Opportunities and Pitfalls in Securing Visible Light Communication - - PowerPoint PPT Presentation

opportunities and pitfalls in securing visible light
SMART_READER_LITE
LIVE PREVIEW

Opportunities and Pitfalls in Securing Visible Light Communication - - PowerPoint PPT Presentation

Jul 01, 2023 40 likes •252 views

Opportunities and Pitfalls in Securing Visible Light Communication on the Physical Layer Jiska Classen, Daniel Steinmetzer, Matthias Hollick Jiska Classen Technische Universitt Darmstadt Secure Mobile Networking Lab - SEEMOO Department of

slide-1
SLIDE 1

20.10.2016 | Secure Mobile Networking Lab | Jiska Classen

Opportunities and Pitfalls in Securing Visible Light Communication on the Physical Layer

Jiska Classen, Daniel Steinmetzer, Matthias Hollick

Jiska Classen

Technische Universität Darmstadt Secure Mobile Networking Lab - SEEMOO Department of Computer Science Center for Advanced Security Research Darmstadt - CASED

  • Mornewegstr. 32

D-64293 Darmstadt, Germany Tel.+49 6151 16-25474, Fax. +49 6151 16-25471 http://seemoo.de or http://www.seemoo.tu-darmstadt.de

slide-2
SLIDE 2

20.10.2016 | Secure Mobile Networking Lab | Jiska Classen | 2

  • Using physical effects that are already there
  • Typically more light-weight than cryptographic solutions
  • Ideal for visible light communication and Internet of Things applications

VLC has different physical layer characteristics compared to WiFi.

Physical Layer Security

Can we use physical layer security for VLC? How do VLC characteristics strengthen/weaken security?

slide-3
SLIDE 3

20.10.2016 | Secure Mobile Networking Lab | Jiska Classen | 3

  • User failures
  • Failure to spot an attacker within trusted zone
  • Better equipment
  • Attacker has thousand phothodiodes
  • Additional information
  • Attacker guesses plain-text
  • Active attackers
  • Blockage and injection of signals

Attacker Model

Examples

slide-4
SLIDE 4

20.10.2016 | Secure Mobile Networking Lab | Jiska Classen | 4

  • Channel HAB is…
  • not known by Eve
  • not reproducible by Eve (often called “trusted zone”)
  • Channel difference can be used to encode confidential information

Confidentiality

Wyner’s Wiretap Channel

Alice Bob Eve HAB HAE Trusted Zone

slide-5
SLIDE 5

20.10.2016 | Secure Mobile Networking Lab | Jiska Classen | 5

  • In practice: unknown attacker location!
  • Eve in proximity gets some information, but how much?
  • Assumption that Eve is not within trusted zone.

Confidentiality

Wyner’s Wiretap Channel

Alice Bob Eve HAB HAE

slide-6
SLIDE 6

20.10.2016 | Secure Mobile Networking Lab | Jiska Classen | 6

⚡ User failures Failure to spot Eve inside trusted zone, even though light propagates more intuitive ⚡ Better equipment Additional photodiodes enable Eve to receive more information, despite worse channels outside trusted zone ⚡ Additional information The incoherent visible light channel HAB contains only light intensity variations, no phase: easier to guess for Eve!

Confidentiality

Wyner’s Wiretap Channel

slide-7
SLIDE 7

20.10.2016 | Secure Mobile Networking Lab | Jiska Classen | 7

  • Bob can synchronize to the

pseudo-random jamming sequence and remove it

  • Eve has no key to generate

the jamming sequence, jamming prevents from…

  • decoding data from Alice
  • transmitting data inside

jammed zone

Confidentiality

Jamming

Alice Jammer Bob Eve

slide-8
SLIDE 8

20.10.2016 | Secure Mobile Networking Lab | Jiska Classen | 8

  • Eve can use multiple

photodiodes to subtract the jamming

  • Since the jamming is only

amplitude additions, the attack becomes easier than for WiFi

Confidentiality

Jamming

Alice Jammer Bob Eve Eve

slide-9
SLIDE 9

20.10.2016 | Secure Mobile Networking Lab | Jiska Classen | 9

⚡ Better equipment Additional photodiodes enable Eve to remove the jamming signal

