Presentation is loading. Please wait.

Presentation is loading. Please wait.

Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony.

Published byAugustine Marshall Modified over 9 years ago

Similar presentations

Presentation on theme: "Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony."— Presentation transcript:

1 Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony LaMarca

2 Secure Spontaneous Interaction Phone + hotel room TV and keyboard Exchange of private info Phone and hands free Paying for groceries, tickets, cola

3 Naïve Solution Diffie-Hellman a Alice b Bob

4 Naïve Solution Diffie-Hellman a Alice b Bob g, g a

5 Naïve Solution Diffie-Hellman a Alice b K  g ab Bob g, g a

6 Naïve Solution Diffie-Hellman a Alice b K=g ab Bob g, g a gbgb

7 Naïve Solution Diffie-Hellman a K=g ba Alice b K=g ab Bob g, g a gbgb

8 Who is my device really communicating with? The Problem

9 Who is my device really communicating with? Spoofing The Problem a Alice b Bob

10 Who is my device really communicating with? Spoofing The Problem a Alice b Bob x X

11 Who is my device really communicating with? Spoofing The Problem a Alice x X

12 Who is my device really communicating with? Spoofing The Problem a Alice x Bob

13 Who is my device really communicating with? Spoofing The Problem aK=gxaaK=gxa Alice x K=g ax Bob g, g a gxgx

14 Who is my device really communicating with? Spoofing Man in the middle The Problem a Alice b Bob x X

15 Who is my device really communicating with? Spoofing Man in the middle The Problem a K 1 =g xa Alice b K 2 =g xb Bob g, g a gxgx x K 1 =g ax K 2 =g bx X g, g x gbgb

16 Who is my device really communicating with? Spoofing Man in the middle Solution: Ensure communication with device that is close  Assumption: attacker is not between legitimate devices The Problem a K 1 =g xa Alice b K 2 =g xb Bob g, g a gxgx x K 1 =g ax K 2 =g bx X g, g x gbgb

17 Existing Solutions Use a cable Use short range communication  Bluetooth  Infrared  Laser  Ultrasound  Near field communication (NFC) Ask user to verify pairing  Displaying keys  Playing music, images

18 Existing Solutions Use a cable Use short range communication  Bluetooth  Infrared  Laser  Ultrasound  Near field communication (NFC) Ask user to verify pairing  Displaying keys  Playing music, images BlueSniper Rifle by Flexis

19 Key Idea Secure pairing requires a shared secret Devices in close proximity perceive a similar radio environment Derive shared secret from common radio environment  Listen to traffic of ambient radio sources Use knowledge of common radio environment as proof of proximity

20 Advantages No extra hardware  Leverage radio already available on device No user involvement to verify pairing Not subject to eavesdropping  Secret derived by listening to ambient sources

21 Requirements on Radio Environment 1.Temporal variability Signal fluctuates randomly at a single location over time

22 Requirements on Radio Environment 2.Spatial variability Values at different locations have low correlation

23 Requirements on Radio Environment 3.Devices in proximity should perceive similar environment 5 cm 10 m 85% common pkts40% common pkts

24 Potential Authentication Methods Proximity-based authentication token  Diffie-Hellman  Authenticate using the token Proximity-based encryption keys  Directly from the common environment  Less CPU intensive?

25 Amigo: Diffie-Hellman + Proximity Token Devises monitor radio environment following Diffie-Hellman key exchange Send to each other a signature Each device verifies that signature similar to own observation  Signature does not have to remain secret after exchange is over

26 Signature Verification Signature: sequence of hash of packet + RSSI Segment size 1 second

27 Classifier 2 stage boosted binary stump classifier Stage 1: Filters noisy data  Marks as invalid instances with % of common pkts bellow threshold (75% works well) Stage 2: Assigns a score to valid instances  Function of differences in signal strength  Converts scores into votes based on threshold  Tally votes for all instances

