240 likes | 425 Views
PSKA: Usable and Secure Key Agreement Scheme for Body Area Networks. Authors: Krishna K. Venkatasubramanian , Ayan Banerjee, Sandeep K.S. Gupta Presenter:Francis Usher. Problem. Domain: Body Area Networks (BANs) Sensors in BANs collect and disseminate sensitive health
E N D
PSKA: Usable and Secure Key Agreement Scheme for Body Area Networks Authors: Krishna K. Venkatasubramanian, Ayan Banerjee, Sandeep K.S. Gupta Presenter:Francis Usher
Problem • Domain: Body Area Networks (BANs) • Sensors in BANs collect and disseminate sensitive health • Security via cryptography requires key distribution
Cryptography (overview) • Problem of sharing data securely • Symmetric-key cryptography • Secret key k is used to obscure message m into cyphertextc • Given c, only k can be used to reveal m • Advantage: provable that adversary can only break cryptosystem with negligible probability • Problem: how do we communicate keys?
Key sharing (generic approaches) • Pre-sharing • Manufacturer embeds long-term keys in device • Problem: not dynamic enough to handle key compromise situations • Asymmetric crypto handshake • Asymmetric crypto doesn’t require shared secret • Problem: Usually requires contacting trusted identity authority
Physiological Signal-based key sharing (for BANs) • Design goals: • Length & randomness • Low latency • Distinctiveness • Temporal variance • Previous work: Inter-pulse-interval (IPI)-based, independent, mutual key generation • Physiological Signal based Key Agreement (PSKA) • Use shared physiological signals to build & access “fuzzy vault” containing session key
IPI-based key generation • Synchronized sensors measure IPI (EKG/PPG) • Encode measurements as key • 4 observations: • Meets randomness goal, however: • High-latency • Two keys generated tend to differ in half of bits • This distance tends not to vary much in time between generation or across different patients • No good tradeoff threshold between false positive/negative rates
Digression: Shamir’s Secret Sharing (precursor) • Secret value v to be shared among k people • Should take at least n people to determine secret • Degree-n-1 polynomial, random coefficients • P(x) = • Evaluate at k >= n random points • Any n of these k points uniquely determines P • Otherwise even dist. of choices for v
PSKA: Sharing keys using fuzzy vaults • Different sensors measure phys. signals • “Loosely synchronized” • Transform signals to create “features” • Generate random polynomial representing key • Map features under polynomial • Obscure feature maps using “chaff” points • Only similar feature set can infer polynomial from vault (features + chaff) • Use MACs to affirm that key was shared correctly
Fuzzy Vault Security • Perfect match will always unlock vault • Close match corrected by oversampling • Hard to pick right set of points if lots of chaff • Picking the correct s elements of m (brute force)
Analysis of technique • Long & random keys • Low latency (only ~ 5-10 seconds of data) • Distinctiveness (across subjects) • Temporal variance (across time)
Feature generation • Use peaks from frequency domain (FFTs) • Concatenate indexes & values across windows • Features should demonstrate distinctiveness and temporal variance
Feasability: implementation • Power, resource constraints • Can technique be implemented as efficiently as competitors? • Classical, elliptic-curve Diffie Hellman • Evaluation in VHDL (formal hardware specification language) • Metrics: clock cycles, memory footprint
Possible attacks • Fuzzy vault attacks • Some based on application to biometrics • One attack based on vault-construction artifact • Early points (features) have more “free area” • Dismissed but not thoroughly argued against
Idea for future work • Use fuzzy vaults to communicate public keys • Use asymmetric crypto handshakes to establish session keys • Frequent update of public keys • Eliminates problem of contacting trusted authority since physiological signals good for authentication of body-area presence