Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bridging the UI Gap for Authentication in Smart Environments Sebastian Unger Prof. Dirk Timmermann University of Rostock, Germany MuSAMA DFG Graduate Program.

Published byPercival Dickerson Modified over 9 years ago

Similar presentations

Presentation on theme: "Bridging the UI Gap for Authentication in Smart Environments Sebastian Unger Prof. Dirk Timmermann University of Rostock, Germany MuSAMA DFG Graduate Program."— Presentation transcript:

1 Bridging the UI Gap for Authentication in Smart Environments Sebastian Unger Prof. Dirk Timmermann University of Rostock, Germany MuSAMA DFG Graduate Program

2 Problem statement What is it about? ? © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 2 25.06.2014 How to mutually authenticate a light bulb and a switch?

3 Motivation Basic Principles Approach Prototype Implementation Conclusion & Future Work Agenda 25.06.2014 © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 3

4 Motivation Basic Principles Approach Prototype Implementation Conclusion & Future Work Agenda © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 4 25.06.2014

5 What it is about Motivation AAL IoT WoT © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 5 25.06.2014

6 Confidentiality Security? Motivation Authorization Integrity Prerequisite: Authentication / Authenticity © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 6 25.06.2014

7 Authentication Motivation Authentication= Identification + Keying + Parameter negotiation AES-CBC-256 © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 7 25.06.2014

8 Motivation Basic Principles on Authentication Approach Prototype Implementation Conclusion & Future Work Agenda © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 8 25.06.2014

9 Delegated Basic Authentication Approaches Basic Principles vs. Direct Trust Authority (TA) implicit trust relationship  Usually hybrid approach How is trust established between endpoints and TA? © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 9 25.06.2014

10 Delegated authentication example: certificate hierarchies Basic Principles root CA CAs end points certificate hierarchies: authentication is delegated by certificate authorities (CA) with the root CA at the top of the tree © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 10 25.06.2014

11 can reduce endpoint’s efforts easier to manage (one vendor) transparent to user requires (vendor-independent) infrastructure single point(s) of failure authentication in field cumbersome Delegated authentication: pros and cons Basic Principles © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 11 25.06.2014

12 Direct Authentication Basic Principles Direct Authentication: Exchange a PIN out-of-band (OOB) OOB channels can be 1234 e.g. challenge-response OOB:1234 © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 12 25.06.2014

13 Direct authentication: pros and cons Basic Principles no trusted 3 rd parties no infrastructure necessary no single point of failure authentication / connection establishment at runtime # of connections per device: n (instead of 1) OOB channel must be possible © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 13 25.06.2014

14 Motivation Basic Principles Approach to bridge UI gaps Prototype Implementation Conclusion & Future Work Agenda © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 14 25.06.2014

15 Problem statement Approach ? © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 15 25.06.2014

16 Common approach to bridge the gap Approach Supply every device with NFC capabilities (  NFC hype) Example: Is it possible to bridge the gap w/o supplying peripherals the device does not need? ? © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 16 25.06.2014

17 Our approach to bridge the gap Approach Approach: Incorporate user interface capabilities of omnipresent multimedia devices ? © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 17 25.06.2014

18 Multimedia device properties Approach Multimedia devices… … have plenty of user interface capabilities … are literally everywhere in today’s homes … are often carried with their users Example: Smartphone LG Nexus 4 © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 18 25.06.2014

19 The complete protocol Approach ClientDevicephone discovery Metadata: Matching authentication mechanism? Metadata Request authentication w/ Device Request authentication w/ Client PIN oob-channel 1 PIN oob-channel 2 Remainder of authentication handshake © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 19 25.06.2014

20 How to translate the OOB channel: ECDH Approach Elliptic Curve Diffie Hellman (ECDH) AliceBob pick SK A PK A = SK A ×G pick SK B PK B = SK B ×G PK A PK B S = S A = PK B × SK A S = S B = PK A × SK B Adversary cannot calculate S BUT Man-in-the-Middle (MITM) attack is possible © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 20 publicly agree on elliptic curve G 25.06.2014

