SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems
description
Transcript of SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems
![Page 1: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/1.jpg)
11/46/46
SPIES: Security and Privacy In Emerging computing and
networking Systems
Nitesh SaxenaPolytechnic Institute of NYU
[email protected]://spies.poly.edu/~nsaxena
Research areas: computer and network security, applied cryptography
![Page 2: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/2.jpg)
22/46/46
Research Overview
![Page 3: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/3.jpg)
33/46/46
Secure Device Association
![Page 4: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/4.jpg)
44/46/46
Secure Association of Wireless Devices
How to bootstrap secure communication between Alice’s and Bob’s devices when they have no prior context no common trusted CA or TTP
![Page 5: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/5.jpg)
55/46/46
Secure Association of Wireless Devices
Common pairing examples:
Cell-phone headset (bluetooth) Laptop access point (WiFi) Cell-phone cell-phone (bluetooth)
![Page 6: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/6.jpg)
66/46/46
Secure Association of Wireless Devices
Solution idea: use auxiliary or out-of-band (OOB) channel with minimal involvement from Alice and Bob
Audio, Visual, Tactile
![Page 7: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/7.jpg)
77/46/46
Research Challenges OOB channels are low-bandwidth Devices may be constrained in terms of
interfaces User is constrained - Usability Multiple devices/users
Sensor network initialization Group formation
Ohh! I cannot even pair my socks!
Selected contributions: TIFS’11, TMC’11, CHI’10, CCS’10, Ubicomp’10, SCN’10, PMC’09, Percom’09, SOUPS’08, Oakland’06
![Page 8: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/8.jpg)
88/46/46
RFID Security and Privacy
![Page 9: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/9.jpg)
99/46/46
The Privacy Problem Good tags, Bad readers
500 Eurosin wallet
Serial numbers:597387,389473
…
Wigmodel #4456
(cheap polyester)
30 items of lingerie
Das Kapital and Communist-
party handbook
Viagramedical drug #459382
![Page 10: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/10.jpg)
1010/46/46
The Authentication Problem Good readers, Bad tags
500 Eurosin wallet
Serial numbers:597387,389473
…
Wigmodel #4456
(cheap polyester)
30 items of lingerie
Das Kapital and Communist-
party handbook
Viagramedical drug #459382
Counterfeit!!
![Page 11: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/11.jpg)
1111/46/46
Relay (Ghost-and-Leech) Attacks
query
query
quer
y
resp
onse
response
response
![Page 12: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/12.jpg)
1212/46/46
Research Challenges Very limited resources
a $0.03 tag can’t do much computationally only and-or-xor operations might be feasible
has only ~2,000 gates for security operations
few bits to few bytes of memory No user interfaces Atypical usage model
Selected contributions: Percom’11, JCS’10, CCS’10, RFIDSec’10, RFIDSec’09, RFIDSec’09
![Page 13: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/13.jpg)
1313/46/46
Other Projects Strong Password Authentication Password-Protected Secret Sharing and
Distributed Function Computation Privacy of Web and Location-based Search Security and Privacy of P2P Systems Inference of Private Attributes in Online Social
Networks Playful Security Security and Privacy of Medical Devices
Selected contributions: Percom’11, AsiaCCS’11, TIFS’10, TIFS’09, TPDS’09, P2P’10, PETS’10, FC’10, ACNS’06, ICNP’05, TCC’05, SASN’05, SASN’04
![Page 14: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/14.jpg)
1414/46/46
On Pairing Constrained Wireless Devices Based on
Secrecy of Auxiliary Channels:The Case of Acoustic Eavesdropping
ACM Conference on Computer and Communications Security (CCS), October 2010
![Page 15: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/15.jpg)
1515/46/46
Recall: The "Pairing" Problem
Solution idea use auxiliary = out-of-band (OOB) channels with minimal involvement from Alice and Bob
Audio; Visual; Tactile
![Page 16: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/16.jpg)
1616/46/46
Examples: Manual Transfer (numbers – Uzun et al. [Usec’07]) Automated Transfer (barcode-camera – McCune et al.
