410 likes | 569 Views
Proximity-Based Authentication of Mobile Devices. Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony LaMarca. Secure Spontaneous Interaction. Phone + hotel room TV and keyboard Exchange of private info Phone and hands free
E N D
Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony LaMarca
Secure Spontaneous Interaction • Phone + hotel room TV and keyboard • Exchange of private info • Phone and hands free • Paying for groceries, tickets, cola
Naïve Solution • Diffie-Hellman Alice Bob a b
Naïve Solution g, ga • Diffie-Hellman Alice Bob a b
Naïve Solution g, ga • Diffie-Hellman Alice Bob a b Kgab
Naïve Solution g, ga gb • Diffie-Hellman Alice Bob a b K=gab
Naïve Solution g, ga gb • Diffie-Hellman Alice Bob a K=gba b K=gab
The Problem • Who is my device really communicating with?
The Problem Bob b • Who is my device really communicating with? • Spoofing Alice a
The Problem Bob b • Who is my device really communicating with? • Spoofing X Alice x a
The Problem • Who is my device really communicating with? • Spoofing X Alice x a
The Problem • Who is my device really communicating with? • Spoofing Bob Alice x a
The Problem g, ga gx • Who is my device really communicating with? • Spoofing Bob Alice x K=gax a K=gxa
The Problem • Who is my device really communicating with? • Spoofing • Man in the middle X Bob Alice x b a
The Problem g, ga g, gx gx gb • Who is my device really communicating with? • Spoofing • Man in the middle X Bob Alice x K1=gax K2=gbx b K2=gxb a K1=gxa
The Problem g, ga g, gx gx gb • Who is my device really communicating with? • Spoofing • Man in the middle • Solution: Ensure communication with device that is close • Assumption: attacker is not between legitimate devices X Bob Alice x K1=gax K2=gbx b K2=gxb a K1=gxa
Existing Solutions • Use a cable • Use short range communication • Bluetooth • Infrared • Laser • Ultrasound • Near field communication (NFC) • Ask user to verify pairing • Displaying keys • Playing music, images
Existing Solutions • Use a cable • Use short range communication • Bluetooth • Infrared • Laser • Ultrasound • Near field communication (NFC) • Ask user to verify pairing • Displaying keys • Playing music, images BlueSniper Rifle by Flexis
Key Idea • Secure pairing requires a shared secret • Devices in close proximity perceive a similar radio environment • Derive shared secret from common radio environment • Listen to traffic of ambient radio sources Use knowledge of common radio environment as proof of proximity
Advantages • No extra hardware • Leverage radio already available on device • No user involvement to verify pairing • Not subject to eavesdropping • Secret derived by listening to ambient sources
Requirements on Radio Environment • Temporal variability • Signal fluctuates randomly at a single location over time
Requirements on Radio Environment • Spatial variability • Valuesat different locations have low correlation
Requirements on Radio Environment • Devices in proximity should perceive similar environment 10 m 5 cm 85% common pkts 40% common pkts
Potential Authentication Methods • Proximity-based authentication token • Diffie-Hellman • Authenticate using the token • Proximity-based encryption keys • Directly from the common environment • Less CPU intensive?
Amigo: Diffie-Hellman + Proximity Token • Devises monitor radio environment following Diffie-Hellman key exchange • Send to each other a signature • Each device verifies that signature similar to own observation • Signature does not have to remain secret after exchange is over
Signature Verification • Signature: sequence of hash of packet + RSSI • Segment size 1 second
Classifier • 2 stage boosted binary stump classifier • Stage 1: Filters noisy data • Marks as invalid instances with % of common pkts bellow threshold (75% works well) • Stage 2: Assigns a score to valid instances • Function of differences in signal strength • Converts scores into votes based on threshold • Tally votes for all instances
Commitment Protocol X Bob Alice x K1=gax K2=gbx b K2=gxb a K1=gxa • Reveal man-in-middle attack while exchanging signatures • Forces attacker to forge data • Break signature S into n blocks • Generate nonce • Each period exchange • Knonce ( Hash (Ksession_key),Hash(id),si) • Send nonce KnA(H(K1)H(A)Si) KnB(H(K2)H(B)Si)
Scenario 1 : Simple Attacker • 6 laptops • Friendly 5cm away • Attackers 1,3,5,10 meters • WiFi – Orinoco Gold • All at same height • Line of sight 1m 3m 5m 10m Best case for attacker
Traces • 2 traces: training and testing • 2 months apart • 2 different location in the lab • 10 minute trace • 30 – 50 thousand pkts per laptop • 11 access points • 45 – 58 WiFi radio sources
Simple Attacker • Can pair within 5 seconds • Can detect attacker 3 meters away or more • 1 meter is a problem
Local Entropy: Obstacles False Positives • Line-of-sight (1m) 81% • Drywall (10cm) 100% • Human (1m) 12% • Concrete wall (30cm) 0% • Human blocking attacker’s line of sight goes a long way to improve performance
Local Entropy: Movement Hand waving helps!
Stretching Co-Location • 5 laptops • Friendly 1 m away • Attackers 3,5,10 meters • All at same height • Line of sight 1m 3m 5m 10m
Scenario 2 : Attacker with Site Knowledge • Before pairing • Attacker samples exact pairing spot • Creates RSSI distribution for every wireless source it hears • While pairing • Pkts from know source assign RSSI from distribution • Pkts from unknown source • Option 1 Discard • Option 2 Leave unchanged (best)
Scenario 2 : Attacker with Site Knowledge With hand waving false rate positives reaches 0 within 5 seconds
Scenario 3: “Omnipotent” Attacker • Controls all radio sources • Knows which pkts were received by victim • Oracle: RSSI from current distribution
Conclusions • Possible to use knowledge of radio environment to prove physical proximity • Advantages • No extra hardware • No user involvement to verify pairing • Not subject to eavesdropping • Two potential methods • Location-based authentication token • Location-based encryption keys
Future Work • System robustness • Different cards and antennas • Different environments • Improve accuracy • Software radios • Multiple radios • Proximity-based encryption keys
Questions? Eyal de Lara delara@cs.toronto.edu www.cs.toronto.edu/~delara Varshavsky, Scannell, LaMarca, de Lara“Amigo: Proximity-based Authentication of Mobile Devices” 9th Int.Conference on Ubiquitous Computing (UbiComp) Innsbruck, Austria, Sep. 2007