460 likes | 586 Views
SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems. Nitesh Saxena Polytechnic Institute of NYU nsaxena@poly.edu http://spies.poly.edu/~nsaxena Research areas : computer and network security, applied cryptography. Research Overview. Secure Device Association.
E N D
SPIES: Security and Privacy In Emerging computing and networking Systems Nitesh Saxena Polytechnic Institute of NYU nsaxena@poly.edu http://spies.poly.edu/~nsaxena Research areas: computer and network security, applied cryptography 1/46
Research Overview 2/46
Secure Association of Wireless Devices • How to bootstrap secure communication between Alice’s and Bob’s devices when they have • no prior context • no common trusted CA or TTP 4/46
Secure Association of Wireless Devices • Common pairing examples: • Cell-phone headset (bluetooth) • Laptop access point (WiFi) • Cell-phone cell-phone (bluetooth) 5/46
Secure Association of Wireless Devices Audio, Visual, Tactile • Solution idea: • use auxiliary or out-of-band (OOB) channel • with minimal involvement from Alice and Bob 6/46
Research Challenges OOB channels are low-bandwidth Devices may be constrained in terms of interfaces User is constrained - Usability Multiple devices/users Sensor network initialization Group formation Ohh! I cannot even pair my socks! Selected contributions: TIFS’11, TMC’11, CHI’10, CCS’10, Ubicomp’10, SCN’10, PMC’09, Percom’09, SOUPS’08, Oakland’06 7/46
Wig model #4456 (cheap polyester) Viagra medical drug #459382 Das Kapitaland Communist-party handbook 500 Euros in wallet Serial numbers: 597387,389473… 30 items of lingerie The Privacy Problem Good tags, Bad readers 9/46
Wig model #4456 (cheap polyester) Viagra medical drug #459382 Das Kapitaland Communist-party handbook 500 Euros in wallet Serial numbers: 597387,389473… 30 items of lingerie The Authentication Problem Good readers, Bad tags Counterfeit!! 10/46
Relay (Ghost-and-Leech) Attacks response query query query response response 11/46
Research Challenges • Very limited resources • a $0.03 tag can’t do much computationally • only and-or-xor operations might be feasible • has only ~2,000 gates for security operations • few bits to few bytes of memory • No user interfaces • Atypical usage model Selected contributions: Percom’11, JCS’10, CCS’10, RFIDSec’10, RFIDSec’09, RFIDSec’09 12/46
Other Projects • Strong Password Authentication • Password-Protected Secret Sharing and Distributed Function Computation • Privacy of Web and Location-based Search • Security and Privacy of P2P Systems • Inference of Private Attributes in Online Social Networks • Playful Security • Security and Privacy of Medical Devices Selected contributions: Percom’11, AsiaCCS’11, TIFS’10, TIFS’09, TPDS’09, P2P’10, PETS’10, FC’10, ACNS’06, ICNP’05, TCC’05, SASN’05, SASN’04 13/46
On Pairing Constrained Wireless Devices Based on Secrecy of Auxiliary Channels: The Case of Acoustic Eavesdropping ACM Conference on Computer and Communications Security (CCS), October 2010 14/46
Recall: The "Pairing" Problem Audio; Visual; Tactile • Solution idea • use auxiliary = out-of-band (OOB) channels • with minimal involvement from Alice and Bob 15/46
Pairing using Authenticated OOB (A-OOB) Short Authenticated Strings (SAS) Protocols Vaudenay [Crypto’05]; Nyberg-Laur [CANS’06] Pasini-Vaudenay [CT-RSA’08]; Jarecki-Saxena [SCN’10] A PKA PKB B SASA SASA SASB SASB Examples: Manual Transfer (numbers – Uzun et al. [Usec’07]) Automated Transfer (barcode-camera – McCune et al. [Oakland’05]) 16/46
Recall: Constrained Devices • Devices with constrained interfaces and resources • Headsets • Access points • RFID tags • Medical implants (no physical access) • … • Many common pairing scenarios involve one constrained device 17/46
A-OOB Pairing: Constrained Devices A PKA PKB B SASA SASA SASB SASB 18/46
A-OOB Pairing: Constrained Devices Difficult and prone to fatal human errors (Kumar et al. [Percom’09]) Saxena et al. [Oakland’05] A PKA PKB B SASA b = (SASB = = SASA) SASA b 19/46
Pairing using Authenticated and Secret OOB (AS-OOB) K A B • Unidirectional OOB • No fatal human errors • Simple: no crypto 20/46
Pairing using Authenticated and Secret OOB (AS-OOB) Password/PIN A B PAKA • Unidirectional OOB • No fatal human errors 21/46
Focus of Our Work • We examine three AS-OOB pairing methods • based on low-volume audio signals • require device vibration and/or button clicks • generate acoustic emanations as by-product • Can an attacker recover the underlying OOB data (key or password) via acoustic eavesdropping? 22/46
Related Work • Keyboard acoustic emanations used to detect key presses (Asonov-Agrawal [Oakland’04]) • Follow-up work by Zhuang et al. [CCS’05] and Berger et al. [CCS’06] • Inference of CPU activities through acoustic emanations (Shamir-Tromer) 23/46
Our Contributions • First paper to explore AS-OOB pairing security based on acoustic emanations • In general, observation attacks on pairing • Consider realistic settings: eavesdropping from 2-3 ft distance • Allows an eavesdropper to place a microphone next to the device(s) • Farther eavesdropping using parabolic microphone explored • Off-the-shelf, inexpensive equipments and tools 24/46
