proximity-based authentication of mobile devices eyal de lara department of computer science...
TRANSCRIPT
Proximity-Based Authentication of Mobile
Devices Eyal de Lara
Department of Computer Science
University of Toronto
Alex Varshavsky, Adin Scannel, Anthony LaMarca
Secure Spontaneous Interaction
• Phone + hotel room TV and keyboard
• Exchange of private info
• Phone and hands free
• Paying for groceries, tickets, cola
Naïve Solution
• Diffie-Hellman
a
Alice
b
Bob
Naïve Solution
• Diffie-Hellman
a
Alice
b
Bob
g, ga
Naïve Solution
• Diffie-Hellman
a
Alice
b
Kgab
Bob
g, ga
Naïve Solution
• Diffie-Hellman
a
Alice
b
K=gab
Bob
g, ga
gb
Naïve Solution
• Diffie-Hellman
a
K=gba
Alice
b
K=gab
Bob
g, ga
gb
•Who is my device really communicating with?
The Problem
•Who is my device really communicating with?•Spoofing
The Problem
a
Alice
b
Bob
•Who is my device really communicating with?•Spoofing
The Problem
a
Alice
b
Bob
x
X
•Who is my device really communicating with?•Spoofing
The Problem
a
Alice
x
X
•Who is my device really communicating with?•Spoofing
The Problem
a
Alice
x
Bob
•Who is my device really communicating with?•Spoofing
The Problem
a
K=gxa
Alice
x
K=gax
Bob
g, ga
gx
•Who is my device really communicating with?•Spoofing•Man in the middle
The Problem
a
Alice
b
Bob
x
X
•Who is my device really communicating with?•Spoofing•Man in the middle
The Problem
a
K1=gxa
Alice
b
K2=gxb
Bob
g, ga
gx
xK1=gax
K2=gbx
X
g, gx
gb
•Who is my device really communicating with?•Spoofing•Man in the middle
•Solution: Ensure communication with device that is closeAssumption: attacker is not between legitimate devices
The Problem
a
K1=gxa
Alice
b
K2=gxb
Bob
g, ga
gx
xK1=gax
K2=gbx
X
g, gx
gb
Existing Solutions
• Use a cable
• Use short range communication Bluetooth Infrared Laser Ultrasound Near field communication (NFC)
• Ask user to verify pairing Displaying keys Playing music, images
Existing Solutions
• Use a cable
• Use short range communication Bluetooth Infrared Laser Ultrasound Near field communication (NFC)
• Ask user to verify pairing Displaying keys Playing music, images
BlueSniper Rifle by Flexis
Key Idea
• Secure pairing requires a shared secret
• Devices in close proximity perceive a similar radio environment
• Derive shared secret from common radio environment Listen to traffic of ambient radio sources
Use knowledge of common radio environment as proof of
proximity
Advantages
• No extra hardware Leverage radio already available on device
• No user involvement to verify pairing
• Not subject to eavesdropping Secret derived by listening to ambient sources
Requirements on Radio Environment
1. Temporal variability• Signal fluctuates randomly at a single
location over time
-110
-105
-100
-95
-90
-85
-80
-75
time (s)
sign
al s
tren
gth
(dBm
)
Channel 1 Channel 2 Channel 3
Requirements on Radio Environment
2. Spatial variability• Values at different locations have low
correlation
Requirements on Radio Environment
3. Devices in proximity should perceive similar environment
5 cm 10 m
85% common pkts 40% common pkts
Potential Authentication Methods
• Proximity-based authentication token Diffie-Hellman Authenticate using the token
• Proximity-based encryption keys Directly from the common environment Less CPU intensive?
Amigo: Diffie-Hellman + Proximity Token
• Devises monitor radio environment following Diffie-Hellman key exchange
• Send to each other a signature
• Each device verifies that signature similar to own observation Signature does not have to remain secret after
exchange is over
Signature Verification
• Signature: sequence of hash of packet + RSSI• Segment size 1 second
Classifier
• 2 stage boosted binary stump classifier• Stage 1: Filters noisy data
Marks as invalid instances with % of common pkts bellow threshold (75% works well)
• Stage 2: Assigns a score to valid instances Function of differences in signal strength Converts scores into votes based on threshold Tally votes for all instances
Commitment Protocol• Reveal man-in-middle attack while exchanging signatures
• Forces attacker to forge data
• Break signature S into n blocks
• Generate nonce
• Each period exchange
• Knonce ( Hash (Ksession_key),Hash(id),si)
• Send nonce
a
K1=gxa
Alice
b
K2=gxb
Bob
KnA(H(K1)H(A)Si) xK1=gax
K2=gbx
X
KnB(H(K2)H(B)Si)
Scenario 1 : Simple Attacker
• 6 laptops Friendly 5cm away Attackers 1,3,5,10 meters
• WiFi – Orinoco Gold• All at same height • Line of sight
1m3m
10m5m
Best case for attacker
Traces
• 2 traces: training and testing 2 months apart 2 different location in the lab
• 10 minute trace
• 30 – 50 thousand pkts per laptop
• 11 access points
• 45 – 58 WiFi radio sources
Simple Attacker
• Can pair within 5 seconds
• Can detect attacker 3 meters away or more
• 1 meter is a problem
Local Entropy: Obstacles
False Positives
• Line-of-sight (1m) 81%
• Drywall (10cm) 100%
• Human (1m) 12%
• Concrete wall (30cm) 0%
• Human blocking attacker’s line of sight goes a long way to improve performance
Local Entropy: Movement
Hand waving helps!
• 5 laptops Friendly 1 m away Attackers 3,5,10 meters
• All at same height
• Line of sight
Stretching Co-Location
1m3m
10m5m
Stretching Co-Location
Scenario 2 : Attacker with Site Knowledge
• Before pairing Attacker samples exact pairing spot Creates RSSI distribution for every wireless
source it hears
• While pairing Pkts from know source assign RSSI from
distribution Pkts from unknown source
• Option 1 Discard
• Option 2 Leave unchanged (best)
Scenario 2 : Attacker with Site Knowledge
With hand waving false rate positives reaches 0 within 5 seconds
Scenario 3: “Omnipotent” Attacker
• Controls all radio sources Knows which pkts were received by victim
• Oracle: RSSI from current distribution
Conclusions
• Possible to use knowledge of radio environment to prove physical proximity
• Advantages No extra hardware No user involvement to verify pairing Not subject to eavesdropping
• Two potential methods Location-based authentication token Location-based encryption keys
Future Work
• System robustness Different cards and antennas Different environments
• Improve accuracy Software radios Multiple radios
• Proximity-based encryption keys
Questions?
Eyal de [email protected]
www.cs.toronto.edu/~delara
Varshavsky, Scannell, LaMarca, de Lara“Amigo: Proximity-based Authentication of Mobile Devices”
9th Int. Conference on Ubiquitous Computing (UbiComp) Innsbruck, Austria, Sep. 2007