Find networks
This presentation is the property of its rightful owner.
Sponsored Links
1 / 1

Link Setup Time (ms) PowerPoint PPT Presentation


  • 95 Views
  • Uploaded on
  • Presentation posted in: General

Find networks that Alice trusts. Transitive Trust. Alice’s secret. Alice’s secret. Alice trusts “Alice’s Home”. Alice trusts bob.laptop. T i = AES K ( i ). T i = AES K ( i ). T i = AES K ( i ) where i =  current time/5 min .

Download Presentation

Link Setup Time (ms)

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Link setup time ms

Find networks

that Alice trusts

Transitive

Trust

Alice’s secret

Alice’s secret

Alice trusts

“Alice’s Home”

Alice trusts

bob.laptop

Ti = AESK (i)

Ti = AESK (i)

Ti = AESK (i) where i = current time/5 min

Ti = AESK (i) where i = transmission #

AB

AB

AB

AB

Mechanisms to Mitigate Wireless Privacy Threats

Jeffrey Pang <[email protected]>

http://www.cs.cmu.edu/~jeffpang

Authenticity

Integrity

100

250

Confidentiality

Unlinkability

500

300

Efficiency

200

tcpdump

120

Username: Alice

Public Key: 0x123…

SSID: Bob’s Network

Password: [_]pants

Data

Only

Data

Only

Data

Only

transmission sizes

transmission sizes

802.11 WPA

KAB

802.11 header

Is Bob’s Network here?

802.11 header

Bob’s Network is here

Long

Term

MAC Pseudonyms

Lookup Tiin a

table to get KAB

Encrypt Everything

Problem: existing protocols leak information

Goal: obsure everything from third parties

Long

Term

SlyFi: Discovery

MAC address, …

SlyFi: Data

MAC address, …

Best security practices still expose identifiers, credentials, and packet sizes/timings to third parties, enabling attacks:

  • Location tracking: identifiers can be linked over time

  • User profiling: info can be cross-indexed with databases

  • Side-channel analysis: sizes/timing reveals packet contents

    Greenstein, HotOS ’07; Pang, MobiCom ’07; Pang, HotNets ’07; Jiang, MobiSys ’07; Sapanos, Usenix Security ’07; www.bluetoothtracking.org; ...

Three essential protocol changes to prevent attacks:

Obscure all transmitted bits during all protocol phases

Obscure packet sizes/timing that act as side-channels

Obscure and automate bootstrapping of keys to prevent communication with untrusted third parties

1. MobiSys ’08; 2. CMU Thesis Proposal ’08; 3. HotNets ’07

packet size histogram

Bootstrap

Bootstrap

Automatic and private

Automatic and private

Discover

Discover

Is Bob’s PSP here?

?

Bob’s PSP is here

tcpdump

tcpdump

Authenticate

and Bind

Authenticate

and Bind

802.11 header

Proof that I’m Alice

802.11 header

Proof that I’m Bob

Proof that I’m Bob

Send data

Send Data

802.11 header

? bytes

512 bytes

802.11 header

? bytes

128 bytes

SlyFi: obscures all transmitted bits

  • Problem: Third parties can use unencrypted bits such as addresses to track and profile users. How can devices efficiently process packets without addresses?

  • Idea: Sender and receiver agree on sequence of tokens beforehand; attach one token to each packet

  • Details: How do sender and receiver synchronize i?

  • Discovery/binding messages: infrequent and narrow interface  short term linkability is O.K.

  • Data messages: only sent on established connections  expect receiver to get most messages

  • Performs as well as WPA and has stronger security

AB

SlyFi protocol

Client

Service

AB

Check MAC:

K’AB

Probe “Alice”

MAC:

K’AB

KAB

Link Setup Time (ms)

AB

Ti

AB

Symmetric encryption

(e.g., AES w/ random IV)

AB

AB

AB

AB

Tokens Ti and Tj are unlinkable if i ≠ j

Sudare: obscures side-channel leaks

Tryst: obscures & automates bootstrapping

  • Problem: Packet sizes and timings reveal sensitive contents in encrypted packet streams (identity, videos…)

  • Idea: Framework for masking side-channel leaks using signature-like rules for packet padding and cover traffic

  • Problem: Clients often need to communicate with new devices. How does a client know who to trust?

  • Idea: Leverage transitive trust relationships and device reputation to automatically bootstrap keys

Side-channel attack example

“Alice’s Home”

Trust

Masking rules,

performance

constraints

400

400

100

250

400

300

400

400

200

120

Output transmissions

Input transmissions

Attestation

Bootstrapping using transitive trust

Input transmissions


  • Login