Integrity Regions: Authentication through Presence in Wireless Networks

Despite years of intensive research, the main deterrents of widely deploying secure communication between wireless nodes remains the cumbersome key setup process. In this paper, we address this problem and we introduce Integrity (I) regions, a novel security primitive that enables message authentication in wireless networks without the use of preestablished or precertified keys. Integrity regions are based on the verification of entity proximity through time-of-arrival ranging techniques. IRegions can be efficiently implemented with ultrasonic ranging, in spite of the fact that ultrasound ranging techniques are vulnerable to distance enlargement and reduction attacks. We further show how IRegions can be used for key establishment in mobile peer-to-peer wireless networks and we propose a novel automatic key establishment approach, largely transparent to users, by leveraging on IRegions and nodes' mobility. We analyze our proposals against a multitude of security threats and we validate our findings via extensive simulations.

[1]  Nancy A. Lynch,et al.  Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[2]  Colin Boyd,et al.  Protocols for Key Establishment and Authentication , 2003 .

[3]  Ross J. Anderson,et al.  Key infection: smart trust for smart dust , 2004, Proceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004..

[4]  Stefano Basagni,et al.  Secure pebblenets , 2001, MobiHoc '01.

[5]  Michael Roe,et al.  Child-proof authentication for MIPv6 (CAM) , 2001, CCRV.

[6]  David Chaum,et al.  Distance-Bounding Protocols (Extended Abstract) , 1994, EUROCRYPT.

[7]  Wenyuan Xu,et al.  The feasibility of launching and detecting jamming attacks in wireless networks , 2005, MobiHoc '05.

[8]  David A. Wagner,et al.  TinySec: a link layer security architecture for wireless sensor networks , 2004, SenSys '04.

[9]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[10]  Srdjan Capkun,et al.  Key Agreement in Peer-to-Peer Wireless Networks , 2006, Proceedings of the IEEE.

[11]  Hugo Krawczyk,et al.  A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract) , 1998, STOC '98.

[12]  Jean-Pierre Hubaux,et al.  The quest for security in mobile ad hoc networks , 2001, MobiHoc '01.

[13]  Gabriel Montenegro,et al.  Statistically Unique and Cryptographically Verifiable (SUCV) Identifiers and Addresses , 2002, NDSS.

[14]  Julinda Stefa,et al.  SWIM: A Simple Model to Generate Small Mobile Worlds , 2008, IEEE INFOCOM 2009.

[15]  Michael K. Reiter,et al.  Seeing-is-believing: using camera phones for human-verifiable authentication , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[16]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[17]  David A. Maltz,et al.  Dynamic Source Routing in Ad Hoc Wireless Networks , 1994, Mobidata.

[18]  Dennis Kügler,et al.  "Man in the Middle" Attacks on Bluetooth , 2003, Financial Cryptography.

[19]  Frank Stajano,et al.  Security for Ubiquitous Computing , 2002, ICISC.

[20]  Philip R. Zimmermann,et al.  The official PGP user's guide , 1996 .

[21]  Jaap-Henk Hoepman,et al.  Private Handshakes , 2007, ESAS.

[22]  William A. Arbaugh,et al.  Bootstrapping security associations for routing in mobile ad-hoc networks , 2003, GLOBECOM '03. IEEE Global Telecommunications Conference (IEEE Cat. No.03CH37489).

[23]  Theodore S. Rappaport,et al.  Wireless communications - principles and practice , 1996 .

[24]  Diana K. Smetters,et al.  Talking to Strangers: Authentication in Ad-Hoc Wireless Networks , 2002, NDSS.

[25]  Srdjan Capkun,et al.  Proximity-based access control for implantable medical devices , 2009, CCS.

[26]  J.A. Stankovic,et al.  Denial of Service in Sensor Networks , 2002, Computer.

[27]  Hari Balakrishnan,et al.  6th ACM/IEEE International Conference on on Mobile Computing and Networking (ACM MOBICOM ’00) The Cricket Location-Support System , 2022 .

[28]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[29]  Claude Castelluccia,et al.  Shake them up!: a movement-based pairing protocol for CPU-constrained devices , 2005, MobiSys '05.

[30]  Ghassan O. Karame,et al.  Integrity Regions: Authentication through Presence in Wireless Networks , 2006, IEEE Transactions on Mobile Computing.

[31]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[32]  Jiejun Kong,et al.  Providing robust and ubiquitous security support for mobile ad-hoc networks , 2001, Proceedings Ninth International Conference on Network Protocols. ICNP 2001.

[33]  N. Asokan,et al.  Key agreement in ad hoc networks , 2000, Comput. Commun..

[34]  David A. Wagner,et al.  Secure verification of location claims , 2003, WiSe '03.

[35]  Zygmunt J. Haas,et al.  Securing ad hoc networks , 1999, IEEE Netw..

[36]  Michael Sirivianos,et al.  Loud and Clear: Human-Verifiable Authentication Based on Audio , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).

[37]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[38]  Srdjan Capkun,et al.  Integrity Codes: Message Integrity Protection and Authentication over Insecure Channels , 2006, IEEE Transactions on Dependable and Secure Computing.

[39]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[40]  Srdjan Capkun,et al.  SECTOR: secure tracking of node encounters in multi-hop wireless networks , 2003, SASN '03.

[41]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[42]  Sven Laur,et al.  Efficient Mutual Data Authentication Using Manually Authenticated Strings , 2006, CANS.