Presentation is loading. Please wait.

Presentation is loading. Please wait.

Integrity-regions: Authentication Through Presence in Wireless Networks Srdjan Čapkun 1 and Mario Čagalj 2 1 Department of Computer Science, ETH Zurich.

Published byMarvin Owens Modified over 9 years ago

Similar presentations

Presentation on theme: "Integrity-regions: Authentication Through Presence in Wireless Networks Srdjan Čapkun 1 and Mario Čagalj 2 1 Department of Computer Science, ETH Zurich."— Presentation transcript:

1 Integrity-regions: Authentication Through Presence in Wireless Networks Srdjan Čapkun 1 and Mario Čagalj 2 1 Department of Computer Science, ETH Zurich 2 FESB, University of Split, Croatia ACM WiSe 2006

2 2 Key Establishment: Diffe-Hellman g a mod p g b mod p K AB =(g b ) a mod p K AB =(g a ) b mod p Mallory Alice Bob

3 3 Man in the Middle Attack (MITM)

4 4 Solution to the MITM: Authentication of DH Contributions g a mod p A B g b mod p, sig B (g b,g a ) sig A (g a,g b ) Uses signatures... (DH contributions are authenticated) A B here are the public keys TTP

5 5 Our goal: Avoiding Certificates (Reliance on TTPs) g a mod p A B g b mod p A B Visual recognition, conscious establishment of keys h( g a ) h( g b )

6 6 Existing Solutions Stajano and Anderson propose the “resurrecting duckling” security policy model (physical contact) Balfanz et al. “location-limited channel” (e.g., an infrared link) Asokan and Ginzboorg propose a solution based on a shared password Perrig and Song, hash visualization (image comparison) Maher presents several methods to verify DH public parameters (short string comparison), found flawed by Jakobsson Jakobsson and Larsson proposed two solutions to derive a strong key from a shared weak key Dohrmann and Ellison propose a method for key verification that is similar to DH-SC (short word comparison) Gehrmann et al., (short string comparison) Goodrich et al. Loud And Clear: Human Verifiable Authentication Based on Audio Cagalj et al. (short string comparison (1/2 string size)) Capkun, et al. key establishment for self-organized mobile networks (IR channel, mobility) Castellucia, Mutaf (device signal indistinguishability) Cagalj, Capkun, Hubaux, distance-based verification, channel anti- blocking Cagalj, Capkun,... Integrity-codes (awareness of presence)

7 7 The Seriousness of the MITM Attack Devices using low-power radios can avoid it? –not all radios can control their tx power –the ranges are highly unpredictable –the attacker can use high-gain directional antennas and increase its listening range up to 10x –neighboring/hidden devices I will establish keys in my own living room, I do not need security... –maybe your neighbor steals your dvd UWB output? –you meet someone at a conference... –ad hoc groups of emergency staff, police,... –... –yes, you probably do not need any security in your living room

8 8 Our Solution: Integrity-regions Main idea: message authentication through distance verification (e.g. ultrasonic distance-bounding) Assumption: the user can assume or visually verify that there are no malicious devices within the integrity region No certificates or preshared keys exchanged prior to the protocol execution

9 9 Integrity Region Protocol A B d M A’s integrity region d* (c,o) = commit(g b ) c,B d*=(t R -t S )v sound [1] verify (c,o) [2] verify that d* is within its (A's) integrity region d (i.e., d*  d) [3] verify that there are no devices at any distance d**  d* [4] if verifications (1-3) pass, A accepts message g b as genuine NA  oNA  o US channel tRtR NANA tStS

10 10 Diffie-Hellman with Integrity Regions Given g a Pick N A, N A  U {0,1} k m A  0  g a  N A (c A,o A )  commit (m A ) AliceBob * Given g b Pick N B  U {0,1} k m B  1  g b  N B (c B,o B )  commit (m B ) cAcA cBcB oBoB m B  open (c B,o B ) Verify 1 in m B s A  N A  N B oAoA m A  open (c A,o A ) Verify 0 in m A s B  N B  N A * R B  N A  s B NANA RBRB tStS tRtR d A =(t R -t S )v sound Verify s A = N A  R B * * Only Alice verifies her integrity region. If verification OK, Alice and Bob accept m B and m A, respectively.

