Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Pairing of Wireless Devices by Multiple Antenna Diversity Liang Cai University of California, Davis Joint work with Kai Zeng, Hao Chen, Prasant.

Published byStella Potter Modified over 8 years ago

Similar presentations

Presentation on theme: "Secure Pairing of Wireless Devices by Multiple Antenna Diversity Liang Cai University of California, Davis Joint work with Kai Zeng, Hao Chen, Prasant."— Presentation transcript:

1 Secure Pairing of Wireless Devices by Multiple Antenna Diversity Liang Cai University of California, Davis Joint work with Kai Zeng, Hao Chen, Prasant Mohapatra

2 Ubiquitous Wireless Devices 2

3 Wi-Fi Direct Allows peer-to-peer Wi-Fi connection (without AP) Requires no new hardware Specification and certified devices are coming soon 3

4 Secure Device Pairing Bootstrap secure communication between two devices. Common approach: shared PIN code Problems –Many devices have no keyboard (so they hardcode secrets) –Potential user error and vulnerability Solution: using out-of-band (OOB) channels 4

5 Visual Channel (Seeing is Believing) 5

6 Acoustic Channel (Loud and Clear) 6

7 Motion Channel (Shake well before use) 7

8 Limitations of OOB Channels OOB channels are not ubiquitous on all devices Some OOB channels are vulnerable to attacks (Halevi etc. CCS ’10) 8

9 Desirable Device Pairing Scheme Use no out-of-band channel Does NOT require the user to –Enter secrets (simplify user tasks), or –Verify secrets (avoid user mistakes) 9

10 Our scheme: Good Neighbor Use the wireless channel Securely pair devices based on proximity 10

11 Why not using Distance-bounding Protocols Cryptographic protocol that allows verifier V to establish an upper bound on physical distance to a prover P. Based on the fact that electro-magnetic waves travel nearly at the speed of light, but cannot travel faster Rely on a rapid bit exchange and require precise clocks to measure light-speed messages 11

12 Threat model Attackers can –Have powerful antennas –Have exact copies of the pairing devices –Know the exact location of the pairing devices Attackers can NOT –Come in close proximity of the receiver (Eg. less than 1m). –Compromise the pairing devices. –Jam the channel 12

13 Naïve Approach: Inferring proximity by RSS d = d 1 d = d 2 Changing P 0 Receiver Sender 13

14 L Improvement: Inferring proximity by RSS ratio d1d1 d2d2 Ratio : d’ 1 d’ 2 Ratio: >>0 ≈0 14

15 Antenna Diversity and IEEE 802.11n MIMO IBM T42P (Antennas diversity) Spatial diversity: to improve the quality and reliability of a wireless link Dell e5400 (MIMO antennas) Spatial diversity Spatial multiplexing (From 54Mbps to 600 Mbps) 15

16 Practical Problem: Unstable RSS Values Problem: –RSS values may fluctuate Solution: –Sender (S) sends a series of packets –Receiver (R) calculates the mean and deviation of the RSS values 16

17 Practical Problem: RSS saturation Problem: –RSS value saturates when the signal is too strong or too weak. Solution: (power probing) –S sends probing packets with different transmission power levels –R chooses the optimal power level that results in the largest RSS ratio 17

18 Practical Problem: Automatic Rate Adaptation Problem: –Inconsistent RSS values if the Automatic Rate Adaptation feature is enabled. Solution: –Disable Automatic Rate Adaptation. 18

19 Final scheme 19

20 Typical RSS ratio of successful device pairing RSS ratio 20

21 Antennas used in our experiments Type 1: internal antennas for Dell E5400 laptop Type 4: Dipole antenna Type 3: RP-SMA (f) socket Type 2: antennas for laptop mini PCI cards 21

22 Logarithmic relationship between RSS value and the sender-receiver distance 22

23 Linear relationship between RSS value and the transmission power 23

24 RSS saturation is observed when the distance decreases 24

25 Prototype 26cm Modify the driver to export RSS values seperately Threshold setting: r H = -r L = 11 σ valve =0.6 T valve = 1s Receiver Sender 25

26 26 Video

27 Prototype r<20cm 20cm<r<1m r>1m 27

28 Potential Attack using Multipath Effect Attacker may exploit multipath effect to find faraway locations that cause large RSS ratios 28

29 Mitigating with Frequency hopping 29

30 Potential Attack using Beam Forming Risk: Attackers may form a beam of signal with an antenna array Attackers need a very large antenna array (size of hundreds of meters when L=20cm, d>10m) 30

31 Future works Mutual authentication Apply our scheme to Bluetooth Applications that requires Near Field Communication 31

32 Conclusion A novel device-pairing scheme –Based on proximity –Requires no Out-of-Band Channel –Requires no user input or verification 32

Download ppt "Secure Pairing of Wireless Devices by Multiple Antenna Diversity Liang Cai University of California, Davis Joint work with Kai Zeng, Hao Chen, Prasant."

