On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments



Similar documents
On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments

Towards a Tight Finite Key Analysis for BB84

On Key Agreement in Wireless Sensor Networks based on Radio Transmission Properties

arxiv: v1 [cs.cr] 18 Jun 2013

On-line Entropy Estimation for Secure Information Reconciliation

International Journal of Recent Trends in Electrical & Electronics Engg., Feb IJRTE ISSN:

Bit Chat: A Peer-to-Peer Instant Messenger

Lab Exercise Objective. Requirements. Step 1: Fetch a Trace

Security in Near Field Communication (NFC)

24 th IEEE Annual Computer Communications Workshop (CCW)

Application of Automatic Variable Password Technique in Das s Remote System Authentication Scheme Using Smart Card

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

Chapter 6 CDMA/802.11i

CSE331: Introduction to Networks and Security. Lecture 6 Fall 2006

Application of Quantum Cryptography to an Eavesdropping Detectable Data Transmission

Physical-layer encryption on the public internet: A stochastic approach to the Kish-Sethuraman cipher

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Body Area Network Security: Robust Secret Sharing

Side Channel Analysis and Embedded Systems Impact and Countermeasures

Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg

Security in IEEE WLANs

Using Received Signal Strength Indicator to Detect Node Replacement and Replication Attacks in Wireless Sensor Networks

Network Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015

Chapter 2 Wireless Settings and Security

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Key Agreement from Close Secrets over Unsecured Channels Winter 2010

The next generation of knowledge and expertise Wireless Security Basics

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

communication over wireless link handling mobile user who changes point of attachment to network

Security Analysis of PLAID

Performance Measurement of Wireless LAN Using Open Source

Single Sign-On Secure Authentication Password Mechanism

First Semester Examinations 2011/12 INTERNET PRINCIPLES

Quantum Key Distribution as a Next-Generation Cryptographic Protocol. Andrew Campbell

Mobile Security Wireless Mesh Network Security. Sascha Alexander Jopen

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

A Probabilistic Quantum Key Transfer Protocol

Client Server Registration Protocol

RF Monitor and its Uses

Motion Sensing without Sensors: Information. Harvesting from Signal Strength Measurements

Chapter 8. Network Security

Cryptography Lecture 8. Digital signatures, hash functions

IMPROVISED SECURITY PROTOCOL USING NEAR FIELD COMMUNICATION IN SMART CARDS

Recommended Wireless Local Area Network Architecture

Common Pitfalls in Cryptography for Software Developers. OWASP AppSec Israel July The OWASP Foundation

Chapter 10. Network Security

Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi

Power management of video transmission on wireless networks for multiple receivers

III. Our Proposal ASOP ROUTING ALGORITHM. A.Position Management

All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices

How To Encrypt With A 64 Bit Block Cipher

QUANTUM COMPUTERS AND CRYPTOGRAPHY. Mark Zhandry Stanford University

Using Adversary Structures to Analyze Network Models,

Implementation and Evaluation of Certificate Revocation List Distribution for Vehicular Ad-hoc Networks

Multimedia Data Transmission over Wired/Wireless Networks

Research Statement Immanuel Trummer

Bluetooth Packet Sniffing Using Project Ubertooth. Dominic Spill

How To Understand And Understand The History Of Cryptography

Wireless security (WEP) b Overview

RoamAbout Wireless Networking Guide

Wireless Encryption Protection

10CS64: COMPUTER NETWORKS - II

CS6956: Wireless and Mobile Networks Lecture Notes: 2/11/2015. IEEE Wireless Local Area Networks (WLANs)

10. Wireless Networks

Information Leakage in Encrypted Network Traffic

Predictive Models for Min-Entropy Estimation

EINDHOVEN UNIVERSITY OF TECHNOLOGY Department of Mathematics and Computer Science

Wireless VPN White Paper. WIALAN Technologies, Inc.

In the first part of the talk, some common location-based security vulnerabilities will be presented. In the second part, the state-of-the-art

Halloween Costume Ideas For the Wii Game 2010

1. a. Define the properties of a one-way hash function. (6 marks)

COMMUNICATION NETWORKS WITH LAYERED ARCHITECTURES. Gene Robinson E.A.Robinsson Consulting

Wireless Network Security. Pat Wilbur Wireless Networks March 30, 2007

SELECTIVE ACTIVE SCANNING FOR FAST HANDOFF IN WLAN USING SENSOR NETWORKS

Spot me if you can: Uncovering spoken phrases in encrypted VoIP conversations

Basic processes in IEEE networks

Alarms of Stream MultiScreen monitoring system

CPSC 467b: Cryptography and Computer Security

Communication Networks. MAP-TELE 2011/12 José Ruela

WHITE PAPER. WEP Cloaking for Legacy Encryption Protection

Converting Signal Strength Percentage to dbm Values

SPINS: Security Protocols for Sensor Networks

Introduction to WiFi Security. Frank Sweetser WPI Network Operations and Security

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs

INFORMATION SECURITY A MULTIDISCIPLINARY. Stig F. Mjolsnes INTRODUCTION TO. Norwegian University ofscience & Technology. CRC Press

Chapter 3. Network Domain Security

Virtual Private Networks

Catch Me If You Can: A Practical Framework to Evade Censorship in Information-Centric Networks

This KnowledgeShare document addresses the main types of wireless networking today based on the IEEE standard.

