150 likes | 294 Views
Usable Bootstrapping of Secure Ad Hoc Communication. Ersin Uzun PARC. Outline. What is “ first connect” (aka “device pairing” or “bootstrapping secure communication”)? Why is it hard to secure? Why usability is important? Methods & standards, and the current state.
E N D
Usable Bootstrapping of Secure Ad Hoc Communication Ersin Uzun PARC
Outline • What is “first connect” (aka “device pairing” or “bootstrapping secure communication”)? • Why is it hard to secure? • Why usability is important? • Methods & standards, and the current state.
Secure pairing of personal devices • Pairing: bootstrapping the association and the security contexts for subsequent communication. • E.g., • Pairing a bluetooth phone and a headset • Enrolling a phone or PC into a home WLAN
What devices? • Desktops • Laptops • PDAs • Phones • MP3 Players • Wireless Headsets • Cameras • Device (e.g., TV) Remotes • Access Points • FAX-s/Copiers/Printers • Sensors? RFIDs? • Pacemakers? Dialysis devices?
Problem Ohh! I cannot even pair my socks! • Setting up a security association (authenticated secure communication) where: • no prior context exists (no PKI, common TTPs, key servers, shared secrets, etc.) • Ordinary non-expert users • Cost-sensitive commodity devices
Wireless channel: susceptible to eavesdropping Alice Bob Let’s use K as the secret key OK Encrypted Communication using K
Uups! Alice Bob Let’s use K as the secret key OK Communication Communication Eve can decrypt the communication! Eve can impersonate either party!
Also open to active attacks… Alice Bob Eve PKA PKE1 PKE2 PKB Man in the middle attack over Diffie-Hellman key agreement
Mechanisms should be intuitive SSID? WPA? Passcode! Which E61? ...and work on various devices!
Security and usability coexistence • Better usability = insecure? • More security = harder to use?
Goal: Secure, intuitive, inexpensive methods for secure communication bootstrapping • One well-studied approach: using two communication channels • Assumption: Peer devices are physically identifiable • Two channels: • Wireless channel • OOB channel: Human perceivable or location-limited • Other approaches • Based on physical properties of wireless signals • Distance-bounding • Environmental sensing
Some examples (not a complete list!) • Various OOB channels • Cables • Resurrecting Duckling, [Stanajo, et al. IWSP’99] • Camera, barcodes/LEDs • Seeing-is-believing, [McCune, et al. S&P’05] • SIB revisited, [Saxena, et al. S&P’06] • GAnGS, [Chen, et al. Mobicom’08] • SPATE, [Lin, et al. Mobisys’09] • Speakers and microphones • Loud And Clear, [Goodrich, et al. ICDCS’06) • HAPADEP, [Soriente, et al. ISC’08) • Other hardware • Accelerometers “Shake well before use”, [Mayrhofer, et al. Pervasive’07] • Ultrasound, laser transceivers and many others.... • Standardization activities • Wi-fi protected setup • Bluetooth secure pairing • Wireless USB association models • Location limited channels • IrDA: Talking to Strangers, [Balfanz, et al. NDSS’02] • NFC: Bluetooth specs draft • Distance-bounding (e.g., Capkun et al. TMC’10), Env. sensing (Krumm et al. Ubicomp’07)
Where are we now? • Proposals are not adapted by manufacturers • I still cannot securely pair a Bluetooth handset and a phone in the presence of an active attacker • My mother still cannot secure her WLAN at home without my help Emerging scenarios are even more challenging • Group pairing • Home sensor networks • Pairing with personal RFID tags