21 How to translate the OOB channel: ECDH Approach Elliptic Curve Diffie Hellman (ECDH): MITM AliceBob pick SK A PK A = SK A ×G pick SK B PK B = SK B ×G PK A PK M S 1 = S A = PK M × SK A S 2 = S B = PK M × SK B Alice an Bob are not aware of MITM’s presence © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 21 MITM PK M PK B S 1 = PK A × SK M S 2 = PK B × SK M 25.06.2014

22 How to translate the OOB channel: authenticated ECDH Approach Authenticated Elliptic Curve Diffie Hellman (ECDH) by Ho AliceBob publicly agree on elliptic curve G, exchange PW OOB pick SK A PK A =SK A ×G PK‘ A =PK A -Q( PW ) pick SK B PK B =SK B ×G PK‘ A, nonce A,id A,id B PK B, nonce B, id A, id B, H B S=S A =PK B ×SK A verify H B H A =cmac(S,parm) verify H A PK A =PK‘ A +Q( PW ) S=S B =PK A ×SK B H B =cmac(S,parm) HAHA MK = cmac(S, nonce A | nonce B ) © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 22 Assume previously (OOB) exchanged PIN PW Distort Alice‘s PK with PW Use keyed hashes of IDs and parameters to authenticate handshake Derive master key MK from S Assume previously (OOB) exchanged PIN PW Distort Alice‘s PK with PW Use keyed hashes of IDs and parameters to authenticate handshake Derive master key MK from S 25.06.2014

23 How to translate the OOB channel: authenticated ECDH Approach Authenticated Elliptic Curve Diffie Hellman (ECDH) by Ho AliceBob pick SK A PK A =SK A ×G PK‘ A =PK A -Q(PW) pick SK B PK B =SK B ×G PK‘ A, nonce A,id A,id B PK B, nonce B, id A, id B, H B S=S A =PK B ×SK A verify H B H A =cmac(S,parm) verify H A PK A =PK‘ A +Q(PW) S=S B =PK A ×SK B H B =cmac(S,parm) HAHA MK = cmac(S, nonce A | nonce B ) © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 23 MK = cmac(S, nonce A | nonce B ) phone PK‘ A, nonce A,id A,id B PK B, nonce B, id A, id B, H B HAHA PW Parameters contain the requested OOB authentication mechanism This must be changed to preserve transparency Phone cannot recompute H A/B as it has no knowledge of S Parameters contain the requested OOB authentication mechanism This must be changed to preserve transparency Phone cannot recompute H A/B as it has no knowledge of S 25.06.2014

24 How to translate the OOB channel: authenticated ECDH Approach Authenticated Elliptic Curve Diffie Hellman (ECDH) by Ho variant AliceBob pick SK A PK A =SK A ×G PK‘ A =PK A -Q(PW) pick SK B PK B =SK B ×G S=S A =PK B ×SK A verify H B H A =cmac(S,parm) verify H A PK A =PK‘ A +Q(PW) S=S B =PK A ×SK B H B =cmac(S,parm) PW +PK B PW +PK A © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 24 PK‘ A, nonce A,id A,id B PK B, nonce B, id A, id B, H B HAHA PK‘ A, nonce A,id A,id B PK B, nonce B, id A, id B, H B HAHA PW phone H A/B = f(S(PW)) = f(PW) Use PW directly to compute hashes Add public keys to hashes to detect MITM as early as possible H A/B = f(S(PW)) = f(PW) Use PW directly to compute hashes Add public keys to hashes to detect MITM as early as possible MK = cmac(S, nonce A | nonce B ) 25.06.2014

25 Motivation Basic Principles Approach Prototype Implementation Conclusion & Future Work Agenda © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 25 25.06.2014