Packet Level Authentication Overview

Lecture Objectives. Lecture 07 Mobile Networks: TCP in Wireless Networks. Agenda. TCP Flow Control. Flow Control Can Limit Throughput (1)

... neither PCF nor CA used in practice

Wireless Networks. Welcome to Wireless

Security in Ad Hoc Network

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Your Wireless Network has No Clothes

Key Hopping A Security Enhancement Scheme for IEEE WEP Standards

Enhancing privacy with quantum networks

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli

Extended Resolution TOA Measurement in an IFM Receiver

Transcription:

On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments Suman Jana, Sriram Nandha Premnath Mike Clark, Sneha K. Kasera, Neal Patwari University of Utah Srikanth V. Krishnamurthy University of California, Riverside

Problem Definition wireless nodes, Alice & Bob, need to share secret key concerns with public key cryptography quantum cryptography too expensive less expensive solution - use inherent randomness in wireless channel to extract secret key bits 2

Wireless Channel Characteristics measured reciprocally at Alice, Bob when away by more than few multiples of wavelength, Eve cannot measure same channel channel varies with time 3

Use of Received Signal Strength (RSS) RSS Variations Alice Bob Alice Bob Probe Exchange & RSS Measurement Eve Alice, Bob expected to see identical RSS variations [Stutzman 82] realistically, they must deal with lack of perfect reciprocity RSS Variations Eve 4

Related Work Mathur 08, Li 06, Aono 05 extract single bit per measurement experimental results from limited indoor settings Alice, Bob do not communicate to handle mismatches will result in key disagreement in large number of cases Azimi-Sadjadi 07 suggested using 2 stages from quantum cryptography - information reconciliation, privacy amplification did not implement! 5

Our Contributions adaptive key extraction increases secret bit rate 4-fold implement information reconciliation to handle bit mismatch implement privacy amplification to reduce correlation between successive bits through extensive real world measurements, identify settings (un)suitable for key extraction expose new predictable channel attack in static settings 6

Overview adversary model secret key extraction real world measurements, results summary 7

adversary Eve Adversary Model listens to all communication between Alice, Bob can measure channel between herself and Alice, Bob separated from both parties by distance >> wavelength Eve not interested in disrupting communication between Alice, Bob Alice, Bob are not authenticated 8

Secret Bit Extraction RSS Measurements Quantization Information Reconciliation Privacy Amplification Secret Key Bits 9

Adaptive Quantization how to generate bits from RSS measurements? Upper Threshold Extract 1 Drop Drop adapt threshold for small blocks of measurements Lower Threshold Extract 0 Extracted Bits 1 1 1 0 1 10

Adaptive Quantization Extract Interval 4 Interval 3 Interval 2 Interval 1 10 11 01 00 adapt # intervals depending on range Extracted Bits - 11 10 11 10 10 11 01 00 01

Adaptive Quantization Extract Interval 8 Interval 7 Interval 6 Interval 5 Interval 4 Interval 3 Interval 2 Interval 1 111 110 101 100 011 010 001 000 adapt #intervals depending on range limit: N log [Range] Extracted Bits - 101 110 101 110 110 100 010 Adaptive Secret Bit Generation (ASBG)

Information Reconciliation [Brassard 06] differences in between bit streams of Alice, Bob arise due to noise/interference, wireless hardware limitations half-duplex nature of channel solution: exchange parity information of small blocks of bits locate, correct mismatches using binary search permute, iterate until probability [success] > threshold 13

Privacy Amplification [Impagliazzo 89] short-term correlation between subsequent bits when probing rate > (coherence time) -1 need to remove bits leaked during information reconciliation solution: apply 2-universal hash function h: {1 M} {1 m} for inputs x, y, probability [h(x) = h(y)] upper bounded by 1/m decreases output length, but increases entropy 14

laptops - Alice, Bob Implementation equipped with Intel PRO/Wireless 3945 ABG cards monitor mode for collecting RSS measurements use ipwraw driver for raw packet injection probes IEEE 802.11g beacon frames management frames prioritized over data frames allows better control over probing rate probing rate ~20 packets per second 15

Implementation privacy amplification 2-universal hash functions use BigNumber OpenSSL routines 16

Implementation 17

time RSS Measurement Protocol Initiator (Alice) Record RSS Record RSS Responder (Bob) Record RSS Record RSS packet losses handled by initiator 20 ms timeout for detecting packet loss responder discards last RSS if duplicate beacon sequence # 18

Measurement Goals in what kind of settings, key extraction works? how does device heterogeneity affect key extraction? 19

