Integrity Regions: Authentication through Presence in Wireless Networks

Despite years of intensive research, the main deterrents of widely deploying secure communication between wireless nodes remains the cumbersome key setup process. In this paper, we address this problem and we introduce Integrity (I) regions, a novel security primitive that enables message authentication in wireless networks without the use of preestablished or precertified keys. Integrity regions are based on the verification of entity proximity through time-of-arrival ranging techniques. IRegions can be efficiently implemented with ultrasonic ranging, in spite of the fact that ultrasound ranging techniques are vulnerable to distance enlargement and reduction attacks. We further show how IRegions can be used for key establishment in mobile peer-to-peer wireless networks and we propose a novel automatic key establishment approach, largely transparent to users, by leveraging on IRegions and nodes' mobility. We analyze our proposals against a multitude of security threats and we validate our findings via extensive simulations.

[1]  David A. Wagner,et al.  Secure verification of location claims , 2003, WiSe '03.

[2]  Claude Castelluccia,et al.  Shake them up!: a movement-based pairing protocol for CPU-constrained devices , 2005, MobiSys '05.

[3]  Colin Boyd,et al.  Protocols for Key Establishment and Authentication , 2003 .

[4]  Wenyuan Xu,et al.  The feasibility of launching and detecting jamming attacks in wireless networks , 2005, MobiHoc '05.

[5]  Christian Gehrmann,et al.  Manual authentication for wireless devices , 2004 .

[6]  David A. Wagner,et al.  TinySec: a link layer security architecture for wireless sensor networks , 2004, SenSys '04.

[7]  Arjen K. Lenstra,et al.  Selecting Cryptographic Key Sizes , 2000, Journal of Cryptology.

[8]  Colin Boyd,et al.  Protocols for Authentication and Key Establishment , 2003, Information Security and Cryptography.

[9]  N. Asokan,et al.  Key agreement in ad hoc networks , 2000, Comput. Commun..

[10]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[11]  Michael K. Reiter,et al.  Seeing-is-believing: using camera phones for human-verifiable authentication , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[12]  Srdjan Capkun,et al.  Secure positioning of wireless devices with application to sensor networks , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[13]  Dennis Kügler,et al.  "Man in the Middle" Attacks on Bluetooth , 2003, Financial Cryptography.

[14]  Kaisa Nyberg,et al.  Enhancements to Bluetooth Baseband Security , 2007 .

[15]  Theodore S. Rappaport,et al.  Wireless communications - principles and practice , 1996 .

[16]  Diana K. Smetters,et al.  Talking to Strangers: Authentication in Ad-Hoc Wireless Networks , 2002, NDSS.

[17]  Ross J. Anderson,et al.  Key infection: smart trust for smart dust , 2004, Proceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004..

[18]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[19]  Srdjan Capkun,et al.  Proximity-based access control for implantable medical devices , 2009, CCS.

[20]  Jaap-Henk Hoepman,et al.  Private Handshakes , 2007, ESAS.

[21]  William A. Arbaugh,et al.  Bootstrapping security associations for routing in mobile ad-hoc networks , 2003, GLOBECOM '03. IEEE Global Telecommunications Conference (IEEE Cat. No.03CH37489).

[22]  Theodore S. Rappaport,et al.  Wireless Communications: Principles and Practice (2nd Edition) by , 2012 .

[23]  Srdjan Capkun,et al.  Integrity Regions: Authentication through Presence in Wireless Networks , 2010, IEEE Trans. Mob. Comput..

[24]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[25]  Hugo Krawczyk,et al.  A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract) , 1998, STOC '98.

[26]  Jean-Pierre Hubaux,et al.  The quest for security in mobile ad hoc networks , 2001, MobiHoc '01.

[27]  Markus Jakobsson,et al.  Security Weaknesses in Bluetooth , 2001, CT-RSA.

[28]  Philip R. Zimmermann,et al.  The official PGP user's guide , 1996 .

[29]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[30]  Theodore S. Rappaport,et al.  Wireless Communications -- Principles and Practice, Second Edition. (The Book End) , 2002 .

[31]  Tor Helleseth,et al.  Workshop on the theory and application of cryptographic techniques on Advances in cryptology , 1994 .

[32]  Dawn Song,et al.  Hash Visualization: a New Technique to improve Real-World Security , 1999 .

[33]  Sven Laur,et al.  Efficient Mutual Data Authentication Using Manually Authenticated Strings , 2006, CANS.

[34]  Robert J. Fontana Experimental Results from an Ultra Wideband Precision Geolocation System , 2002 .

[35]  Julinda Stefa,et al.  SWIM: A Simple Model to Generate Small Mobile Worlds , 2008, IEEE INFOCOM 2009.

[36]  David A. Maltz,et al.  Dynamic Source Routing in Ad Hoc Wireless Networks , 1994, Mobidata.

[37]  Srdjan Capkun,et al.  SECTOR: secure tracking of node encounters in multi-hop wireless networks , 2003, SASN '03.

[38]  Srdjan Capkun,et al.  Integrity Codes: Message Integrity Protection and Authentication over Insecure Channels , 2006, IEEE Transactions on Dependable and Secure Computing.

[39]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[40]  Silvio Micali,et al.  The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..

[41]  Srdjan Capkun,et al.  Key Agreement in Peer-to-Peer Wireless Networks , 2006, Proceedings of the IEEE.

[42]  Wenbo Mao,et al.  Modern Cryptography: Theory and Practice , 2003 .

[43]  J.A. Stankovic,et al.  Denial of Service in Sensor Networks , 2002, Computer.

[44]  Hari Balakrishnan,et al.  6th ACM/IEEE International Conference on on Mobile Computing and Networking (ACM MOBICOM ’00) The Cricket Location-Support System , 2022 .

[45]  Stefano Basagni,et al.  Secure pebblenets , 2001, MobiHoc '01.

[46]  Michael Roe,et al.  Child-proof authentication for MIPv6 (CAM) , 2001, CCRV.

[47]  1995 Liu,et al.  United States Patent , 2011 .

[48]  Gabriel Montenegro,et al.  Statistically Unique and Cryptographically Verifiable (SUCV) Identifiers and Addresses , 2002, NDSS.

[49]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[50]  David C. Plummer,et al.  Ethernet Address Resolution Protocol: Or Converting Network Protocol Addresses to 48.bit Ethernet Address for Transmission on Ethernet Hardware , 1982, RFC.

[51]  Bowen Alpern,et al.  Key Exchange Using 'Keyless Cryptography' , 1983, Inf. Process. Lett..

[52]  Seif Haridi,et al.  Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[53]  Jiejun Kong,et al.  Providing robust and ubiquitous security support for mobile ad-hoc networks , 2001, Proceedings Ninth International Conference on Network Protocols. ICNP 2001.

[54]  Frank Stajano,et al.  Security for Ubiquitous Computing , 2002, ICISC.

[55]  Zygmunt J. Haas,et al.  Securing ad hoc networks , 1999, IEEE Netw..

[56]  Michael Sirivianos,et al.  Loud and Clear: Human-Verifiable Authentication Based on Audio , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).

[57]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.