Confidentiality

Jamming

slide-10
SLIDE 10

20.10.2016 | Secure Mobile Networking Lab | Jiska Classen | 10

  • Central instance generates random key stream transmitted over VLC
  • Stream can be used as one-time pad for WiFi
  • Eve’s WiFi transmission range is limited to the VLC range

Confidentiality

Keys

Bob Eve Key Stream & Decryption

slide-11
SLIDE 11

20.10.2016 | Secure Mobile Networking Lab | Jiska Classen | 11

❓ User failures ❓ Better equipment Both can cause a VLC range that is higher than expected, but the actual range shortage from WiFi range to VLC range is not affected

Confidentiality

Keys

slide-12
SLIDE 12

20.10.2016 | Secure Mobile Networking Lab | Jiska Classen | 12

  • Multiple fixed pattern transmissions enable Bob to locate himself
  • Possibility to transmit data along with location information

Localization and Authentication

Known Patterns

Bob

slide-13
SLIDE 13

20.10.2016 | Secure Mobile Networking Lab | Jiska Classen | 13

  • Attackers might inject false location information
  • If Bob is not trusted, he can report a false location, because channel

reciprocity is missing in VLC

Localization and Authentication

Known Patterns

Eve Bob

slide-14
SLIDE 14

20.10.2016 | Secure Mobile Networking Lab | Jiska Classen | 14

❓ User failures Users might not see attackers injecting false locations ❓ Better equipment Additional equipment is required for attacks, but solely does not make a successful attack ⚡ Additional information Attackers knowing the pattern can report oblivious locations ⚡ Active attackers Active attackers can block the localization and, with pattern knowledge, fake locations to users

Localization and Authentication

Known Patterns

slide-15
SLIDE 15

20.10.2016 | Secure Mobile Networking Lab | Jiska Classen | 15

  • Patterns send to Bob are random
  • Bob cannot compute his position, but needs to report measurements to

a central instance doing the computation

Localization and Authentication

Random Patterns

Bob Location Database

slide-16
SLIDE 16

20.10.2016 | Secure Mobile Networking Lab | Jiska Classen | 16

✓ Randomness successfully prevents the aforementioned attacks ❓ Better equipment Multi-antenna attackers might still extract the location pattern and replay it, which requires the addition of distance bounding

Localization and Authentication

Random Patterns

slide-17
SLIDE 17

20.10.2016 | Secure Mobile Networking Lab | Jiska Classen | 17

  • Alice and Bob vary their polarization filter by a shared pseudo-random

pattern

  • Only if the patterns match, the transmitted information can be

reconstructed

Integrity

Polarization

Alice

? ?

Bob

slide-18
SLIDE 18

20.10.2016 | Secure Mobile Networking Lab | Jiska Classen | 18

  • Eve can measure the polarization pattern and inject her own signal

Integrity

Polarization

Alice

? ?

Bob Eve

?

slide-19
SLIDE 19

20.10.2016 | Secure Mobile Networking Lab | Jiska Classen | 19

⚡ Better equipment Attackers with additional hardware can extract polarization information, hence can decode signals ⚡ Active attackers Active attackers can even inject signals

Integrity

Polarization

slide-20
SLIDE 20

20.10.2016 | Secure Mobile Networking Lab | Jiska Classen | 20

Overview

Wiretap channel Jamming Keys Known patterns Random patterns Polarization User failures

⚡ ✓ ❓ ✓ ✓ ✓

Better equipment

⚡ ⚡ ❓ ❓ ❓ ⚡

Additional information

⚡ ✓ ✓ ⚡ ✓ ✓

Active attackers

✓ ✓ ✓ ⚡ ✓ ⚡

slide-21
SLIDE 21

20.10.2016 | Secure Mobile Networking Lab | Jiska Classen | 21

Can we use physical layer security for VLC? How do VLC characteristics strengthen/weaken security?

  • Schemes that do not require channel reciprocity can be adapted
  • Missing phase information weakens approaches
  • Better range estimation by users strengthens approaches
  • WiFi attacks also apply to VLC physical layer security

Conclusion