Presentation is loading. Please wait.

Presentation is loading. Please wait.

1/46 SPIES: Security and Privacy In Emerging computing and networking Systems Nitesh Saxena Polytechnic Institute of NYU

Published byTheodora Black Modified over 9 years ago

Similar presentations

Presentation on theme: "1/46 SPIES: Security and Privacy In Emerging computing and networking Systems Nitesh Saxena Polytechnic Institute of NYU"— Presentation transcript:

1 1/46 SPIES: Security and Privacy In Emerging computing and networking Systems Nitesh Saxena Polytechnic Institute of NYU nsaxena@poly.edu http://spies.poly.edu/~nsaxena Research areas: computer and network security, applied cryptography

2 2/46 Research Overview

3 3/46 Secure Device Association

4 4/46 Secure Association of Wireless Devices How to bootstrap secure communication between Alice’s and Bob’s devices when they have  no prior context  no common trusted CA or TTP

5 5/46 Secure Association of Wireless Devices Common pairing examples:  Cell-phone  headset (bluetooth)  Laptop  access point (WiFi)  Cell-phone  cell-phone (bluetooth)

6 6/46 Secure Association of Wireless Devices Solution idea:  use auxiliary or out-of-band (OOB) channel  with minimal involvement from Alice and Bob Audio, Visual, Tactile

7 7/46 Research Challenges OOB channels are low-bandwidth Devices may be constrained in terms of interfaces User is constrained - Usability Multiple devices/users  Sensor network initialization  Group formation Ohh! I cannot even pair my socks! Selected contributions: TIFS’11, TMC’11, CHI’10, CCS’10, Ubicomp’10, SCN’10, PMC’09, Percom’09, SOUPS’08, Oakland’06

8 8/46 RFID Security and Privacy

9 9/46 The Privacy Problem Good tags, Bad readers 500 Euros in wallet Serial numbers: 597387,389473… Wig model #4456 (cheap polyester) 30 items of lingerie Das Kapital and Communist- party handbook Viagra medical drug #459382

10 10/46 The Authentication Problem Good readers, Bad tags 500 Euros in wallet Serial numbers: 597387,389473… Wig model #4456 (cheap polyester) 30 items of lingerie Das Kapital and Communist- party handbook Viagra medical drug #459382 Counterfeit!!

11 11/46 Relay (Ghost-and-Leech) Attacks query response

12 12/46 Research Challenges Very limited resources  a $0.03 tag can’t do much computationally  only and-or-xor operations might be feasible  has only ~2,000 gates for security operations  few bits to few bytes of memory No user interfaces Atypical usage model Selected contributions: Percom’11, JCS’10, CCS’10, RFIDSec’10, RFIDSec’09, RFIDSec’09

13 13/46 Other Projects Strong Password Authentication Password-Protected Secret Sharing and Distributed Function Computation Privacy of Web and Location-based Search Security and Privacy of P2P Systems Inference of Private Attributes in Online Social Networks Playful Security Security and Privacy of Medical Devices Selected contributions: Percom’11, AsiaCCS’11, TIFS’10, TIFS’09, T PDS’09, P2P’10, PETS’10, FC’10, ACNS’06, ICNP’05, TCC’05, SASN’05, S ASN’04

14 14/46 On Pairing Constrained Wireless Devices Based on Secrecy of Auxiliary Channels: The Case of Acoustic Eavesdropping ACM Conference on Computer and Communications Security (CCS), October 2010

15 15/46 Recall: The "Pairing" Problem Solution idea  use auxiliary = out-of-band (OOB) channels  with minimal involvement from Alice and Bob Audio; Visual; Tactile

16 16/46 Examples: Manual Transfer (numbers – Uzun et al. [Usec’07]) Automated Transfer (barcode-camera – McCune et al. [Oakland’05]) SAS B A Pairing using Authenticated OOB (A-OOB) B SAS B SAS A PK A PK B Short Authenticated Strings (SAS) Protocols Vaudenay [Crypto’05]; Nyberg-Laur [CANS’06] Pasini-Vaudenay [CT-RSA’08]; Jarecki-Saxena [SCN’10]