11 11 Analysis of the Implementation with Ultrasound A B d M A’s integrity region d* c,B NA  oNA  o US channel tRtR NANA tStS (c,o) = commit(g b ) (c*,o*) = commit(g m ) c*,B N A  o*

12 12 Main Consequence of Integrity Regions Forcing the attacker to be physically close to the devices to perform the MITM attack. without integrity regions with integrity regions

13 13 Integrity-regions with (Omni)directional Antennas

14 14 Example Application Scenarios Setup of wireless sensor networks (establishment of keys) no attackers in this space (sensors’ I-region) Setup of a home network

15 15 Summary/Future Work Physical presence of the attacker (i.e., the attacker cannot be omnipresent (physically)) Honest devices (users) can have an awareness of presence (distance, space, surrounding devices) One solution: Integrity regions, message authentication through distance verification Impact on (mobile) ad hoc / sensor networks: –verification of the distance prevents MITM attacks on key establishment from remote locations –enables P2P key establishment / key pairing

16 16 Authentication Through Presence (Awareness) M. Čagalj, S. Čapkun, R. Rengaswamy, I.Tsigkogiannis, M. Srivastava, and J.-P. Hubaux. Integrity (I) codes: Message Integrity Protection and Authentication Over Insecure Channels. In Proceedings of the IEEE Symposium on Security and Privacy, 2006 M. Čagalj, S. Čapkun, and J.-P. Hubaux, Key Agreement in Peer-to-Peer Wireless Networks Proceedings of the IEEE (Special Issue on Security and Cryptography), 94(2), 2006

Download ppt "Integrity-regions: Authentication Through Presence in Wireless Networks Srdjan Čapkun 1 and Mario Čagalj 2 1 Department of Computer Science, ETH Zurich."

Similar presentations

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.
Usable Bootstrapping of Secure Ad Hoc Communication Ersin Uzun PARC 1.

Usable Bootstrapping of Secure Ad Hoc Communication Ersin Uzun PARC 1.
Chris Karlof and David Wagner

Chris Karlof and David Wagner
Secure Location Verification with Hidden and Mobile Base Stations -TMC Apr, 2008 Srdjan Capkun, Kasper Bonne Rasmussen, Mario Cagalj, Mani Srivastava.

Secure Location Verification with Hidden and Mobile Base Stations -TMC Apr, 2008 Srdjan Capkun, Kasper Bonne Rasmussen, Mario Cagalj, Mani Srivastava.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Technical Issues Regarding Near Field Communication Group 16 Tyler Swofford Matthew Kotan.

Technical Issues Regarding Near Field Communication Group 16 Tyler Swofford Matthew Kotan.
Frank Stajano Presented by Patrick Davis 1.  Ubiquitous Computing ◦ Exact concept inception date is unknown ◦ Basically background computing in life.

Frank Stajano Presented by Patrick Davis 1.  Ubiquitous Computing ◦ Exact concept inception date is unknown ◦ Basically background computing in life.
 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.

 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.
Secure In-Band Wireless Pairing Shyamnath Gollakota Nabeel Ahmed Nickolai Zeldovich Dina Katabi.

Secure In-Band Wireless Pairing Shyamnath Gollakota Nabeel Ahmed Nickolai Zeldovich Dina Katabi.
Interlock Protocol - Akanksha Srivastava 2002A7PS589.

Interlock Protocol - Akanksha Srivastava 2002A7PS589.
Tight Bounds for Unconditional Authentication Protocols in the Moni Naor Gil Segev Adam Smith Weizmann Institute of Science Israel Modeland Shared KeyManual.

Tight Bounds for Unconditional Authentication Protocols in the Moni Naor Gil Segev Adam Smith Weizmann Institute of Science Israel Modeland Shared KeyManual.
Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig Carnegie Mellon University Message-In-a-Bottle: User-Friendly and Secure Cryptographic Key Deployment.

Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig Carnegie Mellon University Message-In-a-Bottle: User-Friendly and Secure Cryptographic Key Deployment.
More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.

More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.
1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.

1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
LAAC: A Location-Aware Access Control Protocol YounSun Cho, Lichun Bao and Michael T. Goodrich IWUAC 2006.

LAAC: A Location-Aware Access Control Protocol YounSun Cho, Lichun Bao and Michael T. Goodrich IWUAC 2006.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.
UCB Security Jean Walrand EECS. UCB Outline Threats Cryptography Basic Mechanisms Secret Key Public Key Hashing Security Systems Integrity Key Management.

UCB Security Jean Walrand EECS. UCB Outline Threats Cryptography Basic Mechanisms Secret Key Public Key Hashing Security Systems Integrity Key Management.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

Similar presentations

Ads by Google