Seeing is Believing: Proximity-based Authentication Peter - - PowerPoint PPT Presentation

β–Ά
seeing is believing proximity based authentication
SMART_READER_LITE
LIVE PREVIEW

Seeing is Believing: Proximity-based Authentication Peter - - PowerPoint PPT Presentation

Aug 14, 2022 10 likes β€’271 views

Source: [5] Seeing is Believing: Proximity-based Authentication Peter Pilgerstorfer | | Peter Pilgerstorfer 03.03.2015 1 Motivation Pairing without user interaction Traditional authentication E.g. enter/confirm shared PIN

slide-1
SLIDE 1

| |

Peter Pilgerstorfer

03.03.2015 Peter Pilgerstorfer 1

Seeing is Believing: Proximity-based Authentication

Source: [5]

slide-2
SLIDE 2
  • Pairing without user interaction
  • Traditional authentication
  • E.g. enter/confirm shared PIN
  • Not possible for certain IoT devices
  • Not scalable
  • Use cases
  • NFC payments
  • Keyless entry and start systems
  • Secure pairing for implants
  • …

2

Motivation

slide-3
SLIDE 3
  • A secure and authentic connection between two devices
  • Shared secret
  • Verify authenticity
  • Assumption:

Authentic if the devices are within proximity to each other

  • Why does proximity lead to trust?
  • How to determine proximity?

3

Goal

slide-4
SLIDE 4

4

Why does proximity lead to trust?

Image sources: [9-11]

slide-5
SLIDE 5
  • Time of Flight
  • Radio signal
  • RSSI (Received Signal Strength Indicator)
  • Accelerometer
  • Illumination
  • Audio signals
  • …

5

How to determine proximity?

slide-6
SLIDE 6
  • Wi-Fi Time of Flight, CoNext 2014
  • Amigo, UbiComp 2007
  • ProxiMate, MobiSys 2011

6

Overview

Image sources: [6-8]

slide-7
SLIDE 7
  • Measure response time

tf = 1

2 𝑒𝑛 βˆ’ 𝑒𝐡𝐷𝐿 βˆ’ πœ€

  • Calculate the distance

𝑒 = 𝑑 β‹… 𝑒𝑔

7

Wi-Fi Time of Flight

d Alice Bob Data ACK 𝑒𝑛 𝑒𝐡𝐷𝐿 𝑒𝑔 𝑒𝑔 πœ€ Time

send receive receive send

slide-8
SLIDE 8
  • Noisy measurements
  • Multiple paths
  • Imprecise hardware
  • Consequences
  • Measure multiple times
  • Effective median error: 1.7 – 2.4𝑛

8

Wi-Fi Time of Flight - Challenges

LOS: line-of-sight NLOS: non-line-of-sight Image taken from Marcaletti et al [1]

slide-9
SLIDE 9
  • Processing time
  • Keep πœ€ as low as possible
  • What if attacker is faster?

with πœ€ = 10.2 πœˆπ‘‘, up to ~1500 𝑛 β€œcloser”

9

Wi-Fi Time of Flight - Challenges

𝑒𝐢𝑝𝑐 Alice Bob Data ACK πœ€πΆπ‘π‘ Time πœ€πΉπ‘€π‘“ 𝑒𝐹𝑀𝑓 Eve

send receive send receive

slide-10
SLIDE 10

+ Works with standard Wi-Fi hardware ο€­ Assumes that attacker doesn’t have access to faster hardware ο€­ Not suitable for close distance pairing ο€­ Many packets have to be sent

10

Wi-Fi Time of Flight - Conclusion

slide-11
SLIDE 11
  • Use special hardware to reduce processing time
  • With πœ€π‘ˆ < 1π‘œπ‘‘ an attacker can appear at most ~15 𝑑𝑛 closer
  • Reflect β€œinstantly”
  • Avoid demodulating signal
  • Suitable for IoT devices

11

Wi-Fi Time of Flight - Improvement

d Alice Bob Data Data Time 𝑒𝑛 πœ€ < 1π‘œπ‘‘

send reflect receive

slide-12
SLIDE 12
  • Radio environment is similar for devices in proximity
  • Strategy: Passively observe received signal strength

indicator (RSSI) for Wi-Fi packets

12

Amigo

Images taken from Varshavsky et al [3]

slide-13
SLIDE 13
  • Wi-Fi cards are set to promiscuous mode
  • Receive all packets
  • Signature of the radio environment
  • Hash of every observed packet
  • RSSI of every observed packet
  • RSSI
  • Defined in IEEE 802.11
  • Received power level

13

Amigo – Observation

slide-14
SLIDE 14
  • Establish shared secret
  • Observe packets transmitted via Wi-Fi
  • Send signature to each other (hash and RSSI)
  • Check if the other device made similar observations