28 Commitment Protocol Reveal man-in-middle attack while exchanging signatures Forces attacker to forge data Break signature S into n blocks Generate nonce Each period exchange K nonce ( Hash (K session_key ),Hash(id),s i ) Send nonce a K 1 =g xa Alice b K 2 =g xb Bob K nA (H(K 1 )H(A)S i ) x K 1 =g ax K 2 =g bx X K nB (H(K 2 )H(B)S i )

29 Scenario 1 : Simple Attacker 6 laptops  Friendly 5cm away  Attackers 1,3,5,10 meters WiFi – Orinoco Gold All at same height Line of sight 1m 3m 10m 5m Best case for attacker

30 Traces 2 traces: training and testing  2 months apart  2 different location in the lab 10 minute trace 30 – 50 thousand pkts per laptop 11 access points 45 – 58 WiFi radio sources

31 Simple Attacker Can pair within 5 seconds Can detect attacker 3 meters away or more 1 meter is a problem

32 Local Entropy: Obstacles False Positives Line-of-sight (1m)81% Drywall (10cm)100% Human (1m)12% Concrete wall (30cm)0% Human blocking attacker’s line of sight goes a long way to improve performance

33 Local Entropy: Movement Hand waving helps!

34 5 laptops  Friendly 1 m away  Attackers 3,5,10 meters All at same height Line of sight Stretching Co-Location 1m 3m 10m 5m

35 Stretching Co-Location

36 Scenario 2 : Attacker with Site Knowledge Before pairing  Attacker samples exact pairing spot  Creates RSSI distribution for every wireless source it hears While pairing  Pkts from know source  assign RSSI from distribution  Pkts from unknown source Option 1 Discard Option 2 Leave unchanged(best)

37 Scenario 2 : Attacker with Site Knowledge With hand waving false rate positives reaches 0 within 5 seconds

38 Scenario 3: “Omnipotent” Attacker Controls all radio sources  Knows which pkts were received by victim Oracle: RSSI from current distribution

39 Conclusions Possible to use knowledge of radio environment to prove physical proximity Advantages  No extra hardware  No user involvement to verify pairing  Not subject to eavesdropping Two potential methods  Location-based authentication token  Location-based encryption keys

40 Future Work System robustness  Different cards and antennas  Different environments Improve accuracy  Software radios  Multiple radios Proximity-based encryption keys

41 Questions? Eyal de Lara delara@cs.toronto.edu www.cs.toronto.edu/~delara Varshavsky, Scannell, LaMarca, de Lara “Amigo: Proximity-based Authentication of Mobile Devices” 9th Int. Conference on Ubiquitous Computing (UbiComp) Innsbruck, Austria, Sep. 2007

Download ppt "Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony."

Similar presentations

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
1 Security in Wireless Protocols Bluetooth, 802.11, ZigBee.

1 Security in Wireless Protocols Bluetooth, , ZigBee.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
NFC Security What is NFC? NFC Possible Security Attacks. NFC Security Attacks Countermeasures. Conclusion. References.

NFC Security What is NFC? NFC Possible Security Attacks. NFC Security Attacks Countermeasures. Conclusion. References.
CSC 774 Advanced Network Security

CSC 774 Advanced Network Security
Technical Issues Regarding Near Field Communication Group 16 Tyler Swofford Matthew Kotan.

Technical Issues Regarding Near Field Communication Group 16 Tyler Swofford Matthew Kotan.
1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.

1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.
Secure In-Band Wireless Pairing Shyamnath Gollakota Nabeel Ahmed Nickolai Zeldovich Dina Katabi.

Secure In-Band Wireless Pairing Shyamnath Gollakota Nabeel Ahmed Nickolai Zeldovich Dina Katabi.
Tight Bounds for Unconditional Authentication Protocols in the Moni Naor Gil Segev Adam Smith Weizmann Institute of Science Israel Modeland Shared KeyManual.

Tight Bounds for Unconditional Authentication Protocols in the Moni Naor Gil Segev Adam Smith Weizmann Institute of Science Israel Modeland Shared KeyManual.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.

More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Similar presentations

Ads by Google