we can see that the attacker devices share ca. 65 – 85% of common bits, depending on the placement of the attacker devices. The partial information plays therefore in the attacker’s favor. Based on the authors’ analysis, even the attacker shares 85% common fingerprint bits, guessing correct fingerprints will still be excessively difficult for the attacker as long as the used fingerprints are long enough.

26 Conclusion The authors have presented a novel key evolution approach for pairing personal IoT and wearable devices. The approach builds on a robust scheme for extracting shared entropy from the ambient context of such devices. They have also evaluated the approach based on experiments with luminosity and ambient noise in a number of different environments.

27 Thank you !

Download ppt "Markus Miettinen N. Asokan Thien Duc Nguyen"

Similar presentations

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
I have a DREAM! (DiffeRentially privatE smArt Metering) Gergely Acs and Claude Castelluccia {gergely.acs, INRIA 2011.

I have a DREAM! (DiffeRentially privatE smArt Metering) Gergely Acs and Claude Castelluccia {gergely.acs, INRIA 2011.
Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL 6788 11.

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL
Planning under Uncertainty

Planning under Uncertainty
Federated Authentication mechanism for mobile services Dasun Weerasinghe, Saritha Arunkumar, M Rajarajan, Veselin Rakocevic Mobile Networks Research Group.

Federated Authentication mechanism for mobile services Dasun Weerasinghe, Saritha Arunkumar, M Rajarajan, Veselin Rakocevic Mobile Networks Research Group.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
Security Models for Trusting Network Appliances From : IEEE ( 2002 ) Author : Colin English, Paddy Nixon Sotirios Terzis, Andrew McGettrick Helen Lowe.

Security Models for Trusting Network Appliances From : IEEE ( 2002 ) Author : Colin English, Paddy Nixon Sotirios Terzis, Andrew McGettrick Helen Lowe.
1 Validation and Verification of Simulation Models.

1 Validation and Verification of Simulation Models.
1 Validation & Verification Chapter 10. 2 VALIDATION & VERIFICATION Very Difficult Very Important Conceptually distinct, but performed simultaneously.

1 Validation & Verification Chapter VALIDATION & VERIFICATION Very Difficult Very Important Conceptually distinct, but performed simultaneously.
Linear Fault Analysis of Block Ciphers Zhiqiang Liu 1, Dawu Gu 1, Ya Liu 1, Wei Li 2 1. Shanghai Jiao Tong University 2. Donghua University ACNS 2012 June.

Linear Fault Analysis of Block Ciphers Zhiqiang Liu 1, Dawu Gu 1, Ya Liu 1, Wei Li 2 1. Shanghai Jiao Tong University 2. Donghua University ACNS 2012 June.
Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin

Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
REECH ME: Regional Energy Efficient Cluster Heads based on Maximum Energy Routing Protocol Prepared by: Arslan Haider. 1.

REECH ME: Regional Energy Efficient Cluster Heads based on Maximum Energy Routing Protocol Prepared by: Arslan Haider. 1.
Wireless communications and mobile computing conference, p.p. 731 - 1736, July 2011.

Wireless communications and mobile computing conference, p.p , July 2011.
A paper by: Paul Kocher, Joshua Jaffe, and Benjamin Jun Presentation by: Michelle Dickson.

A paper by: Paul Kocher, Joshua Jaffe, and Benjamin Jun Presentation by: Michelle Dickson.
Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.

Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.
Bloom Cookies: Web Search Personalization without User Tracking Authors: Nitesh Mor, Oriana Riva, Suman Nath, and John Kubiatowicz Presented by Ben Summers.

Bloom Cookies: Web Search Personalization without User Tracking Authors: Nitesh Mor, Oriana Riva, Suman Nath, and John Kubiatowicz Presented by Ben Summers.
Chance Constrained Robust Energy Efficiency in Cognitive Radio Networks with Channel Uncertainty Yongjun Xu and Xiaohui Zhao College of Communication Engineering,

Chance Constrained Robust Energy Efficiency in Cognitive Radio Networks with Channel Uncertainty Yongjun Xu and Xiaohui Zhao College of Communication Engineering,
-Internet On Road. INTRODUCTION Driving means constantly changing location. This, in turn, means a constant demand for information on the current location.

-Internet On Road. INTRODUCTION Driving means constantly changing location. This, in turn, means a constant demand for information on the current location.

Similar presentations

Ads by Google