seeing is believing proximity based authentication
play

Seeing is Believing: Proximity-based Authentication Peter - PowerPoint PPT Presentation

Aug 14, 2022 •10 likes •270 views

Source: [5] Seeing is Believing: Proximity-based Authentication Peter Pilgerstorfer | | Peter Pilgerstorfer 03.03.2015 1 Motivation Pairing without user interaction Traditional authentication E.g. enter/confirm shared PIN

  1. Source: [5] Seeing is Believing: Proximity-based Authentication Peter Pilgerstorfer | | Peter Pilgerstorfer 03.03.2015 1

  2. Motivation  Pairing without user interaction  Traditional authentication  E.g. enter/confirm shared PIN  Not possible for certain IoT devices  Not scalable  Use cases  NFC payments  Keyless entry and start systems  Secure pairing for implants  … 2

  3. Goal  A secure and authentic connection between two devices  Shared secret  Verify authenticity  Assumption: Authentic if the devices are within proximity to each other  Why does proximity lead to trust?  How to determine proximity? 3

  4. Why does proximity lead to trust? Image sources: [9-11] 4

  5. How to determine proximity?  Time of Flight  Radio signal  RSSI (Received Signal Strength Indicator)  Accelerometer  Illumination  Audio signals  … 5

  6. Overview  Wi-Fi Time of Flight, CoNext 2014  Amigo, UbiComp 2007  ProxiMate, MobiSys 2011 Image sources: [6-8] 6

  7. Wi-Fi Time of Flight  Measure response time t f = 1 2 𝑢 𝑛 − 𝑢 𝐵𝐷𝐿 − 𝜀  Calculate the distance 𝑒 = 𝑑 ⋅ 𝑢 𝑔 𝑢 𝑔 𝑢 𝐵𝐷𝐿 𝑢 𝑔 𝜀 𝑢 𝑛 send receive Alice Data ACK d Bob receive send Time 7

  8. Wi-Fi Time of Flight - Challenges  Noisy measurements  Multiple paths  Imprecise hardware  Consequences  Measure multiple times  Effective median error: 1.7 – 2.4𝑛 Image taken from Marcaletti et al [1] LOS: line-of-sight NLOS: non-line-of-sight 8

  9. Wi-Fi Time of Flight - Challenges  Processing time  Keep 𝜀 as low as possible  What if attacker is faster? with 𝜀 = 10.2 𝜈𝑡, up to ~1500 𝑛 “closer” 𝜀 𝐶𝑝𝑐 receive send Alice 𝑒 𝐶𝑝𝑐 Data ACK Bob 𝑒 𝐹𝑤𝑓 Eve send receive Time 𝜀 𝐹𝑤𝑓 9

  10. Wi-Fi Time of Flight - Conclusion + Works with standard Wi-Fi hardware  Assumes that attacker doesn’t have access to faster hardware  Not suitable for close distance pairing  Many packets have to be sent 10

  11. Wi-Fi Time of Flight - Improvement  Use special hardware to reduce processing time  With 𝜀 𝑈 < 1𝑜𝑡 an attacker can appear at most ~15 𝑑𝑛 closer  Reflect “instantly”  Avoid demodulating signal  Suitable for IoT devices 𝑢 𝑛 send receive Alice Data Data d Bob reflect Time 𝜀 < 1𝑜𝑡 11

  12. Amigo  Radio environment is similar for devices in proximity  Strategy: Passively observe received signal strength indicator (RSSI) for Wi-Fi packets Images taken from Varshavsky et al [3] 12

  13. Amigo – Observation  Wi-Fi cards are set to promiscuous mode  Receive all packets  Signature of the radio environment  Hash of every observed packet  RSSI of every observed packet  RSSI  Defined in IEEE 802.11  Received power level 13

  14. Amigo – Authentication  Establish shared secret  Observe packets transmitted via Wi-Fi  Send signature to each other (hash and RSSI)  Check if the other device made similar observations 14

  15. Amigo – Results  Attackers >=3m away can be detected within 5s  Improve security by hand waving  Detect attackers within 1m 15