17 17/46 Recall: Constrained Devices Devices with constrained interfaces and resources Headsets Access points RFID tags Medical implants (no physical access) … Many common pairing scenarios involve one constrained device

18 18/46 A-OOB Pairing: Constrained Devices SAS B A B SAS A PK A PK B

19 19/46 A-OOB Pairing: Constrained Devices Difficult and prone to fatal human errors (Kumar et al. [Percom’09]) b A B b = (SAS B = = SAS A ) SAS A PK A PK B Saxena et al. [Oakland’05]

20 20/46 A Pairing using Authenticated and Secret OOB (AS-OOB) B K Unidirectional OOB No fatal human errors Simple: no crypto

21 21/46 A Pairing using Authenticated and Secret OOB (AS-OOB) B PAKA Password/P IN Unidirectional OOB No fatal human errors

22 22/46 Focus of Our Work We examine three AS-OOB pairing methods based on low-volume audio signals require device vibration and/or button clicks generate acoustic emanations as by-product Can an attacker recover the underlying OOB data (key or password) via acoustic eavesdropping?

23 23/46 Related Work Keyboard acoustic emanations used to detect key presses (Asonov-Agrawal [Oakland’04]) Follow-up work by Zhuang et al. [CCS’05] and Berger et al. [CCS’06] Inference of CPU activities through acoustic emanations (Shamir-Tromer)

24 24/46 Our Contributions First paper to explore AS-OOB pairing security based on acoustic emanations In general, observation attacks on pairing Consider realistic settings: eavesdropping from 2-3 ft distance Allows an eavesdropper to place a microphone next to the device(s) Farther eavesdropping using parabolic microphone explored Off-the-shelf, inexpensive equipments and tools

25 25/46 Pairing Methods Examined (1/3) IMD Pairing: Pairing an Implantable Medical Device (IMD) and an authorized reader (Halperin et al. [Oakland’08]).  RFID tag with piezo attached to IMD beeps and transmits key to reader  Reader microphone on the body surface records the key

26 26/46 Pairing Methods Examined (2/3) PIN-Vibra: Used for pairing a personal RFID tag with a mobile phone (Saxena et al. [SOUPS’08 Poster])  Phones vibrates encoding a PIN and touched to the tag  Tag senses the vibrations using on-board accelerometer PIN Accelerometer

27 27/46 Pairing Methods Examined (3/3) BEDA (Button Enabled Device Association): Soriente et al. [IWSSI’07, IJIS’09]  First device encodes a short password into blinking of an LED or vibration  Second device has a button Blink-Button Vibrate-Button

28 28/46 Eavesdropping Overview Eavesdropping implemented using off-the- shelf equipment PC microphone Parabolic microphone for larger distance recording Windows sound recorder and Matlab software Utilized signal processing methods and neural networks to decode the OOB data

29 29/46 Research Challenges IMD binary bit signal characteristics unknown Small differences in spectrum of “mark” and “space” bits Short bits sometimes overlap each other Vibration and button clicks Signal stretches over a wide range of frequencies Signal affected by background noise when recorded from a distance

30 30/46 Eavesdropping IMD Pairing

31 31/46 IMD Pairing System described in IMD paper recreated Included a piezo connected to an Intel’s WISP tag Inserted within a combination of meats  Emulated human chest Random 128-bit key encoded into the piezo Plus 8 bit pre-amble start sequence Using 2-FSK modulation Acoustic signal recorded and processed from different distances

32 32/46 IMD Setup Piezo attached to the WISP Meat combination used to simulate human body Implanted IMD* *from Halperin et al.