Similar presentations

Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig Carnegie Mellon University Message-In-a-Bottle: User-Friendly and Secure Cryptographic Key Deployment.

Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig Carnegie Mellon University Message-In-a-Bottle: User-Friendly and Secure Cryptographic Key Deployment.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
LANs and WANs. 2 Chapter Contents Section A: Network Building Blocks Section B: Wired Networks Section C: Wireless Networks Section D: Using LANs Section.

LANs and WANs. 2 Chapter Contents Section A: Network Building Blocks Section B: Wired Networks Section C: Wireless Networks Section D: Using LANs Section.
Wireless Networks: Signaling and Security William Tucker CEN 4516: Computer Networks FGCU: Fort Myers, FL: 09/05.

Wireless Networks: Signaling and Security William Tucker CEN 4516: Computer Networks FGCU: Fort Myers, FL: 09/05.
Bluetooth Technology. What is Bluetooth? Bluetooth is a short- range communications technology that allows devices to communicate with each other without.

Bluetooth Technology. What is Bluetooth? Bluetooth is a short- range communications technology that allows devices to communicate with each other without.
Wireless and going mobile Browsing via low energy photons.

Wireless and going mobile Browsing via low energy photons.
Secure Localization using Dynamic Verifiers Nashad A. Safa Joint Work With S. Sarkar, R. Safavi-Naini and M.Ghaderi.

Secure Localization using Dynamic Verifiers Nashad A. Safa Joint Work With S. Sarkar, R. Safavi-Naini and M.Ghaderi.
© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 6: Securing neighbor discovery.

© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 6: Securing neighbor discovery.
1 SMART ANTENNA TECHNIQUES AND THEIR APPLICATION TO WIRELESS AD HOC NETWORKS JACK H. WINTERS 2006 2007/11/13 碩一 謝旻欣.

1 SMART ANTENNA TECHNIQUES AND THEIR APPLICATION TO WIRELESS AD HOC NETWORKS JACK H. WINTERS /11/13 碩一 謝旻欣.
Can we get Wi-Fi connectivity for 15 µW? Bryce Kellogg.

Can we get Wi-Fi connectivity for 15 µW? Bryce Kellogg.
Conducted and Wireless Media (Part II) School of Business Eastern Illinois University © Abdou Illia, Spring 2007 (Week 7, Tuesday 2/21/2007)

Conducted and Wireless Media (Part II) School of Business Eastern Illinois University © Abdou Illia, Spring 2007 (Week 7, Tuesday 2/21/2007)
1 Understanding and Mitigating the Impact of RF Interference on 802.11 Networks Ramki Gummadi (MIT), David Wetherall (UW) Ben Greenstein (IRS), Srinivasan.

1 Understanding and Mitigating the Impact of RF Interference on Networks Ramki Gummadi (MIT), David Wetherall (UW) Ben Greenstein (IRS), Srinivasan.
5-1 Data Link Layer r What is Data Link Layer? r Wireless Networks m Wi-Fi (Wireless LAN) r Comparison with Ethernet.

5-1 Data Link Layer r What is Data Link Layer? r Wireless Networks m Wi-Fi (Wireless LAN) r Comparison with Ethernet.
802.11 Networks Olga Agnew Bryant Likes Daewon Seo.

Networks Olga Agnew Bryant Likes Daewon Seo.
How secure is Darren Adams, Kyle Coble, and Lakshmi Kasoji.

How secure is Darren Adams, Kyle Coble, and Lakshmi Kasoji.
Stacy Drake Bluetooth Vs. Wi-Fi. What is Bluetooth?

Stacy Drake Bluetooth Vs. Wi-Fi. What is Bluetooth?
MULTIPLE INPUT MULTIPLE OUTPUT SYSTEMS (MIMO)

MULTIPLE INPUT MULTIPLE OUTPUT SYSTEMS (MIMO)
1. 2  What is MIMO?  Basic Concepts of MIMO  Forms of MIMO  Concept of Cooperative MIMO  What is a Relay?  Why Relay channels?  Types of Relays.

1. 2  What is MIMO?  Basic Concepts of MIMO  Forms of MIMO  Concept of Cooperative MIMO  What is a Relay?  Why Relay channels?  Types of Relays.
Presented by: Arpit Jain 113050028 Guided by: Prof. D.B. Phatak.

Presented by: Arpit Jain Guided by: Prof. D.B. Phatak.
OSI Reference Model and Security COMP 423. The Physical Layer Establish and terminate the physical and logical connections to the media Manage the flow.

OSI Reference Model and Security COMP 423. The Physical Layer Establish and terminate the physical and logical connections to the media Manage the flow.

Similar presentations

Ads by Google