Experiments 1. Stationary Endpoints, Intermediate objects A. Underground concrete tunnel B. Ed Catmull Gallery C. Lawn 2. Mobile Endpoints D. Walk Indoors E. Walk Outdoors F. Bike Ride 3. Stationary Endpoints, Mobile Intermediate objects G. Crowded Cafeteria H. Across busy road 20

RSS Stationary Endpoints & Intermediate Objects -54-55 -56-57 -58-59 Underground Concrete Tunnel Experiment Probes Alice Bob snapshot of data collected for few seconds distance between Alice, Bob = 10 feet variations very small (range: ~2 db), exhibit poor reciprocity expect Alice s & Bob s bit streams to have very high mismatch small scale variations represent noise 21

RSS RSS Stationary Endpoints & Intermediate Objects -45-55 -65-75 -85 Gallery Experiment -62-64 Probes Alice Bob -66 distance = 30 ft -54-56 -58-60 Lawn Experiment Probes Alice Bob distance = 10 ft even typical stationary settings are no different from underground concrete tunnel! 22

RSS Mobile Endpoints -45-50 -55-60 -65-70 -75 Walk Indoors Experiment normal walk speed distance = 10-15 ft Probes Alice Bob large variations range ~25 db highly reciprocal hints that Alice s & Bob s bit streams will have very low mismatch 23

RSS RSS Mobile Endpoints Walk Outdoors Experiment Bike Ride Experiment -45-55 -65-75 -30-40 -50-60 -70-85 Probes Alice Bob -80 Probes Alice Bob normal walk speed slow bike ride 20-25 ft distance 10 ft or more distance more evidence - mobile devices likely to have very low mismatch effects of noise diminished by large scale variations 24

RSS RSS Mobile Intermediate Objects & Stationary Endpoints Crowded Cafeteria Experiment -46-50 -54-58 -62-66 Probes Alice Bob low speed mobility; distance = 10 ft Experiment Across Busy Road -69-71 -73-75 -77-79 Probes Alice Bob high speed mobility; distance = 25 ft intermediate variation range (~8-16 db), reciprocity hints - Alice s, Bob s bit streams will have moderate mismatch 25

Predictable Channel Attack novel attack in all stationary settings Eve can cause predictable channel variations by controlling movements of intermediate objects break key extraction schemes without spending compute power 26

RSS Predictable Channel Attack -43-48 -53-58 -63 Probes bits extracted: 0000 1111 0000 1111 no precision machinery required Eve can produce zigzag patterns, or any other pattern by controlling movements no post processing will ensure security of extracted key! 27

RSS Effect of Device Heterogeneity -40-45 -50-55 -60-65 -70-75 -80-85 Walk Indoors Experiment Probes Alice (Intel 3945 ABG) Bob (Atheros) greater mismatch than with homogeneous devices mismatch low enough to help establish secret key 28

Comparison of Key Extraction Approaches in Various Settings performance metrics entropy rate mismatch rate secret bit rate single bit, multiple bit extraction 29

Entropy Comparison of Key Extraction Approaches in various Settings 1.00 0.75 0.50 0.25 0.00 stationary mobile intermediate Experiments Aono Mathur Tope Azimi-Sadjadi ASBG secret bit stream from ASBG entropy close to 1 passes randomness tests of NIST test suite we conduct 30

Mismatch Rate Entropy Comparison of Key Extraction Approaches in various Settings 1.00 0.75 0.50 0.25 0.00 stationary mobile intermediate Experiments Aono Mathur Tope Azimi-Sadjadi ASBG 1.00 0.75 0.50 mobile settings yield bits with low mismatch rates 0.25 0.00 stationary mobile intermediate Experiments Aono Mathur Tope Azimi-Sadjadi ASBG 31

Mismatch Rate Entropy Secret bit rate Comparison of Key Extraction Approaches in various Settings 1.00 0.75 0.50 0.25 0.00 stationary mobile intermediate Experiments Aono Mathur Tope Azimi-Sadjadi ASBG 1.00 0.75 0.50 0.25 0.00 stationary mobile intermediate Experiments Aono Mathur Tope Azimi-Sadjadi ASBG 1.00 0.75 0.50 0.25 ASBG exhibits highest secret bit rate among those with entropy > 0.7 0.00 stationary mobile intermediate Experiments Aono Mathur Tope Azimi-Sadjadi ASBG 32

Secret bit rate Mismatch Rate 1.00 0.75 0.50 0.25 0.00 Multiple Bit Extraction 0.35 0.30 0.25 0.20 0.15 0.10 0.05 mobile intermediate 0.00 mobile intermediate Experiments 1 bit 2 bits Gray 3 bits Gray 4 bits Gray Experiments 2 bits Gray 3 bits Gray 4 bits Gray significant increase in secret bit rate at least 4 times (with N = 2) compared to single bit extraction bit mismatch rate increases with N Gray code assignment produces smaller mismatch rates 33

Summary mobile settings best suited for key extraction due to low mismatch don t depend solely on movements of limited intermediate objects beware of predictable channel attack! our environment adaptive quantization scheme + information reconciliation + privacy amplification generates high entropy bits at high rate 34

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information