1 / 46

SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems

SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems. Nitesh Saxena Polytechnic Institute of NYU nsaxena@poly.edu http://spies.poly.edu/~nsaxena Research areas : computer and network security, applied cryptography. Research Overview. Secure Device Association.

pink
Download Presentation

SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. SPIES: Security and Privacy In Emerging computing and networking Systems Nitesh Saxena Polytechnic Institute of NYU nsaxena@poly.edu http://spies.poly.edu/~nsaxena Research areas: computer and network security, applied cryptography 1/46

  2. Research Overview 2/46

  3. Secure Device Association 3/46

  4. Secure Association of Wireless Devices • How to bootstrap secure communication between Alice’s and Bob’s devices when they have • no prior context • no common trusted CA or TTP 4/46

  5. Secure Association of Wireless Devices • Common pairing examples: • Cell-phone  headset (bluetooth) • Laptop  access point (WiFi) • Cell-phone  cell-phone (bluetooth) 5/46

  6. Secure Association of Wireless Devices Audio, Visual, Tactile • Solution idea: • use auxiliary or out-of-band (OOB) channel • with minimal involvement from Alice and Bob 6/46

  7. Research Challenges OOB channels are low-bandwidth Devices may be constrained in terms of interfaces User is constrained - Usability Multiple devices/users Sensor network initialization Group formation Ohh! I cannot even pair my socks! Selected contributions: TIFS’11, TMC’11, CHI’10, CCS’10, Ubicomp’10, SCN’10, PMC’09, Percom’09, SOUPS’08, Oakland’06 7/46

  8. RFID Security and Privacy 8/46

  9. Wig model #4456 (cheap polyester) Viagra medical drug #459382 Das Kapitaland Communist-party handbook 500 Euros in wallet Serial numbers: 597387,389473… 30 items of lingerie The Privacy Problem Good tags, Bad readers 9/46

  10. Wig model #4456 (cheap polyester) Viagra medical drug #459382 Das Kapitaland Communist-party handbook 500 Euros in wallet Serial numbers: 597387,389473… 30 items of lingerie The Authentication Problem Good readers, Bad tags Counterfeit!! 10/46

  11. Relay (Ghost-and-Leech) Attacks response query query query response response 11/46

  12. Research Challenges • Very limited resources • a $0.03 tag can’t do much computationally • only and-or-xor operations might be feasible • has only ~2,000 gates for security operations • few bits to few bytes of memory • No user interfaces • Atypical usage model Selected contributions: Percom’11, JCS’10, CCS’10, RFIDSec’10, RFIDSec’09, RFIDSec’09 12/46

  13. Other Projects • Strong Password Authentication • Password-Protected Secret Sharing and Distributed Function Computation • Privacy of Web and Location-based Search • Security and Privacy of P2P Systems • Inference of Private Attributes in Online Social Networks • Playful Security • Security and Privacy of Medical Devices Selected contributions: Percom’11, AsiaCCS’11, TIFS’10, TIFS’09, TPDS’09, P2P’10, PETS’10, FC’10, ACNS’06, ICNP’05, TCC’05, SASN’05, SASN’04 13/46

  14. On Pairing Constrained Wireless Devices Based on Secrecy of Auxiliary Channels: The Case of Acoustic Eavesdropping ACM Conference on Computer and Communications Security (CCS), October 2010 14/46

  15. Recall: The "Pairing" Problem Audio; Visual; Tactile • Solution idea • use auxiliary = out-of-band (OOB) channels • with minimal involvement from Alice and Bob 15/46

  16. Pairing using Authenticated OOB (A-OOB) Short Authenticated Strings (SAS) Protocols Vaudenay [Crypto’05]; Nyberg-Laur [CANS’06] Pasini-Vaudenay [CT-RSA’08]; Jarecki-Saxena [SCN’10] A PKA PKB B SASA SASA SASB SASB Examples: Manual Transfer (numbers – Uzun et al. [Usec’07]) Automated Transfer (barcode-camera – McCune et al. [Oakland’05]) 16/46

  17. Recall: Constrained Devices • Devices with constrained interfaces and resources • Headsets • Access points • RFID tags • Medical implants (no physical access) • … • Many common pairing scenarios involve one constrained device 17/46

  18. A-OOB Pairing: Constrained Devices A PKA PKB B SASA SASA SASB SASB 18/46

  19. A-OOB Pairing: Constrained Devices Difficult and prone to fatal human errors (Kumar et al. [Percom’09]) Saxena et al. [Oakland’05] A PKA PKB B SASA b = (SASB = = SASA) SASA b 19/46

  20. Pairing using Authenticated and Secret OOB (AS-OOB) K A B • Unidirectional OOB • No fatal human errors • Simple: no crypto 20/46

  21. Pairing using Authenticated and Secret OOB (AS-OOB) Password/PIN A B PAKA • Unidirectional OOB • No fatal human errors 21/46

  22. Focus of Our Work • We examine three AS-OOB pairing methods • based on low-volume audio signals • require device vibration and/or button clicks • generate acoustic emanations as by-product • Can an attacker recover the underlying OOB data (key or password) via acoustic eavesdropping? 22/46

  23. Related Work • Keyboard acoustic emanations used to detect key presses (Asonov-Agrawal [Oakland’04]) • Follow-up work by Zhuang et al. [CCS’05] and Berger et al. [CCS’06] • Inference of CPU activities through acoustic emanations (Shamir-Tromer) 23/46

