1 / 12

Physical Contact in Ad-Hoc Wireless Network

Physical Contact in Ad-Hoc Wireless Network. Nie Pin 27.10.2006. Agenda. Introduction Assumptions on Ad-Hoc Wireless Network during the First Connect Constraints on mobile devices Attack Models Principles of Physical Contact Out-Of-Band (OOB) solutions Evaluation Conclusion.

niyati
Download Presentation

Physical Contact in Ad-Hoc Wireless Network

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Physical Contact in Ad-Hoc Wireless Network Nie Pin 27.10.2006

  2. Agenda • Introduction • Assumptions on Ad-Hoc Wireless Network during the First Connect • Constraints on mobile devices • Attack Models • Principles of Physical Contact • Out-Of-Band (OOB) solutions • Evaluation • Conclusion

  3. Introduction • First Connect • Initial setup of a security association among two or more devices for subsequent secure communication. Typical case: pairing of two devices, agreement signing between two parties. • Physical Contact • Negotiating and exchanging process within a limited scope, between two parties. (OOB) • Basic perceivability of the surroundings (users’ role) • Out of Band (OOB) • A separate communicating band (auxiliary channel) other than the one used for the subsequent communications, for exchanging security parameters (e.g. transmitting authentication data) or control information

  4. Assumptions • Direct talk • One-to-One communication style • Demonstrative Identification (DI) • Authentication and confirmation • Limit the control range, reduce interferences • No trusted third party • No valid assertion, token, rumor and recommendation • No previous context • No history and experience • Security Transient Association • Not necessary, but likely in practice, better to include

  5. Constraints • User Interface • Input • Keypad, handwriting, microphone, camera, biometric detectors • Output • Sticker (i.e. label), LED, beeper, LCD display • Computing Power and Memory • Weak CPU (Intel PXA255 400MHz, bus 200MHz) • Little memory (HP iPAQ Pocket PC 2215 – 96MB, Nokia 6822 – 3.5MB internal memory) • Battery Consumption • Limited on electrical power (Nokia N95 – Talk time:2.5-3.5 hours, PDA – Talk time:4-6 hours)

  6. Attack Models • Active Attacks • Denial-of-Service (DoS) attack • Block the target by flooding it with numerous requests • Considering the battery limit, it turns to be sleep deprivation torture. • Interference attack • Create too much strong noises to disable the detection at the receiver’s side • Man-in-the-middle (MITM) attack • Modifying data streams, inserting and deleting (break the integration) • Playback of data, e.g. reflection attack and replay attack. • Passive Attacks • Eavesdropping, a step for further attacking

  7. Principles of Physical Contact • Bootstrap • Imprinting, what should be bound or exchanged for subsequent secure communication? • Proximity Detection • Fulfill the DI requirement • Presence Confirmation • Derive from DI • Capture intention and set location restriction • Pre-authentication • Control Information or security factors exchange by using OOB • Flexibility • The solution can be carried out in many forms or OOBs to fit the constraints of different devices

  8. Out-Of-Band (OOB) solutions • Authenticated Strings • Use commitment schemes to exchange the commitment, containing the keys and a “hidden value” • Strings/numeric Comparison or Passkey-based • User acknowledges the check values on both devices or input the value (a shared secret) to the other devices • Human knowledge based • Radio, Infrared and ultrasound • Special transmitter and receiver for the channel • Location limited channel (LLC): distance binding • Closest proximity assumption is the necessary condition • Visual Channel • Camera needed, display (e.g. LCD or LED) needed • Computing intensive analyzing algorithms • Two examples: SiB and VIC (DH-IC) • Audio Channel • L&C with the same basic idea as SiB • Biometrics Channel • E.g. Grip pattern, fingerprint, voice spectrum…

  9. Evaluation • Advantages • Benefits • Pre-authentication, DI, MitM attack prevention • Flexibility • Unidirectional authentication and mutual authentication • Disadvantages • Algorithms complexity • E.g. image processing, light signals processing, distance measurement, Integrity verification… • Extra assumptions or overhead on devices and environment • Channel carrier (e.g. transmitter, receiver, detector or camera, LED)

  10. Evaluation (2) • Human knowledge / biometric based • Simple, but needs user operation (e.g. compare or input) as the auxiliary authentication channel • Radio, infrared and ultrasound • Fool prove • High requirement on distance measuring • Special modules needed on the devices • Visual channel • Easy to use • Algorithm complex and computing intensive

  11. Conclusion • Balancing game • Tradeoff between usability (human involved degree) and complexity (algorithms simulate human perceivability, e.g. seeing, touching, feeling) • Tradeoff between security and efficiency, execution time (e.g. integrity verification) • Fitting specific situations (applications scope) • One way authentication for ad-hoc services in public places • Lower the requirements on SP’s equipments (e.g. SC=>Passkey, SiB=>VIC) • Mutual authentication for peer-to-peer communications • Make full use of popular equipments or functions on mobile devices (e.g. SC, SiB)

  12. Acknowledgement • Thanks for the comments and suggestions from Prof. K. Nyberg, Prof. N. Asokan, Jukka Valkonen and Vesa Vaskelainen 

More Related