270 likes | 463 Views
Sheng Xiao, Weibo Gong and Don Towsley,2010 Infocom. Secure Wireless Communication with Dynamic Secrets. Outline. Problem statement Overview Dynamic secrets Extraction Collection Amplification System secret protection Bootstrapping security and implementation Summary and conclusion.
E N D
Sheng Xiao, Weibo Gong and Don Towsley,2010 Infocom Secure Wireless Communication with Dynamic Secrets
Outline • Problem statement • Overview • Dynamic secrets • Extraction • Collection • Amplification • System secret protection • Bootstrapping security and implementation • Summary and conclusion
Problem statement • Data security in wireless communication • Security mechanism desirable in the case of secret leakage • Solution: use dynamic secrets, based on the link layer communications between wireless devices
Related Work • Prior work uses the wireless physical channel properties for secret sharing • However, they usually demand special hardware upgrades or at least specific interfaces to provide channel measurement information.
Related Work • Instead of working with the physical layer channel model to calculate the secret capacity, we shift attention to the link layer and emphasize the dynamics of secrets. • In wireless communication, it is practically impossible to eavesdrop link layer communication for a long periodwithout errors • The single-point of failure occurs at the attackers
Outline • Problem statement • Overview • Dynamic secrets • Extraction • Collection • Amplification • System secret protection • Bootstrapping security and implementation • Summary and conclusion
Series of Dynamic Secrets • Let Hk indicates how many bits the adversary needs to guess about the key. When Hk = 0, the adversary knows the key explicitly and the communication is not secure. • Solution: Use a series of dynamic secrets, i.e., updates between t0 and t1 • Rationale: Secrecy replenished as the attacker cannot constantly overhear perfectly
Secret Safety Model No dynamic secrets Dynamic secrets, i.e.,
Advantage of Dynamic Secret • Information loss is not recoverable by any computational effort • Information loss can be accumulated
Outline • Problem statement • Overview • Dynamic secrets • Extraction • Collection • Amplification • System secret protection • Bootstrapping security and implementation • Summary and conclusion
Extracting Dynamic Secrets • Key ideas • Monitor retransmissions • Sender and receiver agree on set of frames • Hash such frames into dynamic secrets • One Time Frame (OTF) is refers to a frame that is only aired once and correctly received.
Collecting Dynamic Secrets • Maintain a set of frames ψ • Initially ψs = ψr = Ø • Remarks • ψs and ψr differ of at most 1 frame • The reception of a new frame ensures ψs = ψr
Collecting Dynamic Secrets • Maintain a set of frames ψ • Initially ψs = ψr = Ø • Remarks • ψs and ψr differ of at most 1 frame • The reception of a new frame ensures ψs = ψr ψ
Amplifying Attacker’s Entropy • Goal: Increase attacker’s uncertainty • Input: ψ set • Output: A secret S with high entropy • Denoted as S = F(ψ)
Amplifying Attacker’s Entropy • Random hashing theory • uniform-randomly choosing a function from a universal-2 hashing class • The expected hash output distribution will be close to the uniform distribution when the output is sufficiently short [1] - J.L. Carter and M. N. Wegman. Universal classes of hash functions. Journal of Computer and System Sciences, 18:396-407, 1979
Amplifying Attacker’s Entropy • Entropy amplification • If Attacker has < 1 bit info about S • If Uncertainty bounded by ϵ - 1 [2] – Alfred Rényi. On measures of information and entropy. In Proceedings of the 4° Berkeley Symposium on Mathematics, Statistics and Probability, 1960
Dynamic Secret Generation • The above discussion justifies the use of the following method • Collect OTFs until | ψ | > nts • Agree on a randomly chosen universal-2 hash function F • Generate S(t) = F(ψ) • Reset ψ = Ø
Outline • Problem statement • Overview • Dynamic secrets • Extraction • Collection • Amplification • System secret protection • Bootstrapping security and implementation • Summary and conclusion
System Secret Protection • At secret generation • Divide s(t) = u(t) || v(t) • To protect the privatepublickey pair and secret symmetric key respectively • Remark: information loss will accumulate • Entropy is non decreasing
Outline • Problem statement • Overview • Dynamic secrets • Extraction • Collection • Amplification • System secret protection • Bootstrapping security and implementation • Summary and conclusion
Bootstrapping Security • Scenario: Use time to invest in security • Solution: the sender transmits random data at first to build up security
Prototype Implementation • 802.11g Extracting dynamic secrets at receiver Hash Extracting dynamic secrets at sender
Outline • Problem statement • Overview • Dynamic secrets • Extraction • Collection • Amplification • System secret protection • Bootstrapping security and implementation • Summary and conclusion
Summary and conclusion • Our work strengthens security in the case of secrecy leakages by using dynamic secrets • For future work, use prototype for experimental evaluation