[Oakland’05])
SASB
A
Pairing using Authenticated OOB (A-OOB)
B
SASB
SASA
SASA
PKA PKB
Short Authenticated Strings (SAS) Protocols Vaudenay [Crypto’05]; Nyberg-Laur [CANS’06] Pasini-Vaudenay [CT-RSA’08]; Jarecki-Saxena [SCN’10]
![Page 17: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/17.jpg)
1717/46/46
Recall: Constrained Devices
Devices with constrained interfaces and resources
Headsets Access points RFID tags Medical implants (no physical access) …
Many common pairing scenarios involve one constrained device
![Page 18: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/18.jpg)
1818/46/46
A-OOB Pairing: Constrained Devices
SASB
A B
SASB
SASA
SASA
PKA PKB
![Page 19: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/19.jpg)
1919/46/46
A-OOB Pairing: Constrained Devices
Difficult and prone to fatal human errors (Kumar et al. [Percom’09])
b
A B
b = (SASB = = SASA)
SASA
SASA
PKA PKB
Saxena et al. [Oakland’05]
![Page 20: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/20.jpg)
2020/46/46
A
Pairing using Authenticated and Secret OOB (AS-OOB)
B
K
Unidirectional OOBNo fatal human errorsSimple: no crypto
![Page 21: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/21.jpg)
2121/46/46
A
Pairing using Authenticated and Secret OOB (AS-OOB)
B
PAKA
Password/PIN
Unidirectional OOBNo fatal human errors
![Page 22: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/22.jpg)
2222/46/46
Focus of Our Work We examine three AS-OOB pairing
methods based on low-volume audio signals require device vibration and/or button clicks
generate acoustic emanations as by-product
Can an attacker recover the underlying OOB data (key or password) via acoustic eavesdropping?
![Page 23: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/23.jpg)
2323/46/46
Related Work Keyboard acoustic emanations used to
detect key presses (Asonov-Agrawal [Oakland’04]) Follow-up work by Zhuang et al. [CCS’05]
and Berger et al. [CCS’06] Inference of CPU activities through
acoustic emanations (Shamir-Tromer)
![Page 24: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/24.jpg)
2424/46/46
Our Contributions First paper to explore AS-OOB pairing security
based on acoustic emanations In general, observation attacks on pairing
Consider realistic settings: eavesdropping from 2-3 ft distance Allows an eavesdropper to place a microphone next to the
device(s) Farther eavesdropping using parabolic microphone
explored Off-the-shelf, inexpensive equipments and tools
![Page 25: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/25.jpg)
2525/46/46
Pairing Methods Examined (1/3) IMD Pairing: Pairing an Implantable Medical Device
(IMD) and an authorized reader (Halperin et al. [Oakland’08]).
RFID tag with piezo attached to IMD beeps and transmits key to reader
Reader microphone on the body surface records the key
![Page 26: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/26.jpg)
2626/46/46
Pairing Methods Examined (2/3) PIN-Vibra: Used for pairing a personal RFID tag with a
mobile phone (Saxena et al. [SOUPS’08 Poster]) Phones vibrates encoding a PIN and touched to the tag Tag senses the vibrations using on-board accelerometer
PIN Accelerometer
![Page 27: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/27.jpg)
2727/46/46
Pairing Methods Examined (3/3)
BEDA (Button Enabled Device Association): Soriente et al. [IWSSI’07, IJIS’09] First device encodes a short password into
blinking of an LED or vibration Second device has a button
Blink-Button
Vibrate-Button
![Page 28: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/28.jpg)
2828/46/46
Eavesdropping Overview Eavesdropping implemented using off-the-
shelf equipment PC microphone Parabolic microphone for larger distance recording Windows sound recorder and Matlab software
Utilized signal processing methods and neural networks to decode the OOB data
![Page 29: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/29.jpg)
2929/46/46
Research Challenges IMD binary bit signal characteristics unknown
Small differences in spectrum of “mark” and “space” bits
Short bits sometimes overlap each other Vibration and button clicks
Signal stretches over a wide range of frequencies Signal affected by background noise when
recorded from a distance
![Page 30: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/30.jpg)
3030/46/46
Eavesdropping IMD Pairing
![Page 31: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/31.jpg)
3131/46/46
IMD Pairing System described in IMD paper recreated
Included a piezo connected to an Intel’s WISP tag Inserted within a combination of meats
Emulated human chest Random 128-bit key encoded into the piezo
Plus 8 bit pre-amble start sequence Using 2-FSK modulation
Acoustic signal recorded and processed from different distances
![Page 32: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/32.jpg)
3232/46/46
IMD Setup
Piezo attached to the WISP
Meat combination used to simulate human body
Implanted IMD*
*from Halperin et al.