Pairing Methods Examined (1/3) • IMD Pairing: Pairing an Implantable Medical Device (IMD) and an authorized reader (Halperin et al. [Oakland’08]). • RFID tag with piezo attached to IMD beeps and transmits key to reader • Reader microphone on the body surface records the key 25/46
Pairing Methods Examined (2/3) • PIN-Vibra: Used for pairing a personal RFID tag with a mobile phone (Saxena et al. [SOUPS’08 Poster]) • Phones vibrates encoding a PIN and touched to the tag • Tag senses the vibrations using on-board accelerometer PIN Accelerometer 26/46
Pairing Methods Examined (3/3) • BEDA (Button Enabled Device Association): Soriente et al. [IWSSI’07, IJIS’09] • First device encodes a short password into blinking of an LED or vibration • Second device has a button Blink-Button Vibrate-Button 27/46
Eavesdropping Overview • Eavesdropping implemented using off-the-shelf equipment • PC microphone • Parabolic microphone for larger distance recording • Windows sound recorder and Matlab software • Utilized signal processing methods and neural networks to decode the OOB data 28/46
Research Challenges • IMD binary bit signal characteristics unknown • Small differences in spectrum of “mark” and “space” bits • Short bits sometimes overlap each other • Vibration and button clicks • Signal stretches over a wide range of frequencies • Signal affected by background noise when recorded from a distance 29/46
IMD Pairing • System described in IMD paper recreated • Included a piezo connected to an Intel’s WISP tag • Inserted within a combination of meats • Emulated human chest • Random 128-bit key encoded into the piezo • Plus 8 bit pre-amble start sequence • Using 2-FSK modulation • Acoustic signal recorded and processed from different distances 31/46
IMD Setup Piezo attached to the WISP Implanted IMD* 32/46 Meat combination used to simulate human body *from Halperin et al.
Our Attack • Characteristic frequency components detected for each of the 2-FSK signals encoded • Utilized for detecting accurate signal beginning • Small differences in frequencies used to distinguish between bits and detect beginning sequence • FFT and MFCC features created for each consecutive bit in the signal • Multiple Neural networks explored to classify each bit • Both supervised and unsupervised networks 33/46
Results – from 3 ft away 34/46
Results • About 99% detection accuracy from up to 3 ft away • MFCC features provided better results then FFT features • Both supervised and unsupervised neural networks provide similar results • Tests using parabolic microphone showed about 80% accuracy utilizing only signal processing techniques • 12 ft away recording 35/46
Eavesdropping PIN-Vibra 36/46
Method Description • PIN encoded into vibrations (on-off encoding) • 14 bits random key hardcoded into cell phone • Three additional bits (“110”) beginning sequence used to indicate key beginning (to a valid decoder) • '1' bit marked by vibration, '0' bit marked by “sleep” period 37/46
Our Attack • Similar to IMD eavesdropping: • Spectrum analysis used to detect key beginning sequence • Neural Network classifiers used to decode key • Attack resulted in 100% successful detection of key 38/46
Results 39/46
Eavesdropping BEDA 40/46
Method Description • Password encoded on one device • As function of distances (time interval) between events • Each event generates blink or vibration • User presses button on other device when first device blinks or vibrates • Implemented with 21-bit random password • Provides 8 total signals 41/46
Our Attack • For Blink-Button, we analyze button-pressing signals; for Vibrate-Button, we analyze vibration (button-pressing is subsumed within) • Only used signal processing methods • Detected each button press or vibration event • Since in this case, the binary bits are not continuous, no classification is needed • It is sufficient to detect each signal beginning • Attack resulted in an accuracy of 98% 42/46
Implications of Our Attacks • IMD Pairing: directly learn the shared secret • PIN-Vibra: directly learn the shared secret • no protection in the event of loss/theft of RFID • still resistant to (remote) unauthorized reading • BEDA • Need to launch a man-in-the-middle attack as soon as the password is learned • The three methods provide weaker security than what was assumed or is desired 43/46
Conclusions and Future Work • The three AS-OOB pairing methods vulnerable to acoustic eavesdropping attacks • Neural networks useful in correctly decoding bits from spectrum features • Successful eavesdropping possible even from farther using a parabolic microphone • Broadly, secure and usable pairing of constrained devices resistant to observation attacks is a research challenge • Open problem 44/46
Other Projects • Strong Password Authentication • Password-Protected Secret Sharing • Privacy of Web and Location-based Search • Security and Privacy of P2P Systems • Inference of Private Attributes in Online Social Networks • Playful Security • Security and Privacy of Medical Devices Selected contributions: Percom’11, AsiaCCS’11, TIFS’10, TIFS’09, TPDS’09, P2P’10, PETS’10, FC’10, ACNS’06, ICNP’05, TCC’05, SASN’05, SASN’04 45/46
Acknowledgments • Sponsors: NSF, NYU, NYU-Poly, Google, Nokia, Intel, Research in Motion • Students – the SPIES: Jon Voris, Tzipora Halevi, Sai Teja Peddinti, Justin Lin, Borhan Uddin, Ambarish Karole, Arun Kumar, Ramnath Prasad, Alexander Gallego • Collaborators Thanks! 46/46