secure pairing of wireless devices by multiple antenna diversity
DESCRIPTION
Secure Pairing of Wireless Devices by Multiple Antenna Diversity. Liang Cai University of California, Davis Joint work with Kai Zeng , Hao Chen, Prasant Mohapatra. Ubiquitous Wireless Devices. Most of these devices require ad-hoc connections!. Wi-Fi Direct. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Secure Pairing of Wireless Devices by Multiple Antenna Diversity](https://reader036.vdocument.in/reader036/viewer/2022062323/5681662f550346895dd995f7/html5/thumbnails/1.jpg)
Secure Pairing of Wireless Devices by Multiple Antenna Diversity
Liang CaiUniversity of California, Davis
Joint work with Kai Zeng, Hao Chen, Prasant Mohapatra
![Page 2: Secure Pairing of Wireless Devices by Multiple Antenna Diversity](https://reader036.vdocument.in/reader036/viewer/2022062323/5681662f550346895dd995f7/html5/thumbnails/2.jpg)
2
Ubiquitous Wireless Devices
Most of these devices require ad-hoc connections!
![Page 3: Secure Pairing of Wireless Devices by Multiple Antenna Diversity](https://reader036.vdocument.in/reader036/viewer/2022062323/5681662f550346895dd995f7/html5/thumbnails/3.jpg)
3
Wi-Fi Direct
• Allows peer-to-peer Wi-Fi connection (without AP)• Requires no new hardware• Specification and certified devices are coming soon
![Page 4: Secure Pairing of Wireless Devices by Multiple Antenna Diversity](https://reader036.vdocument.in/reader036/viewer/2022062323/5681662f550346895dd995f7/html5/thumbnails/4.jpg)
4
Secure Device Pairing
• Bootstrap secure communication between two devices.• Common approach: shared PIN code• Problems
– Many devices have no keyboard (so they hardcode secrets)– Potential user error and vulnerability
• Solution: using out-of-band (OOB) channels
![Page 5: Secure Pairing of Wireless Devices by Multiple Antenna Diversity](https://reader036.vdocument.in/reader036/viewer/2022062323/5681662f550346895dd995f7/html5/thumbnails/5.jpg)
5
Visual Channel (Seeing is Believing)
![Page 6: Secure Pairing of Wireless Devices by Multiple Antenna Diversity](https://reader036.vdocument.in/reader036/viewer/2022062323/5681662f550346895dd995f7/html5/thumbnails/6.jpg)
6
Acoustic Channel (Loud and Clear)
Alice’s PDA Fax machine
ga
gb
CALLIE FLEXIBLY ownsFLUFFY BINTURONGs
that ABUSE. Alice
Do they match?
CALLIE FLEXIBLY ownsFLUFFY BINTURONGs
that ABUSE.
![Page 7: Secure Pairing of Wireless Devices by Multiple Antenna Diversity](https://reader036.vdocument.in/reader036/viewer/2022062323/5681662f550346895dd995f7/html5/thumbnails/7.jpg)
7
Motion Channel (Shake well before use)
![Page 8: Secure Pairing of Wireless Devices by Multiple Antenna Diversity](https://reader036.vdocument.in/reader036/viewer/2022062323/5681662f550346895dd995f7/html5/thumbnails/8.jpg)
8
Limitations of OOB Channels
• OOB channels are not ubiquitous on all devices• Some OOB channels are vulnerable to attacks (Halevi
etc. CCS ’10)
![Page 9: Secure Pairing of Wireless Devices by Multiple Antenna Diversity](https://reader036.vdocument.in/reader036/viewer/2022062323/5681662f550346895dd995f7/html5/thumbnails/9.jpg)
9
Desirable Device Pairing Scheme
• Use no out-of-band channel• Does NOT require the user to
– Enter secrets (simplify user tasks), or– Verify secrets (avoid user mistakes)
![Page 10: Secure Pairing of Wireless Devices by Multiple Antenna Diversity](https://reader036.vdocument.in/reader036/viewer/2022062323/5681662f550346895dd995f7/html5/thumbnails/10.jpg)
10
Our scheme: Good Neighbor
• Use the wireless channel• Securely pair devices based on proximity
![Page 11: Secure Pairing of Wireless Devices by Multiple Antenna Diversity](https://reader036.vdocument.in/reader036/viewer/2022062323/5681662f550346895dd995f7/html5/thumbnails/11.jpg)
11
Why not using Distance-bounding Protocols
• Cryptographic protocol that allows verifier V to establish an upper bound on physical distance to a prover P.