  24. Our Contributions • First paper to explore AS-OOB pairing security based on acoustic emanations • In general, observation attacks on pairing • Consider realistic settings: eavesdropping from 2-3 ft distance • Allows an eavesdropper to place a microphone next to the device(s) • Farther eavesdropping using parabolic microphone explored • Off-the-shelf, inexpensive equipments and tools 24/46

  25. Pairing Methods Examined (1/3) • IMD Pairing: Pairing an Implantable Medical Device (IMD) and an authorized reader (Halperin et al. [Oakland’08]). • RFID tag with piezo attached to IMD beeps and transmits key to reader • Reader microphone on the body surface records the key 25/46

  26. Pairing Methods Examined (2/3) • PIN-Vibra: Used for pairing a personal RFID tag with a mobile phone (Saxena et al. [SOUPS’08 Poster]) • Phones vibrates encoding a PIN and touched to the tag • Tag senses the vibrations using on-board accelerometer PIN Accelerometer 26/46

  27. Pairing Methods Examined (3/3) • BEDA (Button Enabled Device Association): Soriente et al. [IWSSI’07, IJIS’09] • First device encodes a short password into blinking of an LED or vibration • Second device has a button Blink-Button Vibrate-Button 27/46

  28. Eavesdropping Overview • Eavesdropping implemented using off-the-shelf equipment • PC microphone • Parabolic microphone for larger distance recording • Windows sound recorder and Matlab software • Utilized signal processing methods and neural networks to decode the OOB data 28/46

  29. Research Challenges • IMD binary bit signal characteristics unknown • Small differences in spectrum of “mark” and “space” bits • Short bits sometimes overlap each other • Vibration and button clicks • Signal stretches over a wide range of frequencies • Signal affected by background noise when recorded from a distance 29/46

  30. Eavesdropping IMD Pairing 30/46

  31. IMD Pairing • System described in IMD paper recreated • Included a piezo connected to an Intel’s WISP tag • Inserted within a combination of meats • Emulated human chest • Random 128-bit key encoded into the piezo • Plus 8 bit pre-amble start sequence • Using 2-FSK modulation • Acoustic signal recorded and processed from different distances 31/46

  32. IMD Setup Piezo attached to the WISP Implanted IMD* 32/46 Meat combination used to simulate human body *from Halperin et al.

  33. Our Attack • Characteristic frequency components detected for each of the 2-FSK signals encoded • Utilized for detecting accurate signal beginning • Small differences in frequencies used to distinguish between bits and detect beginning sequence • FFT and MFCC features created for each consecutive bit in the signal • Multiple Neural networks explored to classify each bit • Both supervised and unsupervised networks 33/46

  34. Results – from 3 ft away 34/46

  35. Results • About 99% detection accuracy from up to 3 ft away • MFCC features provided better results then FFT features • Both supervised and unsupervised neural networks provide similar results • Tests using parabolic microphone showed about 80% accuracy utilizing only signal processing techniques • 12 ft away recording 35/46

  36. Eavesdropping PIN-Vibra 36/46

  37. Method Description • PIN encoded into vibrations (on-off encoding) • 14 bits random key hardcoded into cell phone • Three additional bits (“110”) beginning sequence used to indicate key beginning (to a valid decoder) • '1' bit marked by vibration, '0' bit marked by “sleep” period 37/46

  38. Our Attack • Similar to IMD eavesdropping: • Spectrum analysis used to detect key beginning sequence • Neural Network classifiers used to decode key • Attack resulted in 100% successful detection of key 38/46

  39. Results 39/46

  40. Eavesdropping BEDA 40/46

  41. Method Description • Password encoded on one device • As function of distances (time interval) between events • Each event generates blink or vibration • User presses button on other device when first device blinks or vibrates • Implemented with 21-bit random password • Provides 8 total signals 41/46

  42. Our Attack • For Blink-Button, we analyze button-pressing signals; for Vibrate-Button, we analyze vibration (button-pressing is subsumed within) • Only used signal processing methods • Detected each button press or vibration event • Since in this case, the binary bits are not continuous, no classification is needed • It is sufficient to detect each signal beginning • Attack resulted in an accuracy of 98% 42/46

  43. Implications of Our Attacks • IMD Pairing: directly learn the shared secret • PIN-Vibra: directly learn the shared secret • no protection in the event of loss/theft of RFID • still resistant to (remote) unauthorized reading • BEDA • Need to launch a man-in-the-middle attack as soon as the password is learned • The three methods provide weaker security than what was assumed or is desired 43/46

  44. Conclusions and Future Work • The three AS-OOB pairing methods vulnerable to acoustic eavesdropping attacks • Neural networks useful in correctly decoding bits from spectrum features • Successful eavesdropping possible even from farther using a parabolic microphone • Broadly, secure and usable pairing of constrained devices resistant to observation attacks is a research challenge • Open problem 44/46

  45. Other Projects • Strong Password Authentication • Password-Protected Secret Sharing • Privacy of Web and Location-based Search • Security and Privacy of P2P Systems • Inference of Private Attributes in Online Social Networks • Playful Security • Security and Privacy of Medical Devices Selected contributions: Percom’11, AsiaCCS’11, TIFS’10, TIFS’09, TPDS’09, P2P’10, PETS’10, FC’10, ACNS’06, ICNP’05, TCC’05, SASN’05, SASN’04 45/46

  46. Acknowledgments • Sponsors: NSF, NYU, NYU-Poly, Google, Nokia, Intel, Research in Motion • Students – the SPIES: Jon Voris, Tzipora Halevi, Sai Teja Peddinti, Justin Lin, Borhan Uddin, Ambarish Karole, Arun Kumar, Ramnath Prasad, Alexander Gallego • Collaborators Thanks! 46/46

More Related