PSP: proximity-based secure pairing of mobile devices using WiFi signals

Wireless device-to-device (D2D) communication, which enables direct communication between co-located devices without Internet access, is becoming common. Simultaneously, security issues have become technical barriers to D2D communication due to its “open-air” nature and lack of centralized control. Automatically establishing the secure association between wireless devices that do not share a prior trust remains an open and challenging problem. Recent work has proposed to extract shared keys from the similar ambient radio signals of two co-located wireless devices. Using such methods, information reconciliation based on error-correcting techniques is implemented to make two co-located devices extract the same bitstreams as the shared keys from their similar ambient radio environment. However, due to the bounded capability of the error-correcting code, existing methods can only work effectively in a very short distance range. In this paper, we propose a novel solution, called proximity-based secure pairing (PSP), which allows two wireless devices in physical proximity to automatically authenticate each other and obtain shared keys according to the channel state information of the WiFi signals. In contrast to existing methods, PSP is built on private set intersection computation rather than information reconciliation, which makes it effective over a wider distance range while ensuring security and efficiency. We provide a thorough security analysis and performance evaluation of PSP and demonstrate its advantages in terms of security, efficiency and usability over state-of-the-art methods.

[1]  Imran Memon,et al.  Dynamic path privacy protection framework for continuous query service over road networks , 2016, World Wide Web.

[2]  Gilles Brassard,et al.  Secret-Key Reconciliation by Public Discussion , 1994, EUROCRYPT.

[3]  Chuankun Wu,et al.  An Unconditionally Secure Protocol for Multi-Party Set Intersection , 2007, ACNS.

[4]  Hai Su,et al.  Fast and scalable secret key generation exploiting channel phase randomness in wireless networks , 2011, 2011 Proceedings IEEE INFOCOM.

[5]  Mukhtiar Ali Unar,et al.  Privacy Preserving Dynamic Pseudonym-Based Multiple Mix-Zones Authentication Protocol over Road Networks , 2017, Wirel. Pers. Commun..

[6]  Tatsuaki Okamoto,et al.  A New Public-Key Cryptosystem as Secure as Factoring , 1998, EUROCRYPT.

[7]  Akbar M. Sayeed,et al.  Secure wireless communications: Secret keys through multipath , 2008, 2008 IEEE International Conference on Acoustics, Speech and Signal Processing.

[8]  Michael Sirivianos,et al.  Loud and Clear: Human-Verifiable Authentication Based on Audio , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).

[9]  Theodore S. Rappaport,et al.  Wireless communications - principles and practice , 1996 .

[10]  Benny Pinkas,et al.  Efficient Private Matching and Set Intersection , 2004, EUROCRYPT.

[11]  Ueli Maurer,et al.  Linking information reconciliation and privacy amplification , 1997, Journal of Cryptology.

[12]  David Wetherall,et al.  Tool release: gathering 802.11n traces with channel state information , 2011, CCRV.

[13]  Michael K. Reiter,et al.  Seeing-is-believing: using camera phones for human-verifiable authentication , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[14]  Ueli Maurer,et al.  Secret key agreement by public discussion from common information , 1993, IEEE Trans. Inf. Theory.

[15]  Marina Ruggieri,et al.  Special Issue on “Future Tele-Infrastructure for Multi-sensory Devices (FIND)” , 2017, Wirel. Pers. Commun..

[16]  Wade Trappe,et al.  ProxiMate: proximity-based secure pairing using ambient wireless signals , 2011, MobiSys '11.

[17]  Fan Wu,et al.  Improvement of content delivery in Mobile Social Networks , 2013, 2013 International Conference on Computational Problem-Solving (ICCP).

[18]  Marco Gruteser,et al.  Improving robustness of key extraction from wireless channels with differential techniques , 2012, 2012 International Conference on Computing, Networking and Communications (ICNC).

[19]  Yong Wang,et al.  Velocity similarity anonymization for continuous query Location based services , 2013, 2013 International Conference on Computational Problem-Solving (ICCP).

[20]  Eyal de Lara,et al.  Amigo: Proximity-Based Authentication of Mobile Devices , 2007, UbiComp.

[21]  Imran Memon,et al.  Design and Implementation to Authentication over a GSM System Using Certificate-Less Public Key Cryptography (CL-PKC) , 2014, Wirel. Pers. Commun..

[22]  Chung Gu Kang,et al.  Mobile caching policies for device-to-device (D2D) content delivery networking , 2014, 2014 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[23]  Stark C. Draper,et al.  Impact of channel sparsity and correlated eavesdropping on secret key generation from multipath channel randomness , 2010, 2010 IEEE International Symposium on Information Theory.

[24]  Yang Wang,et al.  Fast and practical secret key extraction by exploiting channel response , 2013, 2013 Proceedings IEEE INFOCOM.

[25]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[26]  Shaojie Tang,et al.  KEEP: Fast secret key extraction protocol for D2D communication , 2014, 2014 IEEE 22nd International Symposium of Quality of Service (IWQoS).

[27]  Wade Trappe,et al.  Radio-telepathy: extracting a secret key from an unauthenticated wireless channel , 2008, MobiCom '08.

[28]  John McEachen,et al.  Unconditionally secure communications over fading channels , 2001, 2001 MILCOM Proceedings Communications for Network-Centric Operations: Creating the Information Force (Cat. No.01CH37277).

[29]  Renato Renner,et al.  Simple and Tight Bounds for Information Reconciliation and Privacy Amplification , 2005, ASIACRYPT.

[30]  Stark C. Draper,et al.  Exploiting Channel Diversity in Secret Key Generation From Multipath Fading Randomness , 2011, IEEE Transactions on Information Forensics and Security.

[31]  Imran Memon,et al.  Efficient User Based Authentication Protocol for Location Based Services Discovery Over Road Networks , 2017, Wirel. Pers. Commun..

[32]  Imran Memon,et al.  Enhanced Privacy and Authentication: An Efficient and Secure Anonymous Communication for Location Based Service Using Asymmetric Cryptography Scheme , 2015, Wirel. Pers. Commun..

[33]  René Mayrhofer,et al.  Shake Well Before Use: Authentication Based on Accelerometer Data , 2007, Pervasive.

[34]  Eldad Perahia,et al.  Next Generation Wireless LANs: 802.11n and 802.11ac , 2013 .

[35]  David Tse,et al.  Channel Identification: Secret Sharing Using Reciprocity in Ultrawideband Channels , 2007, IEEE Transactions on Information Forensics and Security.

[36]  Sneha Kumar Kasera,et al.  Secret Key Extraction from Wireless Signal Strength in Real Environments , 2013, IEEE Trans. Mob. Comput..

[37]  Sneha Kumar Kasera,et al.  Secret Key Extraction from Wireless Signal Strength in Real Environments , 2009, IEEE Transactions on Mobile Computing.

[38]  Rudolf Ahlswede,et al.  Common Randomness in Information Theory and Cryptography - Part II: CR Capacity , 1998, IEEE Trans. Inf. Theory.

[39]  Jie Yang,et al.  Collaborative secret key extraction leveraging Received Signal Strength in mobile wireless networks , 2012, 2012 Proceedings IEEE INFOCOM.

[40]  Jacques Stern,et al.  A new public key cryptosystem based on higher residues , 1998, CCS '98.

[41]  Xiong Li,et al.  Provably secure user authentication and key agreement scheme for wireless sensor networks , 2016, Secur. Commun. Networks.