410 likes | 421 Views
This paper discusses the problem of authenticating mobile devices and proposes a proximity-based solution using the devices' radio environment. The paper introduces the BlueSniper Rifle and the Amigo authentication methods, highlighting their advantages and requirements. It also presents the commitment protocol and provides a scenario analysis with real-world traces.
E N D
Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony LaMarca
Secure Spontaneous Interaction • Phone + hotel room TV and keyboard • Exchange of private info • Phone and hands free • Paying for groceries, tickets, cola
Naïve Solution • Diffie-Hellman Alice Bob a b
Naïve Solution g, ga • Diffie-Hellman Alice Bob a b
Naïve Solution g, ga • Diffie-Hellman Alice Bob a b Kgab
Naïve Solution g, ga gb • Diffie-Hellman Alice Bob a b K=gab
Naïve Solution g, ga gb • Diffie-Hellman Alice Bob a K=gba b K=gab
The Problem • Who is my device really communicating with?
The Problem Bob b • Who is my device really communicating with? • Spoofing Alice a
The Problem Bob b • Who is my device really communicating with? • Spoofing X Alice x a
The Problem • Who is my device really communicating with? • Spoofing X Alice x a
The Problem • Who is my device really communicating with? • Spoofing Bob Alice x a
The Problem g, ga gx • Who is my device really communicating with? • Spoofing Bob Alice x K=gax a K=gxa
The Problem • Who is my device really communicating with? • Spoofing • Man in the middle X Bob Alice x b a
The Problem g, ga g, gx gx gb • Who is my device really communicating with? • Spoofing • Man in the middle X Bob Alice x K1=gax K2=gbx b K2=gxb a K1=gxa
The Problem g, ga g, gx gx gb • Who is my device really communicating with? • Spoofing • Man in the middle • Solution: Ensure communication with device that is close • Assumption: attacker is not between legitimate devices X Bob Alice x K1=gax K2=gbx b K2=gxb a K1=gxa
Existing Solutions • Use a cable • Use short range communication • Bluetooth • Infrared • Laser • Ultrasound • Near field communication (NFC) • Ask user to verify pairing • Displaying keys • Playing music, images
Existing Solutions • Use a cable • Use short range communication • Bluetooth • Infrared • Laser • Ultrasound • Near field communication (NFC) • Ask user to verify pairing • Displaying keys • Playing music, images BlueSniper Rifle by Flexis
Key Idea • Secure pairing requires a shared secret • Devices in close proximity perceive a similar radio environment • Derive shared secret from common radio environment • Listen to traffic of ambient radio sources Use knowledge of common radio environment as proof of proximity
Advantages • No extra hardware • Leverage radio already available on device • No user involvement to verify pairing • Not subject to eavesdropping • Secret derived by listening to ambient sources
Requirements on Radio Environment • Temporal variability • Signal fluctuates randomly at a single location over time
Requirements on Radio Environment • Spatial variability • Valuesat different locations have low correlation
Requirements on Radio Environment • Devices in proximity should perceive similar environment 10 m 5 cm 85% common pkts 40% common pkts
Potential Authentication Methods • Proximity-based authentication token • Diffie-Hellman • Authenticate using the token • Proximity-based encryption keys • Directly from the common environment • Less CPU intensive?
Amigo: Diffie-Hellman + Proximity Token • Devises monitor radio environment following Diffie-Hellman key exchange • Send to each other a signature • Each device verifies that signature similar to own observation • Signature does not have to remain secret after exchange is over
Signature Verification • Signature: sequence of hash of packet + RSSI • Segment size 1 second
Classifier • 2 stage boosted binary stump classifier • Stage 1: Filters noisy data • Marks as invalid instances with % of common pkts bellow threshold (75% works well) • Stage 2: Assigns a score to valid instances • Function of differences in signal strength • Converts scores into votes based on threshold • Tally votes for all instances
Commitment Protocol X Bob Alice x K1=gax K2=gbx b K2=gxb a K1=gxa • Reveal man-in-middle attack while exchanging signatures • Forces attacker to forge data • Break signature S into n blocks • Generate nonce • Each period exchange • Knonce ( Hash (Ksession_key),Hash(id),si) • Send nonce KnA(H(K1)H(A)Si) KnB(H(K2)H(B)Si)
Scenario 1 : Simple Attacker • 6 laptops • Friendly 5cm away • Attackers 1,3,5,10 meters • WiFi – Orinoco Gold • All at same height • Line of sight 1m 3m 5m 10m Best case for attacker
Traces • 2 traces: training and testing • 2 months apart • 2 different location in the lab • 10 minute trace • 30 – 50 thousand pkts per laptop • 11 access points • 45 – 58 WiFi radio sources
Simple Attacker • Can pair within 5 seconds • Can detect attacker 3 meters away or more • 1 meter is a problem
Local Entropy: Obstacles False Positives • Line-of-sight (1m) 81% • Drywall (10cm) 100% • Human (1m) 12% • Concrete wall (30cm) 0% • Human blocking attacker’s line of sight goes a long way to improve performance
Local Entropy: Movement Hand waving helps!
Stretching Co-Location • 5 laptops • Friendly 1 m away • Attackers 3,5,10 meters • All at same height • Line of sight 1m 3m 5m 10m
Scenario 2 : Attacker with Site Knowledge • Before pairing • Attacker samples exact pairing spot • Creates RSSI distribution for every wireless source it hears • While pairing • Pkts from know source assign RSSI from distribution • Pkts from unknown source • Option 1 Discard • Option 2 Leave unchanged (best)
Scenario 2 : Attacker with Site Knowledge With hand waving false rate positives reaches 0 within 5 seconds
Scenario 3: “Omnipotent” Attacker • Controls all radio sources • Knows which pkts were received by victim • Oracle: RSSI from current distribution
Conclusions • Possible to use knowledge of radio environment to prove physical proximity • Advantages • No extra hardware • No user involvement to verify pairing • Not subject to eavesdropping • Two potential methods • Location-based authentication token • Location-based encryption keys
Future Work • System robustness • Different cards and antennas • Different environments • Improve accuracy • Software radios • Multiple radios • Proximity-based encryption keys
Questions? Eyal de Lara delara@cs.toronto.edu www.cs.toronto.edu/~delara Varshavsky, Scannell, LaMarca, de Lara“Amigo: Proximity-based Authentication of Mobile Devices” 9th Int.Conference on Ubiquitous Computing (UbiComp) Innsbruck, Austria, Sep. 2007