The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.11 - November (2010 vol.9)
pp: 1608-1621
Srdjan Čapkun , ETH Zurich, Zurich
Mario Čagalj , University of Split, Split
Ghassan O. Karame , ETH Zurich, Zurich
Nils Ole Tippenhauer , ETH Zurich, Zurich
ABSTRACT
Despite years of intensive research, the main deterrents of widely deploying secure communication between wireless nodes remains the cumbersome key setup process. In this paper, we address this problem and we introduce Integrity (I) regions, a novel security primitive that enables message authentication in wireless networks without the use of preestablished or precertified keys. Integrity regions are based on the verification of entity proximity through time-of-arrival ranging techniques. IRegions can be efficiently implemented with ultrasonic ranging, in spite of the fact that ultrasound ranging techniques are vulnerable to distance enlargement and reduction attacks. We further show how IRegions can be used for key establishment in mobile peer-to-peer wireless networks and we propose a novel automatic key establishment approach, largely transparent to users, by leveraging on IRegions and nodes' mobility. We analyze our proposals against a multitude of security threats and we validate our findings via extensive simulations.
INDEX TERMS
Authentication, key establishment, distance bounding, node mobility, wireless networks.
CITATION
Srdjan Čapkun, Mario Čagalj, Ghassan O. Karame, Nils Ole Tippenhauer, "Integrity Regions: Authentication through Presence in Wireless Networks", IEEE Transactions on Mobile Computing, vol.9, no. 11, pp. 1608-1621, November 2010, doi:10.1109/TMC.2010.127
REFERENCES
[1] T.S. Rappaport and T. Rappaport, Wireless Communications: Principles and Practice, second ed., Prentice Hall, Dec. 2001.
[2] W. Diffie and M.E. Hellman, "New Directions in Cryptography," IEEE Trans. Information Theory, vol. 22, no. 6, pp. 644-654, Nov. 1976.
[3] C.A. Boyd and A. Mathuria, Protocols for Key Establishment and Authentication. Springer-Verlag New York, Inc., 2003.
[4] K.B. Rasmussen, C. Castelluccia, T.S. Heydt-Benjamin, and S. Čapkun, "Proximity-Based Access Control for Implantable Medical Devices," Proc. 16th ACM Conf. Computer and Comm. Security (CCS '09), 2009.
[5] S. Čapkun and M. Čagalj, "Integrity Regions: Authentication through Presence in Wireless Networks," Proc. ACM Workshop Wireless Security (WiSe '06), 2006.
[6] D. Kügler, "Man in the Middle Attacks on Bluetooth," Proc. Financial Cryptography, 2003.
[7] W. Xu, W. Trappe, Y. Zhang, and T. Wood, "The Feasibility of Launching and Detecting Jamming Attacks in Wireless Networks," Proc. ACM MobiHoc, 2005.
[8] F. Stajano and R. Anderson, "The Resurrecting Duckling: Security Issues for Ad-Hoc Wireless Networks," Proc. Seventh Int'l Workshop Security Protocols, 1999.
[9] F. Stajano, Security for Ubiquitous Computing. John Wiley & Sons, 2002.
[10] D. Balfanz, D. Smetters, P. Stewart, and H. Wong, "Talking to Strangers: Authentication in Ad-Hoc Wireless Networks," Proc. Ninth Ann. Network and Distributed System Security Symp. (NDSS), 2002.
[11] N. Asokan and P. Ginzboorg, "Key Agreement in Ad-Hoc Networks," Computer Comm., vol. 23, no. 17, pp. 1627-1637, Nov. 2000.
[12] A. Perrig and D. Song, "Hash Visualization: A New Technique to Improve Real-World Security," Proc. Int'l Workshop Cryptographic Techniques and E-Commerce (CrypTEC '99), pp. 131-138, citeseer. ist.psu.eduperrig99hash.html, 1999.
[13] D. Maher, Secure Communication Method and Apparatus, US patent no. 5,450,493, 1993.
[14] J.-O. Larsson and M. Jakobsson, "Shake," Private Communication with M. Jakobsson.
[15] M. Čagalj, S. Čapkun, and J.-P. Hubaux, "Key Agreement in Peer-to-Peer Wireless Network," Proc. IEEE, Special Issue on Security and Cryptography, vol. 94, no. 2, pp. 467-478, Feb. 2006.
[16] S. Laur, N. Asokan, and K. Nyberg, "Efficient Mutual Data Authentication Using Manually Authenticated Strings: Preliminary Version," Report 2005/424, Cryptology ePrint Archive, 2005.
[17] C. Castelluccia and P. Mutaf, "Shake Them Up!: A Movement-Based Pairing Protocol for CPU-Constrained Devices," Proc. ACM MobiSys, pp. 51-64, 2005.
[18] M. Cagalj, J.-P. Hubaux, S. Čapkun, R. Rengaswamy, I. Tsigkogiannis, and M. Srivastava, "Integrity (I) Codes: Message Integrity Protection and Authentication over Insecure Channels," Proc. IEEE Symp. Security and Privacy (SP '06), pp. 280-294, 2006.
[19] J.M. McCune, A. Perrig, and M.K. Reiter, "Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication," Proc. IEEE Symp. Security and Privacy (SP '05), pp. 110-124, 2005.