14

Amigo – Authentication

slide-15
SLIDE 15

15

Amigo – Results

  • Attackers >=3m away can be detected within 5s
  • Improve security by hand waving
  • Detect attackers within 1m
slide-16
SLIDE 16

+ Works with standard Wi-Fi hardware + Works reasonably well in close distances ο€­ Paring time depends on Wi-Fi activity ο€­ Diffie-Hellman key exchange is computationally intensive

16

Amigo – Conclusion

slide-17
SLIDE 17
  • Radio environment is similar for devices in proximity
  • Strategy: Observe FM or TV radio signals directly instead
  • f the received signal strength indicator

17

ProxiMate

Images taken from Mathur et al [4]

slide-18
SLIDE 18
  • Wireless channel
  • State described by complex number
  • Amplitude given by absolute value
  • Phase given by angle
  • Features observed by ProxiMate:
  • Amplitude
  • Change of phase
  • Use software-defined radio

for measurements

ProxiMate – Wireless Channel

18

Image source: [13]

slide-19
SLIDE 19
  • Frequency modulated
  • Amplitude constant
  • Amplitude variation not signal dependent
  • TV: ~600 MHz
  • FM: ~100 MHz

ProxiMate – FM/TV signal

19

Image source: [12]

slide-20
SLIDE 20
  • Basic idea: generate a key out of the observed radio

environment

  • Alice and Bob observe the environment
  • Alice collects timestamps of observed extrema (𝑀)
  • Alice sends timestamps to Bob
  • Bob collects observed extrema at timestamps 𝑀
  • Extremas encode the key:

Maximum … 1 Minimum … 0

20

ProxiMate – Authentication

slide-21
SLIDE 21
  • Bit-rate limited
  • Wait long enough between two bits such that they are not

correlated

  • Bit errors occur and have to be corrected
  • Reduced effective bit-rate
  • Improve Bit-rate
  • Use multiple radio stations

simultaneously

21

ProxiMate – Bit-rate

slide-22
SLIDE 22
  • Pairing using 10 TV sources:
  • 3.3s at 2.4 cm distance
  • Pairing using 10 FM sources:
  • 15s at 16.5 cm distance
  • TV: ~600 MHz, ~50 cm wavelength
  • FM: ~100 MHz, ~3 m wavelength

22

ProxiMate – Results

slide-23
SLIDE 23

+ Works reasonably fast in close distances + Pairing distance can be varied (using different radio channels) + Computationally lightweight ο€­ Not yet applicable to todays devices

23

ProxiMate – Conclusion

slide-24
SLIDE 24
  • Wi-Fi Time of Flight (by Capkun et al.)

+ Potentially fastest

  • Requires special-purpose hardware
  • Amigo

+ Can be implemented with standard Wi-Fi hardware ο€­ Requires Wi-Fi communication

  • ProxiMate

+ Computationally cheap ο€­ Requires more advanced radio interface

24

Conclusion

slide-25
SLIDE 25

[1] MARCALETTI, Andreas, et al. Filtering Noisy 802.11 Time-of-Flight Ranging

  • Measurements. In: Proceedings of the 10th ACM International Conference on

emerging Networking Experiments and Technologies. ACM, 2014. S. 13-20. [2] RASMUSSEN, Kasper Bonne; CAPKUN, Srdjan. Realization of RF Distance

  • Bounding. In: USENIX Security Symposium. 2010. S. 389-402.

[3] VARSHAVSKY, Alex, et al. Amigo: Proximity-based authentication of mobile

  • devices. Springer Berlin Heidelberg, 2007.

[4] MATHUR, Suhas, et al. Proximate: proximity-based secure pairing using ambient wireless signals. In: Proceedings of the 9th international conference

  • n Mobile systems, applications, and services. ACM, 2011. S. 211-224.

References

25

Thank You

slide-26
SLIDE 26

[5] http://crowdweaver.co.uk/2012/02/11/proximity-marketing-what-is-it/ [6] http://photo.elsoar.com/alarm-clocks-and-stopwatch-hot-colorful-images.html [7] http://www.newgadget.org/mobile-phones/how-to-improve-your-phone-signal/ [8] http://www.naturapark.com.br/site/index.php/administradora/antcoletiva [9] https://ibtx.wordpress.com/2015/01/06/wearables-time/ [10] http://www.connected-home.de/ratgeber/geraete-ins-heimnetz-einbinden- 1472570.html [11] http://how2mediate.com/2010/12/01/is-mediation-a-waste-of-time-2/ [12] http://www.hill2dot0.com/wiki/index.php?title=Frequency_modulation [13] http://idmc.info/counter/22/amplitude-and-phase-spectrum-of-sine-wave

References

26