Secure Initialization of Multiple Constrained Wireless Devices for an Unaided User

A number of protocols and mechanisms have been proposed to address the problem of initial secure key deployment in wireless networks. Most existing approaches work either with a small number of wireless devices (i.e., two) or otherwise rely on the presence of an auxiliary device (such as a programmable camera, computer, or Faraday cage). In this paper, we design a solution that allows a user unaided initialization (free from auxiliary devices) of a relatively large number of wireless devices. The proposed solution is based on a novel multichannel Group message Authentication Protocol (GAP), in which information is transmitted over both a radio and a visible light channel (VLC). A notable feature of GAP is that the information to be authenticated is independent of the short authentication string\o be verified by the user (an indirect binding protocol [28]). This, as we show, results in a lower communication cost compared to existing direct binding protocols. The advantage in terms of the communication cost of our GAP protocol is especially important for power-constrained devices, such as wireless sensor motes. Another appealing feature of GAP is that it is secure in the attacker model where the VLC is semiauthentic, whereas existing protocols consider VLC to be authentic. This is made possible by using joint Manchester-Berger unidirectional error-detection codes that are secure and easy to interpret by a nonspecialist and unaided end user. Our overall key deployment mechanism has minimal hardware requirements: one LED, one button and, of course, a radio transceiver, and is thus suitable for initializing devices with constrained interfaces, such as (multiple) wireless sensor motes. We demonstrate the feasibility of the proposed method via a preliminary usability study. The study indicates that the method has reasonably low execution time, minimal error rate, and is user friendly.

[1]  David A. Wagner,et al.  TinySec: a link layer security architecture for wireless sensor networks , 2004, SenSys '04.

[2]  Marimuthu Palaniswami,et al.  KALwEN: a new practical and interoperable key management scheme for body sensor networks , 2008, Secur. Commun. Networks.

[3]  Claude Castelluccia,et al.  Shake them up!: a movement-based pairing protocol for CPU-constrained devices , 2005, MobiSys '05.

[4]  Dawn Xiaodong Song,et al.  Random key predistribution schemes for sensor networks , 2003, 2003 Symposium on Security and Privacy, 2003..

[5]  Nitesh Saxena,et al.  Efficient Device Pairing Using "Human-Comparable" Synchronized Audiovisual Patterns , 2008, ACNS.

[6]  Sven Laur,et al.  User-aided data authentication , 2009, Int. J. Secur. Networks.

[7]  Gerhard Fettweis,et al.  On the transmission-computation-energy tradeoff in wireless and fixed networks , 2010, 2010 IEEE Globecom Workshops.

[8]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[9]  Gene Tsudik,et al.  Groupthink: usability of secure group association for wireless devices , 2010, UbiComp.

[10]  Bo-Yin Yang,et al.  GAnGS: gather, authenticate 'n group securely , 2008, MobiCom '08.

[11]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[12]  Ross J. Anderson,et al.  Key infection: smart trust for smart dust , 2004, Proceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004..

[13]  Bernt Schiele,et al.  Smart-Its Friends: A Technique for Users to Easily Establish Connections between Smart Artefacts , 2001, UbiComp.

[14]  Ming Li,et al.  Group Device Pairing based Secure Sensor Association and Key Management for Body Area Networks , 2010, 2010 Proceedings IEEE INFOCOM.

[15]  Frank Stajano,et al.  Multichannel Security Protocols , 2007, IEEE Pervasive Computing.

[16]  Jay M. Berger A Note on Error Detection Codes for Asymmetric Channels , 1961, Inf. Control..

[17]  Nitesh Saxena,et al.  Universal device pairing using an auxiliary device , 2008, SOUPS '08.

[18]  Srdjan Capkun,et al.  Key Agreement in Peer-to-Peer Wireless Networks , 2006, Proceedings of the IEEE.

[19]  Virgil D. Gligor,et al.  A key-management scheme for distributed sensor networks , 2002, CCS '02.

[20]  Rodrigo Roman,et al.  KeyLED - transmitting sensitive data over out-of-band channels in wireless sensor networks , 2008, 2008 5th IEEE International Conference on Mobile Ad Hoc and Sensor Systems.

[21]  Blake Hannaford,et al.  "Are You with Me?" - Using Accelerometers to Determine If Two Devices Are Carried by the Same Person , 2004, Pervasive.

[22]  Nitesh Saxena,et al.  Blink 'Em All: Scalable, User-Friendly and Secure Initialization of Wireless Sensor Nodes , 2009, CANS.

[23]  Yunghsiang Sam Han,et al.  A pairwise key pre-distribution scheme for wireless sensor networks , 2003, CCS '03.

[24]  Rene Mayrhofer,et al.  Shake well before use: two implementations for implicit context authentication , 2007 .

[25]  Hung-Min Sun,et al.  SPATE: Small-Group PKI-Less Authenticated Trust Establishment , 2010, IEEE Transactions on Mobile Computing.

[26]  David E. Culler,et al.  SPINS: security protocols for sensor networks , 2001, MobiCom '01.

[27]  Sven Laur,et al.  SAS-Based Group Authentication and Key Agreement Protocols , 2008, Public Key Cryptography.

[28]  Arun Kumar,et al.  Caveat Emptor: A Comparative Study of Secure Device Pairing Methods , 2009, PerCom.

[29]  Serge Vaudenay,et al.  Secure Communications over Insecure Channels Based on Short Authenticated Strings , 2005, CRYPTO.

[30]  Gabriel Montenegro,et al.  IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs): Overview, Assumptions, Problem Statement, and Goals , 2007, RFC.

[31]  René Mayrhofer,et al.  A Human-Verifiable Authentication Protocol Using Visible Laser Light , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[32]  Ivo Stancic,et al.  Multichannel Protocols for User-Friendly and Scalable Initialization of Sensor Networks , 2009, SecureComm.

[33]  J. B. Brooke,et al.  SUS: A 'Quick and Dirty' Usability Scale , 1996 .

[34]  Donggang Liu,et al.  Establishing pairwise keys in distributed sensor networks , 2005, TSEC.

[35]  Diana K. Smetters,et al.  Talking to Strangers: Authentication in Ad-Hoc Wireless Networks , 2002, NDSS.

[36]  Sasikanth Avancha,et al.  Security for Sensor Networks , 2004 .

[37]  Michael K. Reiter,et al.  Seeing-is-believing: using camera phones for human-verifiable authentication , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[38]  Adrian Perrig,et al.  Message-in-a-bottle: user-friendly and secure key deployment for sensor nodes , 2007, SenSys '07.

[39]  Nitesh Saxena,et al.  Automated Device Pairing for Asymmetric Pairing Scenarios , 2008, ICICS.

[40]  A. W. Roscoe,et al.  Authentication protocols based on low-bandwidth unspoofable channels: A comparative survey , 2011, J. Comput. Secur..

[41]  Claudio Soriente,et al.  HAPADEP: Human-Assisted Pure Audio Device Pairing , 2008, ISC.