33 33/46 Our Attack Characteristic frequency components detected for each of the 2-FSK signals encoded Utilized for detecting accurate signal beginning Small differences in frequencies used to distinguish between bits and detect beginning sequence FFT and MFCC features created for each consecutive bit in the signal Multiple Neural networks explored to classify each bit Both supervised and unsupervised networks

34 34/46 Results – from 3 ft away

35 35/46 Results About 99% detection accuracy from up to 3 ft away MFCC features provided better results then FFT features Both supervised and unsupervised neural networks provide similar results Tests using parabolic microphone showed about 80% accuracy utilizing only signal processing techniques 12 ft away recording

36 36/46 Eavesdropping PIN-Vibra

37 37/46 Method Description PIN encoded into vibrations (on-off encoding) 14 bits random key hardcoded into cell phone Three additional bits (“110”) beginning sequence used to indicate key beginning (to a valid decoder) '1' bit marked by vibration, '0' bit marked by “sleep” period

38 38/46 Our Attack Similar to IMD eavesdropping: Spectrum analysis used to detect key beginning sequence Neural Network classifiers used to decode key Attack resulted in 100% successful detection of key

39 39/46 Results

40 40/46 Eavesdropping BEDA

41 41/46 Method Description Password encoded on one device As function of distances (time interval) between events Each event generates blink or vibration User presses button on other device when first device blinks or vibrates Implemented with 21-bit random password Provides 8 total signals

42 42/46 Our Attack For Blink-Button, we analyze button- pressing signals; for Vibrate-Button, we analyze vibration (button-pressing is subsumed within) Only used signal processing methods Detected each button press or vibration event Since in this case, the binary bits are not continuous, no classification is needed It is sufficient to detect each signal beginning Attack resulted in an accuracy of 98%

43 43/46 Implications of Our Attacks IMD Pairing: directly learn the shared secret PIN-Vibra: directly learn the shared secret no protection in the event of loss/theft of RFID still resistant to (remote) unauthorized reading BEDA Need to launch a man-in-the-middle attack as soon as the password is learned The three methods provide weaker security than what was assumed or is desired

44 44/46 Conclusions and Future Work The three AS-OOB pairing methods vulnerable to acoustic eavesdropping attacks Neural networks useful in correctly decoding bits from spectrum features Successful eavesdropping possible even from farther using a parabolic microphone Broadly, secure and usable pairing of constrained devices resistant to observation attacks is a research challenge Open problem

45 45/46 Other Projects Strong Password Authentication Password-Protected Secret Sharing Privacy of Web and Location-based Search Security and Privacy of P2P Systems Inference of Private Attributes in Online Social Networks Playful Security Security and Privacy of Medical Devices Selected contributions: Percom’11, AsiaCCS’11, TIFS’10, TIFS’09, T PDS’09, P2P’10, PETS’10, FC’10, ACNS’06, ICNP’05, TCC’05, SASN’05, S ASN’04

46 46/46 Acknowledgments Sponsors: NSF, NYU, NYU-Poly, Google, Nokia, Intel, Research in Motion Students – the SPIES: Jon Voris, Tzipora Halevi, Sai Teja Peddinti, Justin Lin, Borhan Uddin, Ambarish Karole, Arun Kumar, Ramnath Prasad, Alexander Gallego Collaborators Thanks!

Download ppt "1/46 SPIES: Security and Privacy In Emerging computing and networking Systems Nitesh Saxena Polytechnic Institute of NYU"

Similar presentations

Usable Bootstrapping of Secure Ad Hoc Communication Ersin Uzun PARC 1.

Usable Bootstrapping of Secure Ad Hoc Communication Ersin Uzun PARC 1.
Gone in 360 Seconds: Hijacking with Hitag2

Gone in 360 Seconds: Hijacking with Hitag2
Conformance Testing of MOST based Applications Towards Effective System Testing André Baresel, Michael Schmidt - DaimlerChrysler AG Contact: michael.a.schmidt@daimlerchrysler.com.

Conformance Testing of MOST based Applications Towards Effective System Testing André Baresel, Michael Schmidt - DaimlerChrysler AG Contact:
1 VLDB 2006, Seoul Mapping a Moving Landscape by Mining Mountains of Logs Automated Generation of a Dependency Model for HUG’s Clinical System Mirko Steinle,

1 VLDB 2006, Seoul Mapping a Moving Landscape by Mining Mountains of Logs Automated Generation of a Dependency Model for HUG’s Clinical System Mirko Steinle,
Trust relationships in sensor networks Ruben Torres October 2004.

