Visible to the public Biblio

Filters: Keyword is key establishment  [Clear All Filters]
Ghose, Nirnimesh, Lazos, Loukas, Li, Ming.  2018.  Secure Device Bootstrapping Without Secrets Resistant to Signal Manipulation Attacks. 2018 IEEE Symposium on Security and Privacy (SP). :819-835.
In this paper, we address the fundamental problem of securely bootstrapping a group of wireless devices to a hub, when none of the devices share prior associations (secrets) with the hub or between them. This scenario aligns with the secure deployment of body area networks, IoT, medical devices, industrial automation sensors, autonomous vehicles, and others. We develop VERSE, a physical-layer group message integrity verification primitive that effectively detects advanced wireless signal manipulations that can be used to launch man-in-the-middle (MitM) attacks over wireless. Without using shared secrets to establish authenticated channels, such attacks are notoriously difficult to thwart and can undermine the authentication and key establishment processes. VERSE exploits the existence of multiple devices to verify the integrity of the messages exchanged within the group. We then use VERSE to build a bootstrapping protocol, which securely introduces new devices to the network. Compared to the state-of-the-art, VERSE achieves in-band message integrity verification during secure pairing using only the RF modality without relying on out-of-band channels or extensive human involvement. It guarantees security even when the adversary is capable of fully controlling the wireless channel by annihilating and injecting wireless signals. We study the limits of such advanced wireless attacks and prove that the introduction of multiple legitimate devices can be leveraged to increase the security of the pairing process. We validate our claims via theoretical analysis and extensive experimentations on the USRP platform. We further discuss various implementation aspects such as the effect of time synchronization between devices and the effects of multipath and interference. Note that the elimination of shared secrets, default passwords, and public key infrastructures effectively addresses the related key management challenges when these are considered at scale.
Zhang, Yuexin, Xiang, Yang, Huang, Xinyi.  2017.  A Cross-Layer Key Establishment Model for Wireless Devices in Cyber-Physical Systems. Proceedings of the 3rd ACM Workshop on Cyber-Physical System Security. :43–53.

Wireless communications in Cyber-Physical Systems (CPS) are vulnerable to many adversarial attacks such as eavesdropping. To secure the communications, secret session keys need to be established between wireless devices. In existing symmetric key establishment protocols, it is assumed that devices are pre-loaded with secrets. In the CPS, however, wireless devices are produced by different companies. It is not practical to assume that the devices are pre-loaded with certain secrets when they leave companies. As a consequence, existing symmetric key establishment protocols cannot be directly implemented in the CPS. Motivated by these observations, this paper presents a cross-layer key establishment model for heterogeneous wireless devices in the CPS. Specifically, by implementing our model, wireless devices extract master keys (shared with the system authority) at the physical layer using ambient wireless signals. Then, the system authority distributes secrets for devices (according to an existing symmetric key establishment protocol) by making use of the extracted master keys. Completing these operations, wireless devices can establish secret session keys at higher layers by calling the employed key establishment protocol. Additionally, we prove the security of the proposed model. We analyse the performance of the new model by implementing it and converting existing symmetric key establishment protocols into cross-layer key establishment protocols.