1. Dynamic Security in Wireless Communications
Sheng Xiao, Weibo Gong and Don Towsley
University of Massachusetts, Amherst

2. Outline Motivation Dynamic Secrets in Wireless Communications
security and the time scales of network activities
Dynamic Secrets in Wireless Communications
Algorithms for Dynamic Security
Adversarial Models
A Simple ON-OFF Model for Dynamic Security

3. Motivation: Randomness in Communication is a Resource for Security
“LRD is all about time scales” – [Anatharam 09]
“network dynamics depend on operations at different layers and time scales” – [Resnick et, al 03]
Hierarchical ON-OFF models for communication activities – [many authors]
Randomness of wireless channels at various time scales is a great resource for secrecy
Information loss in wireless channels could be used for security. [Wyner 75, Maurer 95, 02, Rabin 01]
Dynamic Secrets - frequently update the security key using channel randomness
Parity code for security purpose: easy to detect error but hard to correct – Gallager’s HDPC
Dynamic secrets as an improvement, not a replacement: it can be used to compliment the current security technologies - [Xiao et, al 10]

4. Motivation : Time Scales in Network Activities
human activities
application layer
network layer
link layer
physical layer
Network traffic can be modeled as a product of hierarchical ON-OFF processes at different time scales. [Misra et al 98, Resnick et al 03, etc.]

5. Time Scales of Security Schemes
Time scale of a security scheme is defined as the life span of a master key (root secret).
digital certificate
wireless network secret key (typically change when hardware upgrade)
password (could be obliged to change every several months)
faster key updates?
decades
years
months
Note: Session keys are derived from a master key (root secret). Whether or not use session key has no effect on time scale of a security scheme.
Security measures at large time scales allow adversary to have sufficient time to attack.

6. Time Scales of Attacks
factorize large number (~1000 bits)
exhaustive search for keys < 64 bits (such as DES)
social engineering attacks
Trojan and Botnet
exploit algorithm design and implementation flaws
decades
years
months
days
hours
Technology advancement help accelerate attacks.
Frequent key updates are desired to defend against fast attacks.

7. Dynamic Secrets in Wireless Communications
Motivation
Dynamic Secrets in Wireless Communications
adversary’s information loss is user’s secret
Algorithms for Dynamic Security
Adversarial Models
A Simple ON-OFF Model for Dynamic Security

8. Explore the Key Space Alice Bob
conventional k is only a small, static portion of all freely available secret information.
k could be updated frequently since communication between Alice and Bob can occur very often.
Eve’s information loss to Alice and Bob’s communication helps security. An error-prone communication phase is favorable for security.
Eve

9. A Wireless, Packet Level Example
Alice 1 2 3 4 5 6 7 8 9
Bob 4 5 7 8
Eve 2 3 4 6 7 8 9
Independent, lossy wireless channels. Eve could miss s even with better receiver.
Alice-Bob communication generates dynamic secrets s1, s2, s3,… Starting from initial key k0, key k iteratively updated by XOR with dynamic secrets. Eve defeated if misses any dynamic secret.
Adversary’s information loss provides secrecy to k.

10. Dynamic Secrets in Wireless Communications
Motivation
Dynamic Secrets in Wireless Communications
Algorithms for Dynamic Security
exploit true randomness in wireless channels
Adversarial Models
A Simple ON-OFF Model for Dynamic Security

11. Capture the Transmission Randomness1 2
timeout 3 4
…………
Alice
Bob
OTF (One Time Frame) – frame only transmitted once : 1 and 4
Non-OTF – retransmitted frame : 2 and 3
Alice, Bob synchronously classify frames as OTFs / non-OTFs using local information.
Classification extracts randomness from wireless channels.

12. Generate Dynamic Secrets and Dynamic Key
1 – bit strings in collected OTFs
2 – bit strings in collected non-OTFs
if | 1 |  nts or|2|  nts
threshold nts determines how often k updated
value of k, update time contain true randomness

13. Dynamic Security Experiment in Office WLAN
Even in an ideal anechoic chamber environment with multiple colluding adversaries, information loss still non-negligible after several minutes [Serrano et, al. 2009].

14. Mobility can Help Security
Mobility is another layer of randomness in wireless communications.
Alice
Bob
Eve’s error-free
eavesdropping region
Alice and Bob’s mobility is an unpredictable factor that can cause Eve’s information loss. Mobility greatly increases difficulty for Eve to track k.
Similarly, multi-channel communication
Eve must fight against all possible information loss factors to track dynamic key k. Eve suffers from single point of failure.

15. Dynamic Secrets in Wireless Communications
Motivation
Dynamic Secrets in Wireless Communications
Algorithms for Dynamic Security
Adversarial Models
security improvements against various adversaries
A Simple ON-OFF Model for Dynamic Security

16. Adversary I: Eavesdropping Attack
Alice
Bob
Eve allowed to passively eavesdrop wireless signals.
Eve
Eve needs to maintain error-free eavesdropping in order to succeed.

17. Adversary II: Trojan Attack
Alice
Bob
Eve allowed to plant Trojan program on Bob.
Eve
Trojan program forced to be always be active to track k and constantly report k back to Eve. Eve will have limited time to exploit k because k changes frequently.

18. Adversary III: Man-In-The-Middle (MITM)
Alice
Bob
Eve allowed to know everything communicated between Alice and Bob.
Eve
Dynamic security forces Eve to always be present as MITM from the very beginning of Alice-Bob communication.

19. Adversary IV: Spoofing Attack
Alice
Bob
Eve learns k. She impersonates as Alice to send requests to Bob. k
Eve
Alice and Bob immediately detect this attack when they communicate, i.e. inherent intrusion detection.

20. Dynamic Secrets in Wireless Communications
Motivation
Dynamic Secrets in Wireless Communications
Algorithms for Dynamic Security
Adversarial Models
A Simple ON-OFF Model for Dynamic Security
compare time scales of security schemes

21. ON-OFF Security Model: Periodic Key Updates
Eve obtains k
secure
not
secure
Alice and Bob use key k to secure communication.
Eve attempts to crack key k.
k updates
The events that Eve successfully obtains k are modeled as independent arrivals in a Poisson stream with rate λ. An administrator manually update k for every T time.
Current time scale of security is too large to control damage of key cracking attacks. 21

22. ON-OFF Security Model : Dynamic Key Updates
Eve obtains k
secure
not
secure
Alice and Bob use dynamic key k to secure
communication. Eve attempts to crack key k.
Eve loses track of k
Assuming Eve’s frame error probability is p. Sojourn time in “not secure” state follows geometric distribution. Alice and Bob communicate with frame rate R.
“Typical frame error rate (FER) for IEEE and TCP/IP protocol suite is 2-3% but mobility of station increases FER by about 30%.” Xylomenos G., Polyzos G.C., Mahonen P. and Saaranen M.: TCP Performance Issues over Wireless Links. IEEE Communications Magazine, April 2001
Alice and Bob can improve security by increasing R or artificially jam the wireless environment to limit p.
Time scale of dynamic security can defend many practical attacks. 22

23. Summary and Future Works
Fine time scale security is needed to defend against fast attacks
Inherent errors in wireless communications enables cost-efficient, frequent key updates, e.g. small time scale security
Security improvements possible in various adversarial models
Future Works
Model and analyze key secrecy in different traffic distributions, e.g. independent vs. LRD
Investigate the system security over multi-scale security mechanisms