  16. Amigo – Conclusion + Works with standard Wi-Fi hardware + Works reasonably well in close distances  Paring time depends on Wi-Fi activity  Diffie-Hellman key exchange is computationally intensive 16

  17. ProxiMate  Radio environment is similar for devices in proximity  Strategy: Observe FM or TV radio signals directly instead of the received signal strength indicator Images taken from Mathur et al [4] 17

  18. ProxiMate – Wireless Channel  Wireless channel  State described by complex number  Amplitude given by absolute value  Phase given by angle  Features observed by ProxiMate:  Amplitude  Change of phase  Use software-defined radio for measurements Image source: [13] 18

  19. ProxiMate – FM/TV signal  Frequency modulated  Amplitude constant  Amplitude variation not signal dependent  TV: ~600 MHz  FM: ~100 MHz Image source: [12] 19

  20. ProxiMate – Authentication  Basic idea: generate a key out of the observed radio environment  Alice and Bob observe the environment  Alice collects timestamps of observed extrema ( 𝑀 )  Alice sends timestamps to Bob  Bob collects observed extrema at timestamps 𝑀  Extremas encode the key: Maximum … 1 Minimum … 0 20

  21. ProxiMate – Bit-rate  Bit-rate limited  Wait long enough between two bits such that they are not correlated  Bit errors occur and have to be corrected  Reduced effective bit-rate  Improve Bit-rate  Use multiple radio stations simultaneously 21

  22. ProxiMate – Results  Pairing using 10 TV sources:  3.3s at 2.4 cm distance  Pairing using 10 FM sources:  15s at 16.5 cm distance  TV: ~600 MHz, ~50 cm wavelength  FM: ~100 MHz, ~3 m wavelength 22

  23. ProxiMate – Conclusion + Works reasonably fast in close distances + Pairing distance can be varied (using different radio channels) + Computationally lightweight  Not yet applicable to todays devices 23

  24. Conclusion  Wi-Fi Time of Flight (by Capkun et al.) + Potentially fastest - Requires special-purpose hardware  Amigo + Can be implemented with standard Wi-Fi hardware  Requires Wi-Fi communication  ProxiMate + Computationally cheap  Requires more advanced radio interface 24

  25. References [1] MARCALETTI, Andreas, et al. Filtering Noisy 802.11 Time-of-Flight Ranging Measurements. In: Proceedings of the 10th ACM International Conference on emerging Networking Experiments and Technologies . ACM, 2014. S. 13-20. [2] RASMUSSEN, Kasper Bonne; CAPKUN, Srdjan. Realization of RF Distance Bounding. In: USENIX Security Symposium . 2010. S. 389-402. [3] VARSHAVSKY, Alex, et al. Amigo: Proximity-based authentication of mobile devices . Springer Berlin Heidelberg, 2007. [4] MATHUR, Suhas, et al. Proximate: proximity-based secure pairing using ambient wireless signals. In: Proceedings of the 9 th international conference on Mobile systems, applications, and services . ACM, 2011. S. 211-224. Thank You 25

  26. References [5] http://crowdweaver.co.uk/2012/02/11/proximity-marketing-what-is-it/ [6] http://photo.elsoar.com/alarm-clocks-and-stopwatch-hot-colorful-images.html [7] http://www.newgadget.org/mobile-phones/how-to-improve-your-phone-signal/ [8] http://www.naturapark.com.br/site/index.php/administradora/antcoletiva [9] https://ibtx.wordpress.com/2015/01/06/wearables-time/ [10] http://www.connected-home.de/ratgeber/geraete-ins-heimnetz-einbinden- 1472570.html [11] http://how2mediate.com/2010/12/01/is-mediation-a-waste-of-time-2/ [12] http://www.hill2dot0.com/wiki/index.php?title=Frequency_modulation [13] http://idmc.info/counter/22/amplitude-and-phase-spectrum-of-sine-wave 26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been proposed for applications including: Encryption and authentication For detecting malicious alterations of design components For