• Based on the fact that electro-magnetic waves travel nearly at the speed of light, but cannot travel faster
• Rely on a rapid bit exchange and require precise clocks to measure light-speed messages
![Page 12: Secure Pairing of Wireless Devices by Multiple Antenna Diversity](https://reader036.vdocument.in/reader036/viewer/2022062323/5681662f550346895dd995f7/html5/thumbnails/12.jpg)
12
Threat model
• Attackers can– Have powerful antennas– Have exact copies of the pairing devices– Know the exact location of the pairing devices
• Attackers can NOT– Come in close proximity of the receiver (Eg. less than 1m).– Compromise the pairing devices. – Jam the channel
![Page 13: Secure Pairing of Wireless Devices by Multiple Antenna Diversity](https://reader036.vdocument.in/reader036/viewer/2022062323/5681662f550346895dd995f7/html5/thumbnails/13.jpg)
13
Naïve Approach: Inferring proximity by RSS
d = d1 d = d2
Changing P0
Receiver Sender
![Page 14: Secure Pairing of Wireless Devices by Multiple Antenna Diversity](https://reader036.vdocument.in/reader036/viewer/2022062323/5681662f550346895dd995f7/html5/thumbnails/14.jpg)
14
L
Improvement: Inferring proximity by RSS ratio
d1 d2Ratio:
d’1 d’2 Ratio:
>>0
≈0
![Page 15: Secure Pairing of Wireless Devices by Multiple Antenna Diversity](https://reader036.vdocument.in/reader036/viewer/2022062323/5681662f550346895dd995f7/html5/thumbnails/15.jpg)
15
Antenna Diversity and IEEE 802.11n MIMO
IBM T42P (Antennas diversity)
• Spatial diversity: to improve the quality and reliability of a wireless link
Dell e5400 (MIMO antennas)
• Spatial diversity• Spatial multiplexing (From
54Mbps to 600 Mbps)
![Page 16: Secure Pairing of Wireless Devices by Multiple Antenna Diversity](https://reader036.vdocument.in/reader036/viewer/2022062323/5681662f550346895dd995f7/html5/thumbnails/16.jpg)
16
Practical Problem: Unstable RSS Values
• Problem:– RSS values may fluctuate
• Solution:– Sender (S) sends a series of packets– Receiver (R) calculates the mean and deviation of the RSS
values
![Page 17: Secure Pairing of Wireless Devices by Multiple Antenna Diversity](https://reader036.vdocument.in/reader036/viewer/2022062323/5681662f550346895dd995f7/html5/thumbnails/17.jpg)
17
Practical Problem: RSS saturation
• Problem:– RSS value saturates when the signal is too strong or too weak.
• Solution: (power probing)– S sends probing packets with different transmission power levels– R chooses the optimal power level that results in the largest
RSS ratio
![Page 18: Secure Pairing of Wireless Devices by Multiple Antenna Diversity](https://reader036.vdocument.in/reader036/viewer/2022062323/5681662f550346895dd995f7/html5/thumbnails/18.jpg)
18
Practical Problem: Automatic Rate Adaptation
• Problem: – Inconsistent RSS values if the Automatic Rate Adaptation
feature is enabled. • Solution:
– Disable Automatic Rate Adaptation.
