Embed Size (px)
Citation preview
SECURE WIRELESS COMMUNICATION WITH DYNAMIC SECRETS
Sheng Xiao, Weibo Gong and Don Towsley,2010 Infocom
Outline
Problem statement Overview Dynamic secrets
ExtractionCollectionAmplification
System secret protection Bootstrapping security and implementation Summary and conclusion
Problem statement
Data security in wireless communication
Security mechanism desirable in the case of secret leakage
Solution: use dynamic secrets, based on the link layer communications between wireless devices
Related Work
Prior work uses the wireless physical channel properties for secret sharing
However, they usually demand special hardware upgrades or at least specific interfaces to provide channel measurement information.
Related Work Instead of working with the physical layer
channel model to calculate the secret capacity, we shift attention to the link layer and emphasize the dynamics of secrets.
In wireless communication, it is practically impossible to eavesdrop link layer communication for a long period without errors
The single-point of failure occurs at the attackers
Outline
Problem statement Overview Dynamic secrets
ExtractionCollectionAmplification
System secret protection Bootstrapping security and implementation Summary and conclusion
Series of Dynamic Secrets Let Hk indicates how many bits the adversary
needs to guess about the key. When Hk = 0, the adversary knows the key explicitly and the communication is not secure.
Solution: Use a series of dynamic secrets, i.e., updates between t0 and t1
Rationale: Secrecy replenished as the attacker cannot constantly overhear perfectly
Secret Safety Model
No dynamic secrets
Dynamic secrets, i.e.,
Advantage of Dynamic Secret Information loss is not recoverable by any
computational effort
Information loss can be accumulated
Outline
Problem statement Overview Dynamic secrets
ExtractionCollectionAmplification
System secret protection Bootstrapping security and implementation Summary and conclusion
Extracting Dynamic Secrets Key ideas
Monitor retransmissionsSender and receiver agree on set of framesHash such frames into dynamic secrets
One Time Frame (OTF) is refers to a frame that is only aired once and correctly received.
AET Algorithms
Example: Stop-n-Wait
Collecting Dynamic Secrets Maintain a set of frames ψ
Initially ψs = ψr = Ø
Remarksψs and ψr differ of at most 1 frame
The reception of a new frame ensures ψs = ψr
Collecting Dynamic Secrets Maintain a set of frames ψ
Initially ψs = ψr = Ø
Remarksψs and ψr differ of at most 1 frame
The reception of a new frame ensures ψs = ψr
ψ
Amplifying Attacker’s Entropy Goal: Increase attacker’s uncertainty Input: ψ set Output: A secret S with high entropy
Denoted as
S = F(ψ)
Amplifying Attacker’s Entropy Random hashing theory
uniform-randomly choosing a function from a universal-2 hashing class
The expected hash output distribution will be close to the uniform distribution when the output is sufficiently short [1] - J.L. Carter and M. N. Wegman. Universal classes of hash functions. Journal of Computer and System Sciences, 18:396-407, 1979
Amplifying Attacker’s Entropy Entropy amplification
If Attacker has < 1 bit info about S If Uncertainty bounded by ϵ - 1
[2] – Alfred Rényi. On measures of information and entropy. In Proceedings of the 4° Berkeley Symposium on Mathematics, Statistics and Probability, 1960
Dynamic Secret Generation The above discussion justifies the use of the
following method
Collect OTFs until | ψ | > nts
Agree on a randomly chosen universal-2 hash function F
Generate S(t) = F(ψ)Reset ψ = Ø
Outline
Problem statement Overview Dynamic secrets
ExtractionCollectionAmplification
System secret protection Bootstrapping security and implementation Summary and conclusion
System Secret Protection
At secret generationDivide s(t) = u(t) || v(t)To protect the private public key pair and secret
symmetric key respectively
Remark: information loss will accumulate Entropy is non decreasing
System Secret Protection
Outline
Problem statement Overview Dynamic secrets
ExtractionCollectionAmplification
System secret protection Bootstrapping security and implementation Summary and conclusion
Bootstrapping Security
Scenario: Use time to invest in security Solution: the sender transmits random
data at first to build up security
Prototype Implementation 802.11g
Hash
Extracting dynamic secrets at sender
Extracting dynamic secrets at receiver
Outline
Problem statement Overview Dynamic secrets
ExtractionCollectionAmplification
System secret protection Bootstrapping security and implementation Summary and conclusion
Summary and conclusion
Our work strengthens security in the case of secrecy leakages by using dynamic secrets
For future work, use prototype for experimental evaluation