645 views • 15 slides
HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest mechanisms called challenge-response entity authentication exchange cleartext bitstrings directly, i.e., no cryptographic primitives are used A PUF

1.08k views • 38 slides
Proximity-based Outlier Detection Objects far away from the others are outliers The

Proximity-based Outlier Detection Objects far away from the others are outliers The

Proximity-based Outlier Detection Objects far away from the others are outliers The proximity of an outlier deviates significantly from that of most of the others in the data set Distance-based outlier detection: An object o is an

416 views • 39 slides
Believing in God is not nearly as fanatical as the alternative. Evolution is much more

Believing in God is not nearly as fanatical as the alternative. Evolution is much more

Believing in God is not nearly as fanatical as the alternative. Evolution is much more extreme than the idea that an orderly, fully- functioning universe has a Designer Believing in the infallible word does not sound so extreme, either.

106 views • 10 slides
Towards Proximity Graph Auto-Configuration: an Approach Based on Meta-learning Rafael S. Oyamada,

Towards Proximity Graph Auto-Configuration: an Approach Based on Meta-learning Rafael S. Oyamada,

Towards Proximity Graph Auto-Configuration: an Approach Based on Meta-learning Rafael S. Oyamada, Larissa C. Shimomura, Sylvio Barbon Junior, and Daniel S. Kaster. Summary Introduction and Concepts Similarity Searches Proximity

283 views • 26 slides
Walk. Train. Fight. Grow. Understanding New Testament Sanctification 1. Legalism: Believing

Walk. Train. Fight. Grow. Understanding New Testament Sanctification 1. Legalism: Believing

Walk. Train. Fight. Grow. Understanding New Testament Sanctification 1. Legalism: Believing that your acceptance with God is based upon your effort &amp; obedience. 2. Antinomianism: Believing that your acceptance with God makes your

423 views • 15 slides
Web Authentication Thierry Sans Several Methods Local authentication with login and password

Web Authentication Thierry Sans Several Methods Local authentication with login and password

Web Authentication Thierry Sans Several Methods Local authentication with login and password Token-based authentication Third party authentication Local Authentication How to store and verify password? Clear Data can be hacked

615 views • 14 slides
1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

Authentication Protocols Guevara Noubir College of Computer and Information Science Northeastern University noubir@ccs.neu.edu Outline Overview of Authentication Systems [Chapter 9] Authentication of People [Chapter 10]

396 views • 17 slides
Planar Delaunay Triangulations and Proximity Structures Proximity Structures Given: a set P of n

Planar Delaunay Triangulations and Proximity Structures Proximity Structures Given: a set P of n

Wolfgang Mulzer Institut f r Informatik Planar Delaunay Triangulations and Proximity Structures Proximity Structures Given: a set P of n points in the plane proximity structure : a structure that encodes useful information about the local

802 views • 57 slides
AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

SECURITY TOPICS PART 2 AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources: getting entrance to a computer lab

833 views • 44 slides
A Key to Your Heart: Biometric Authentication Based on ECG Signals Who Are You?! Adventures in

A Key to Your Heart: Biometric Authentication Based on ECG Signals Who Are You?! Adventures in

A Key to Your Heart: Biometric Authentication Based on ECG Signals Who Are You?! Adventures in Authentication Workshop (WAY) 2019 Nikita Samarin, Donald Sannella Traditional Passwords Most common mechanism of authenticating users online

251 views • 14 slides
Authentication, vulnerabilities, exploits, and the secure design principles of Saltzer and

Authentication, vulnerabilities, exploits, and the secure design principles of Saltzer and

Authentication, vulnerabilities, exploits, and the secure design principles of Saltzer and Schroeder Authentication in general Bishop: Authentication is the binding of an identity to a principal. Network-based authentication mechanisms

1.6k views • 43 slides
51 52 Proximity-based social networks. Talking to strangers

51 52 Proximity-based social networks. Talking to strangers

51 52 Proximity-based social networks. Talking to strangers will become a big trend in 2013. Proximity-based social networks will allow you to

438 views • 11 slides
HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication

288 views • 10 slides
Density-based vs. Proximity-based Anycast Routing for Mobile Networks Vincent Lenders, Martin May