26 Hardware Setup Prototype Implementation Device: Light Bulb Client: Light Switch Multimedia device: Smart phone (LG Nexus 4) +App: WS4D Mobile Authenticator © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 26 25.06.2014

27 Flow I Prototype Implementation Discovery Request authentication © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 27 25.06.2014

28 Flow II Prototype Implementation Metadata © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 28 25.06.2014

29 Flow II Prototype Implementation Request Authentication Metadata Response to request © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 29 25.06.2014

30 Flow II Prototype Implementation OOB Pin Exchange Request Authentication Metadata Response to request © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 30 25.06.2014

31 Flow III Prototype Implementation Request Authentication Response to request © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 31 25.06.2014

32 Flow III Prototype Implementation Request Authentication Response to request OOB Pin Exchange © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 32 25.06.2014

33 Flow IV Prototype Implementation Request authentication Response © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 33 25.06.2014

34 Summary Prototype Implementation devices are authenticated in directly + keying + parameter negotiation completely transparent to Device mostly transparent to Client + less effort for Client no delegated authentication, phone remains unauthenticated © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 34 25.06.2014

35 Motivation Basic Principles Approach Prototype Implementation Conclusion & Future Work Agenda © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 35 25.06.2014

36 Conclusion solution for bridging possible UI Gaps increases usability of authentication transparent to user and device developed high-level protocol / flow developed cryptographic protocol for indirect authentication open-source prototype by means of hardware + Android app © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 36 25.06.2014

37 The Big Picture Future Work © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 37 Indirect Authentication part of project to create security framework for distributed embedded systems based on WS Security suite Integrate message level security Combine with delegated authentication to increase transparency and usability Current communication: DPWS, future: REST 25.06.2014

38 Additional mechanisms Future Work © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 38 25.06.2014

39 Thank you very much for your attention! Any questions? Questions? Thank you! Sebastian Unger Institute for Applied Microelectronics and Computer Engineering, University of Rostock, Germany sebastian.unger@uni-rostock.de © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 39 25.06.2014

40 Bridging Larger Gaps Backup ? © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 40 Completely transparent for Device and Client 25.06.2014

41 Why public keys in hash? Backup Authenticated Elliptic Curve Diffie Hellman (ECDH) by Ho variant AliceBob © 2009 UNIVERSITÄT ROSTOCK | S.Unger: „Bridging the UI Gap for Authentication in Smart Environments“ 41 phoneMITM PW PK A ‘ PK M […] S 1 =PK‘ M x SK B S 2 =PK B x SK M S 4 =PK M x SK A S 3 =PK‘ A x SK M Man-in-the-Middle (MITM) attack is not detected. It’s simply not possible for Alice and Bob (via MITM) to communicate b/c different sessions keys S i are calculated. Including public keys in hashes however makes it possible to detect MITM. 25.06.2014

Download ppt "Bridging the UI Gap for Authentication in Smart Environments Sebastian Unger Prof. Dirk Timmermann University of Rostock, Germany MuSAMA DFG Graduate Program."

Similar presentations

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.
Doc.: IEEE 802.11-09/1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 1 Suite-B Compliance for a Mesh Network Date: 2009-09-15 Authors:

Doc.: IEEE /1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 1 Suite-B Compliance for a Mesh Network Date: Authors:
1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
By Md Emran Mazumder Ottawa University Student no: 6282845.

By Md Emran Mazumder Ottawa University Student no:
An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.

An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.
A Survey of Key Management for Secure Group Communications Celia Li.

A Survey of Key Management for Secure Group Communications Celia Li.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.

Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
CMSC 414 Computer (and Network) Security Lecture 26 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 26 Jonathan Katz.
Computer Security Key Management. Introduction We distinguish between a session key and a interchange key ( long term key ). The session key is associated.

Computer Security Key Management. Introduction We distinguish between a session key and a interchange key ( long term key ). The session key is associated.
Computer Security Key Management

Computer Security Key Management
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Similar presentations

Ads by Google