![Page 33: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/33.jpg)
3333/46/46
Our Attack Characteristic frequency components detected
for each of the 2-FSK signals encoded Utilized for detecting accurate signal beginning Small differences in frequencies used to distinguish
between bits and detect beginning sequence FFT and MFCC features created for each
consecutive bit in the signal Multiple Neural networks explored to classify
each bit Both supervised and unsupervised networks
![Page 34: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/34.jpg)
3434/46/46
Results – from 3 ft away
![Page 35: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/35.jpg)
3535/46/46
Results About 99% detection accuracy from up to
3 ft away MFCC features provided better results then
FFT features Both supervised and unsupervised neural
networks provide similar results Tests using parabolic microphone showed
about 80% accuracy utilizing only signal processing techniques 12 ft away recording
![Page 36: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/36.jpg)
3636/46/46
Eavesdropping PIN-Vibra
![Page 37: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/37.jpg)
3737/46/46
Method Description PIN encoded into vibrations (on-off encoding) 14 bits random key hardcoded into cell phone Three additional bits (“110”) beginning
sequence used to indicate key beginning (to a valid decoder)
'1' bit marked by vibration, '0' bit marked by “sleep” period
![Page 38: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/38.jpg)
3838/46/46
Our Attack Similar to IMD eavesdropping:
Spectrum analysis used to detect key beginning sequence
Neural Network classifiers used to decode key
Attack resulted in 100% successful detection of key
![Page 39: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/39.jpg)
3939/46/46
Results
![Page 40: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/40.jpg)
4040/46/46
Eavesdropping BEDA
![Page 41: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/41.jpg)
4141/46/46
Method Description
Password encoded on one device As function of distances (time interval) between events Each event generates blink or vibration
User presses button on other device when first device blinks or vibrates
Implemented with 21-bit random password Provides 8 total signals
![Page 42: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/42.jpg)
4242/46/46
Our Attack For Blink-Button, we analyze button-pressing signals; for
Vibrate-Button, we analyze vibration (button-pressing is subsumed within)
Only used signal processing methods Detected each button press or vibration event
Since in this case, the binary bits are not continuous, no classification is needed It is sufficient to detect each signal beginning
Attack resulted in an accuracy of 98%
![Page 43: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/43.jpg)
4343/46/46
Implications of Our Attacks IMD Pairing: directly learn the shared secret PIN-Vibra: directly learn the shared secret
no protection in the event of loss/theft of RFID still resistant to (remote) unauthorized reading
BEDA Need to launch a man-in-the-middle attack as
soon as the password is learned The three methods provide weaker security
than what was assumed or is desired
![Page 44: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/44.jpg)
4444/46/46
Conclusions and Future Work The three AS-OOB pairing methods vulnerable
to acoustic eavesdropping attacks Neural networks useful in correctly decoding
bits from spectrum features Successful eavesdropping possible even from
farther using a parabolic microphone Broadly, secure and usable pairing of
constrained devices resistant to observation attacks is a research challenge
Open problem
![Page 45: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/45.jpg)
4545/46/46
Other Projects Strong Password Authentication Password-Protected Secret Sharing Privacy of Web and Location-based Search Security and Privacy of P2P Systems Inference of Private Attributes in Online Social
Networks Playful Security Security and Privacy of Medical Devices
Selected contributions: Percom’11, AsiaCCS’11, TIFS’10, TIFS’09, TPDS’09, P2P’10, PETS’10, FC’10, ACNS’06, ICNP’05, TCC’05, SASN’05, SASN’04
![Page 46: SPIES: S ecurity and P rivacy I n E merging computing and networking S ystems](https://reader035.fdocuments.in/reader035/viewer/2022062814/5681678b550346895ddca753/html5/thumbnails/46.jpg)
4646/46/46
Acknowledgments Sponsors: NSF, NYU, NYU-Poly, Google,
Nokia, Intel, Research in Motion Students – the SPIES: Jon Voris, Tzipora
Halevi, Sai Teja Peddinti, Justin Lin, Borhan Uddin, Ambarish Karole, Arun Kumar, Ramnath Prasad, Alexander Gallego
Collaborators
Thanks!