Density-based vs. Proximity-based Anycast Routing for Mobile Networks Vincent Lenders, Martin May

Density-based vs. Proximity-based Anycast Routing for Mobile Networks Vincent Lenders, Martin May and Bernhard Plattner Department of Information Technology and Electrical Engineering Swiss Federal Institute of Technology (ETH) Z urich,

464 views • 13 slides
Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a precondition How to authenticate: Something you know Password, Secrets Something you have Smart Card, Token Something you are Biometrie

607 views • 4 slides
Getting from Nothing to Something AKA: Bootstrapping, Commissioning, Pairing, ... Cullen

Getting from Nothing to Something AKA: Bootstrapping, Commissioning, Pairing, ... Cullen

Getting from Nothing to Something AKA: Bootstrapping, Commissioning, Pairing, ... Cullen Jennings, PhD Cisco Smart Object Security Workshop March 2012 Friday, March 23, 12 Goal So Cisco sold me this super constrained, super smart, super

356 views • 10 slides
XORs in the Air: Practical Wireless Network Coding S. Katti, H. Rahul, W. Hu, D. Katabi, M.

XORs in the Air: Practical Wireless Network Coding S. Katti, H. Rahul, W. Hu, D. Katabi, M.

XORs in the Air: Practical Wireless Network Coding S. Katti, H. Rahul, W. Hu, D. Katabi, M. Medard, J. Crowcroft MIT &amp; University of Cambridge Can we use 3 transmissions to send traffic? 2 1 3 4 Can we use 3 transmissions to send

827 views • 25 slides
Smart NICs Ian Pratt Smart L2 NIC features Privileged/unprivileged NIC driver model

Smart NICs Ian Pratt Smart L2 NIC features Privileged/unprivileged NIC driver model

TM Smart NICs Ian Pratt Smart L2 NIC features Privileged/unprivileged NIC driver model Free/rx/tx descriptor queues into guest Packet demux and tx enforcement Validation of frag descriptors TX QoS CSUM offload / TSO / LRO

714 views • 7 slides
Secure Routing for Mobile Ad hoc Networks Panagiotis Papadimitratos &amp; Zygmunt J. Haas

Secure Routing for Mobile Ad hoc Networks Panagiotis Papadimitratos &amp; Zygmunt J. Haas

Secure Routing for Mobile Ad hoc Networks Panagiotis Papadimitratos &amp; Zygmunt J. Haas Presented by Leland Smith CS 6204, Spring 2005 1 Overview What are MANETs? Motivation Secure Routing Protocol Protocol Description

560 views • 15 slides
Traffic Monitoring : Experience

Traffic Monitoring : Experience

Traffic Monitoring : Experience

1.27k views • 31 slides
Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection

Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection

Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection solution is impossible Good behavior on one system is bad behavior on another Behaviors change and new vulnerabilities are discovered

700 views • 23 slides
Principles of Ad Hoc Networking Michel Barbeau and Evangelos Kranakis January 20, 2009 CHAPTER 4

Principles of Ad Hoc Networking Michel Barbeau and Evangelos Kranakis January 20, 2009 CHAPTER 4

Principles of Ad Hoc Networking Michel Barbeau and Evangelos Kranakis January 20, 2009 CHAPTER 4 - WIRELESS NETWORK PROGRAMMING 2 Section 4.1 - Structure of information Address representation ifconfig command iwconfig command

825 views • 33 slides
Linux rootkits &amp; TTY Hijacking Antonio Prez Prez &lt;antonio.perez.perez@cern.ch&gt; CERN

Linux rootkits &amp; TTY Hijacking Antonio Prez Prez &lt;antonio.perez.perez@cern.ch&gt; CERN

Linux rootkits &amp; TTY Hijacking Antonio Prez Prez &lt;antonio.perez.perez@cern.ch&gt; CERN Computer Security Team EGI Technical Forum 2011, Lyon, France Outline Rootkits: Introduction Linux rootkits History Detection and monitoring

423 views • 26 slides

More recommend