Trust relationships in sensor networks Ruben Torres October 2004.
NFC Security What is NFC? NFC Possible Security Attacks. NFC Security Attacks Countermeasures. Conclusion. References.

NFC Security What is NFC? NFC Possible Security Attacks. NFC Security Attacks Countermeasures. Conclusion. References.
Physical Unclonable Functions and Applications

Physical Unclonable Functions and Applications
Secure In-Band Wireless Pairing Shyamnath Gollakota Nabeel Ahmed Nickolai Zeldovich Dina Katabi.

Secure In-Band Wireless Pairing Shyamnath Gollakota Nabeel Ahmed Nickolai Zeldovich Dina Katabi.
Tight Bounds for Unconditional Authentication Protocols in the Moni Naor Gil Segev Adam Smith Weizmann Institute of Science Israel Modeland Shared KeyManual.

Tight Bounds for Unconditional Authentication Protocols in the Moni Naor Gil Segev Adam Smith Weizmann Institute of Science Israel Modeland Shared KeyManual.
KAIS T Message-In-a-Bottle: User-Friendly and Secure Key Deployment for Sensor Nodes Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig(CMU), Sensys07 2007.

KAIS T Message-In-a-Bottle: User-Friendly and Secure Key Deployment for Sensor Nodes Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig(CMU), Sensys
1 © NOKIA MIT Media Lab Europe 200404.PPT / 20-04-2004 / RTT S ensing M y D evice and C ontextual A wareness: M y N ew D imensions of C ommunication Roope.

1 © NOKIA MIT Media Lab Europe PPT / / RTT S ensing M y D evice and C ontextual A wareness: M y N ew D imensions of C ommunication Roope.
Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses Authors: Daniel Halperin, Thomas S. Heydt-Benjamin, Benjamin.

Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses Authors: Daniel Halperin, Thomas S. Heydt-Benjamin, Benjamin.
Serverless Search and Authentication Protocols for RFID Chiu C. Tan, Bo Sheng and Qun Li Department of Computer Science College of William and Mary.

Serverless Search and Authentication Protocols for RFID Chiu C. Tan, Bo Sheng and Qun Li Department of Computer Science College of William and Mary.
Device(-to-Device) Authentication Nitesh Saxena Polytechnic Institute of NYU.

Device(-to-Device) Authentication Nitesh Saxena Polytechnic Institute of NYU.
Bluetooth What is it and where is it going?. Background…..   Conceived initially by Ericsson, before being adopted by a myriad of other companies, Bluetooth.

Bluetooth What is it and where is it going?. Background…..   Conceived initially by Ericsson, before being adopted by a myriad of other companies, Bluetooth.
1 Security problems of your keyboard –Authentication based on key strokes –Compromising emanations consist of electrical, mechanical, or acoustical –Supply.

1 Security problems of your keyboard –Authentication based on key strokes –Compromising emanations consist of electrical, mechanical, or acoustical –Supply.
Device-to-Device Authentication Nitesh Saxena Polytechnic Institue of NYU.

Device-to-Device Authentication Nitesh Saxena Polytechnic Institue of NYU.
SOUPS July 24, 2008 Universal Device Pairing using an Auxiliary Device Nitesh Saxena, Md. Borhan Uddin and Jonathan Voris Polytechnic Institute of New.

SOUPS July 24, 2008 Universal Device Pairing using an Auxiliary Device Nitesh Saxena, Md. Borhan Uddin and Jonathan Voris Polytechnic Institute of New.
Physical-layer Identification of RFID Devices Authors: Boris Danev, Thomas S. Heyde-Benjamin, and Srdjan Capkun Presented by Zhitao Yang 1.

Physical-layer Identification of RFID Devices Authors: Boris Danev, Thomas S. Heyde-Benjamin, and Srdjan Capkun Presented by Zhitao Yang 1.
Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses Zac Chupka Jeff Signore.

Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses Zac Chupka Jeff Signore.

Similar presentations

Ads by Google