![Page 19: Secure Pairing of Wireless Devices by Multiple Antenna Diversity](https://reader036.vdocument.in/reader036/viewer/2022062323/5681662f550346895dd995f7/html5/thumbnails/19.jpg)
19
RA2
Final schemeS R
Move S close to A1 of R
AuthRequest()
PowerQuery(I,n)
RSSMeasure(EKR(k))
AuthResponse(KR)
Move S close to A2 of R
Success()
RSSMeasure(EKR(k))
PowerResponse(l)
S
A1
![Page 20: Secure Pairing of Wireless Devices by Multiple Antenna Diversity](https://reader036.vdocument.in/reader036/viewer/2022062323/5681662f550346895dd995f7/html5/thumbnails/20.jpg)
20
Typical RSS ratio of successful device pairingRSS ratio
![Page 21: Secure Pairing of Wireless Devices by Multiple Antenna Diversity](https://reader036.vdocument.in/reader036/viewer/2022062323/5681662f550346895dd995f7/html5/thumbnails/21.jpg)
21
Antennas used in our experiments
Type 1: internal antennas for Dell E5400 laptop
Type 4: Dipole antenna
Type 3: RP-SMA (f) socketType 2: antennas for laptop mini PCI cards
![Page 22: Secure Pairing of Wireless Devices by Multiple Antenna Diversity](https://reader036.vdocument.in/reader036/viewer/2022062323/5681662f550346895dd995f7/html5/thumbnails/22.jpg)
22
Logarithmic relationship betweenRSS value and the sender-receiver distance
![Page 23: Secure Pairing of Wireless Devices by Multiple Antenna Diversity](https://reader036.vdocument.in/reader036/viewer/2022062323/5681662f550346895dd995f7/html5/thumbnails/23.jpg)
23
Linear relationship between RSSvalue and the transmission power
![Page 24: Secure Pairing of Wireless Devices by Multiple Antenna Diversity](https://reader036.vdocument.in/reader036/viewer/2022062323/5681662f550346895dd995f7/html5/thumbnails/24.jpg)
24
RSS saturation is observed when the distance decreases
![Page 25: Secure Pairing of Wireless Devices by Multiple Antenna Diversity](https://reader036.vdocument.in/reader036/viewer/2022062323/5681662f550346895dd995f7/html5/thumbnails/25.jpg)
25
Prototype26cm
•Modify the driver to export RSS values seperately•Threshold setting:
• rH = -rL = 11• σvalve =0.6• Tvalve = 1s
Receiver Sender
![Page 26: Secure Pairing of Wireless Devices by Multiple Antenna Diversity](https://reader036.vdocument.in/reader036/viewer/2022062323/5681662f550346895dd995f7/html5/thumbnails/26.jpg)
26
Video
![Page 27: Secure Pairing of Wireless Devices by Multiple Antenna Diversity](https://reader036.vdocument.in/reader036/viewer/2022062323/5681662f550346895dd995f7/html5/thumbnails/27.jpg)
27
Prototype
r<20cm
20cm<r<1m
r>1m
![Page 28: Secure Pairing of Wireless Devices by Multiple Antenna Diversity](https://reader036.vdocument.in/reader036/viewer/2022062323/5681662f550346895dd995f7/html5/thumbnails/28.jpg)
28
Potential Attack using Multipath Effect
• Attacker may exploit multipath effect to find faraway locations that cause large RSS ratios
![Page 29: Secure Pairing of Wireless Devices by Multiple Antenna Diversity](https://reader036.vdocument.in/reader036/viewer/2022062323/5681662f550346895dd995f7/html5/thumbnails/29.jpg)
29
Mitigating with Frequency hopping
![Page 30: Secure Pairing of Wireless Devices by Multiple Antenna Diversity](https://reader036.vdocument.in/reader036/viewer/2022062323/5681662f550346895dd995f7/html5/thumbnails/30.jpg)
30
Potential Attack using Beam Forming
• Risk: Attackers may form a beam of signal with an antenna array
• Attackers need a very large antenna array (size of hundreds of meters when L=20cm, d>10m)
![Page 31: Secure Pairing of Wireless Devices by Multiple Antenna Diversity](https://reader036.vdocument.in/reader036/viewer/2022062323/5681662f550346895dd995f7/html5/thumbnails/31.jpg)
31
Future works
• Mutual authentication• Apply our scheme to Bluetooth• Applications that requires Near Field Communication
![Page 32: Secure Pairing of Wireless Devices by Multiple Antenna Diversity](https://reader036.vdocument.in/reader036/viewer/2022062323/5681662f550346895dd995f7/html5/thumbnails/32.jpg)
32
Conclusion
• A novel device-pairing scheme– Based on proximity– Requires no Out-of-Band Channel– Requires no user input or verification