[20] M. Goodrich, M. Sirivianos, J. Solis, G. Tsudik, and E. Uzun, "Loud and Clear: Human-Verifiable Authentication Based on Audio," Proc. 26th IEEE Int'l Conf. Distributed Computing Systems, 2005.
[21] S. Basagni, K. Herrin, D. Bruschi, and E. Rosti, "Secure Pebblenet," Proc. ACM MobiHoc, Oct. 2001.
[22] R. Bobba, L. Eschenauer, V. Gligor, and W. Arbaugh, "Bootstrapping Security Associations for Routing in Mobile Ad-Hoc Networks," http://citeseer.nj.nec.combobba02bootstrapping. html , May 2002.
[23] J.-P. Hubaux, L. Buttyán, and S. Čapkun, "The Quest for Security in Mobile Ad Hoc Networks," Proc. ACM MobiHoc, 2001.
[24] J. Kong, P. Zerfos, H. Luo, S. Lu, and L. Zhang, "Providing Robust and Ubiquitous Security Support for Mobile Ad-Hoc Networks," Proc. Int'l Conf. Network Protocols (ICNP), pp. 251-260, 2001.
[25] L. Zhou and Z.J. Haas, "Securing Ad Hoc Networks," IEEE Network, vol. 13, no. 6, pp. 24-30, Nov./Dec. 1999.
[26] G. Montenegro and C. Castelluccia, "Statistically Unique and Cryptographically Verifiable (SUCV) Identifiers and Addresses," Proc. Ninth Ann. Symp. Network and Distributed System Security (NDSS '02), Feb. 2002.
[27] G. O'Shea and M. Roe, "Child-Proof Authentication for MIPv6 (CAM)," ACM SIGCOMM Computer Comm. Rev., vol. 31, pp. 4-8, Apr. 2001.
[28] W. Mao, Modern Cryptography, Theory & Practice. Prentice Hall, 2004.
[29] N.B. Priyantha, A. Chakraborty, and H. Balakrishnan, "The Cricket Location-Support System," Proc. ACM MobiCom, Aug. 2000.
[30] S. Brands and D. Chaum, "Distance-Bounding Protocols," Proc. Workshop Theory and Application of Cryptographic Techniques on Advances in Cryptology (EUROCRYPT '93), pp. 344-359, 1994.
[31] N. Sastry, U. Shankar, and D. Wagner, "Secure Verification of Location Claims," Proc. Second ACM Workshop Wireless Security (WiSe '03), pp. 1-10, 2003.
[32] M. Bellare and P. Rogaway, "Entity Authentication and Key Distribution," Proc. 13th Ann. Int'l Cryptology Conf., pp. 232-249, 1993.
[33] D. Plummer, "Mica Sensor Platform," http:/www.xbow.com, 2010.
[34] C. Karlof, N. Sastry, and D. Wagner, "Tinysec: A Link Layer Security Architecture for Wireless Sensor Networks," Proc. Second ACM Conf. Embedded Networked Sensor Systems (SenSys '04), pp. 162-175, Nov. 2004.
[35] M. Bellare, R. Canetti, and H. Krawczyk, "A Modular Approach to the Design and Analysis of Authentication and Key Exchange Protocols," Proc. 30th Ann. Symp. Theory of Computing, 1998.
[36] R. Anderson, H. Chan, and A. Perrig, "Key Infection: Smart Trust for Smart Dust," Proc. 12th IEEE Int'l Conf. Network Protocols (ICNP '04), pp. 206-215, 2004.
[37] N.A. Lynch, Distributed Algorithms. Morgan Kaufmann Publishers, 1996.
[38] R.L. Rivest, "The MD5 Message Digest Algorithm," IETF RFC 1321, Internet Activities Board, Apr. 1992.
[39] S. Capkun, L. Buttyan, and J.P. Hubaux, "SECTOR: Secure Tracking of Node Encounters in Multi-Hop Wireless Networks," Proc. First ACM Workshop Security of Ad Hoc and Sensor Networks (SASN), Oct. 2003.
[40] A. Wood and J. Stankovic, "Denial of Service in Sensor Networks," Computer, vol. 35, no. 10, pp. 54-62, Oct. 2002.
[41] J. Douceur, "The Sybil Attack," Proc. First Int'l Workshop Peer-to-Peer Systems (IPTPS '02), citeseer.nj.nec.comdouceur02sybil. html, 2002.
[42] D. Johnson and D. Maltz, "Dynamic Source Routing in Ad Hoc Wireless Networks," Mobile Computing, T. Imielinski and H. Korth, eds., chap. 5, pp. 153-181, Kluwer Academic Publishers, 1996.
[43] A. Mei and J. Stefa, "SWIM: A Simple Model to Generate Small Mobile Worlds," Proc. IEEE INFOCOM, Apr. 2009.
[44] R.L. Rivest, A. Shamir, and L.M. Adelman, "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems," Technical Report MIT/LCS/TM-82, 1977.
[45] P.R. Zimmermann, The Official PGP User's Guide. MIT Press, 1995.
[46] S. Goldwasser, S. Micali, and C. Rackoff, "Knowledge Complexity of Interactive Proof Systems," Proc. 17th Ann. ACM Symp. Theory of Computing (STOC '85), pp. 291-304, 1985.
[47] J.-H. Hoepman, "Private Handshakes," Proc. Fourth European Conf. Security and Privacy in Ad-Hoc and Sensor Networks (ESAS), pp. 31-42, 2007.
32 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool