1/46 spies: security and privacy in emerging computing and networking systems nitesh saxena...
TRANSCRIPT
11/46/46
SPIES: Security and Privacy In Emerging computing and
networking Systems
Nitesh SaxenaPolytechnic Institute of NYU
[email protected]://spies.poly.edu/~nsaxena
Research areas: computer and network security, applied cryptography
22/46/46
Research Overview
33/46/46
Secure Device Association
44/46/46
Secure Association of Wireless Devices
How to bootstrap secure communication between Alice’s and Bob’s devices when they have no prior context no common trusted CA or TTP
55/46/46
Secure Association of Wireless Devices
Common pairing examples:
Cell-phone headset (bluetooth)
Laptop access point (WiFi)
Cell-phone cell-phone (bluetooth)
66/46/46
Secure Association of Wireless Devices
Solution idea:
use auxiliary or out-of-band (OOB) channel with minimal involvement from Alice and Bob
Audio, Visual, Tactile
77/46/46
Research Challenges
OOB channels are low-bandwidth Devices may be constrained in terms of
interfaces User is constrained - Usability Multiple devices/users
Sensor network initialization Group formation
Ohh! I cannot even pair my socks!
Selected contributions: TIFS’11, TMC’11, CHI’10, CCS’10, Ubicomp’10, SCN’10, PMC’09, Percom’09, SOUPS’08, Oakland’06
88/46/46
RFID Security and Privacy
99/46/46
The Privacy Problem
Good tags, Bad readers
500 Eurosin wallet
Serial numbers:597387,389473
…
Wigmodel #4456
(cheap polyester)
30 items of lingerie
Das Kapital and Communist-
party handbook
Viagramedical drug #459382
1010/46/46
The Authentication Problem
Good readers, Bad tags
500 Eurosin wallet
Serial numbers:597387,389473
…
Wigmodel #4456
(cheap polyester)
30 items of lingerie
Das Kapital and Communist-
party handbook
Viagramedical drug #459382
Counterfeit!!
1111/46/46
Relay (Ghost-and-Leech) Attacks
query
query
quer
y
resp
onse
response
response
1212/46/46
Research Challenges
Very limited resources a $0.03 tag can’t do much computationally
only and-or-xor operations might be feasible has only ~2,000 gates for security
operations few bits to few bytes of memory
No user interfaces Atypical usage model
Selected contributions: Percom’11, JCS’10, CCS’10, RFIDSec’10, RFIDSec’09, RFIDSec’09
1313/46/46
Other Projects Strong Password Authentication Password-Protected Secret Sharing and
Distributed Function Computation Privacy of Web and Location-based Search Security and Privacy of P2P Systems Inference of Private Attributes in Online Social
Networks Playful Security Security and Privacy of Medical Devices
Selected contributions: Percom’11, AsiaCCS’11, TIFS’10, TIFS’09, TPDS’09, P2P’10, PETS’10, FC’10, ACNS’06, ICNP’05, TCC’05, SASN’05, SASN’04
1414/46/46
On Pairing Constrained Wireless Devices Based on
Secrecy of Auxiliary Channels:The Case of Acoustic Eavesdropping
ACM Conference on Computer and Communications Security (CCS), October 2010
1515/46/46
Recall: The "Pairing" Problem
Solution idea use auxiliary = out-of-band (OOB) channels with minimal involvement from Alice and Bob
Audio; Visual; Tactile
1616/46/46
Examples: Manual Transfer (numbers – Uzun et al. [Usec’07])
Automated Transfer (barcode-camera – McCune et al. [Oakland’05])
SASB
A
Pairing using Authenticated OOB (A-OOB)
B
SASB
SASA
SASA
PKA PKB
Short Authenticated Strings (SAS) Protocols Vaudenay [Crypto’05]; Nyberg-Laur [CANS’06] Pasini-Vaudenay [CT-RSA’08]; Jarecki-Saxena [SCN’10]
1717/46/46
Recall: Constrained Devices
Devices with constrained interfaces and resources
Headsets Access points RFID tags Medical implants (no physical access) …
Many common pairing scenarios involve one constrained device
1818/46/46
A-OOB Pairing: Constrained Devices
SASB
A B
SASB
SASA
SASA
PKA PKB
1919/46/46
A-OOB Pairing: Constrained Devices
Difficult and prone to fatal human errors (Kumar et al. [Percom’09])
b
A B
b = (SASB = = SASA)
SASA
SASA
PKA PKB
Saxena et al. [Oakland’05]
2020/46/46
A
Pairing using Authenticated and Secret OOB (AS-OOB)
B
K
Unidirectional OOBNo fatal human errorsSimple: no crypto
2121/46/46
A
Pairing using Authenticated and Secret OOB (AS-OOB)
B
PAKA
Password/PIN
Unidirectional OOBNo fatal human errors
2222/46/46
Focus of Our Work
We examine three AS-OOB pairing methods based on low-volume audio signals require device vibration and/or button clicks
generate acoustic emanations as by-product
Can an attacker recover the underlying OOB data (key or password) via acoustic eavesdropping?
2323/46/46
Related Work
Keyboard acoustic emanations used to detect key presses (Asonov-Agrawal [Oakland’04]) Follow-up work by Zhuang et al. [CCS’05]
and Berger et al. [CCS’06] Inference of CPU activities through
acoustic emanations (Shamir-Tromer)
2424/46/46
Our Contributions First paper to explore AS-OOB pairing security
based on acoustic emanations In general, observation attacks on pairing
Consider realistic settings: eavesdropping from 2-3 ft distance Allows an eavesdropper to place a microphone next to
the device(s) Farther eavesdropping using parabolic microphone
explored Off-the-shelf, inexpensive equipments and tools
2525/46/46
Pairing Methods Examined (1/3)
IMD Pairing: Pairing an Implantable Medical Device (IMD) and an authorized reader (Halperin et al. [Oakland’08]).
RFID tag with piezo attached to IMD beeps and transmits key to reader
Reader microphone on the body surface records the key
2626/46/46
Pairing Methods Examined (2/3)
PIN-Vibra: Used for pairing a personal RFID tag with a mobile phone (Saxena et al. [SOUPS’08 Poster])
Phones vibrates encoding a PIN and touched to the tag Tag senses the vibrations using on-board accelerometer
PIN Accelerometer
2727/46/46
Pairing Methods Examined (3/3)
BEDA (Button Enabled Device Association): Soriente et al. [IWSSI’07, IJIS’09] First device encodes a short password into
blinking of an LED or vibration Second device has a button
Blink-Button
Vibrate-Button
2828/46/46
Eavesdropping Overview
Eavesdropping implemented using off-the-shelf equipment
PC microphone Parabolic microphone for larger distance recording Windows sound recorder and Matlab software
Utilized signal processing methods and neural networks to decode the OOB data
2929/46/46
Research Challenges IMD binary bit signal characteristics unknown
Small differences in spectrum of “mark” and “space” bits
Short bits sometimes overlap each other Vibration and button clicks
Signal stretches over a wide range of frequencies Signal affected by background noise when
recorded from a distance
3030/46/46
Eavesdropping IMD Pairing
3131/46/46
IMD Pairing System described in IMD paper recreated
Included a piezo connected to an Intel’s WISP tag Inserted within a combination of meats
Emulated human chest
Random 128-bit key encoded into the piezo Plus 8 bit pre-amble start sequence Using 2-FSK modulation
Acoustic signal recorded and processed from different distances
3232/46/46
IMD Setup
Piezo attached to the WISP
Meat combination used to simulate human body
Implanted IMD*
*from Halperin et al.
3333/46/46
Our Attack
Characteristic frequency components detected for each of the 2-FSK signals encoded
Utilized for detecting accurate signal beginning Small differences in frequencies used to distinguish
between bits and detect beginning sequence FFT and MFCC features created for each
consecutive bit in the signal Multiple Neural networks explored to classify
each bit Both supervised and unsupervised networks
3434/46/46
Results – from 3 ft away
3535/46/46
Results About 99% detection accuracy from up to
3 ft away MFCC features provided better results then
FFT features Both supervised and unsupervised neural
networks provide similar results Tests using parabolic microphone showed
about 80% accuracy utilizing only signal processing techniques 12 ft away recording
3636/46/46
Eavesdropping PIN-Vibra
3737/46/46
Method Description
PIN encoded into vibrations (on-off encoding) 14 bits random key hardcoded into cell phone Three additional bits (“110”) beginning
sequence used to indicate key beginning (to a valid decoder)
'1' bit marked by vibration, '0' bit marked by “sleep” period
3838/46/46
Our Attack
Similar to IMD eavesdropping: Spectrum analysis used to detect key
beginning sequence Neural Network classifiers used to decode
key Attack resulted in 100% successful
detection of key
3939/46/46
Results
4040/46/46
Eavesdropping BEDA
4141/46/46
Method Description
Password encoded on one device As function of distances (time interval) between events Each event generates blink or vibration
User presses button on other device when first device blinks or vibrates
Implemented with 21-bit random password Provides 8 total signals
4242/46/46
Our Attack For Blink-Button, we analyze button-pressing signals; for
Vibrate-Button, we analyze vibration (button-pressing is subsumed within)
Only used signal processing methods Detected each button press or vibration event
Since in this case, the binary bits are not continuous, no classification is needed It is sufficient to detect each signal beginning
Attack resulted in an accuracy of 98%
4343/46/46
Implications of Our Attacks IMD Pairing: directly learn the shared secret PIN-Vibra: directly learn the shared secret
no protection in the event of loss/theft of RFID still resistant to (remote) unauthorized reading
BEDA Need to launch a man-in-the-middle attack as
soon as the password is learned The three methods provide weaker security
than what was assumed or is desired
4444/46/46
Conclusions and Future Work The three AS-OOB pairing methods vulnerable
to acoustic eavesdropping attacks Neural networks useful in correctly decoding
bits from spectrum features Successful eavesdropping possible even from
farther using a parabolic microphone Broadly, secure and usable pairing of
constrained devices resistant to observation attacks is a research challenge
Open problem
4545/46/46
Other Projects
Strong Password Authentication Password-Protected Secret Sharing Privacy of Web and Location-based Search Security and Privacy of P2P Systems Inference of Private Attributes in Online Social
Networks Playful Security Security and Privacy of Medical Devices
Selected contributions: Percom’11, AsiaCCS’11, TIFS’10, TIFS’09, TPDS’09, P2P’10, PETS’10, FC’10, ACNS’06, ICNP’05, TCC’05, SASN’05, SASN’04
4646/46/46
Acknowledgments Sponsors: NSF, NYU, NYU-Poly, Google,
Nokia, Intel, Research in Motion Students – the SPIES: Jon Voris, Tzipora
Halevi, Sai Teja Peddinti, Justin Lin, Borhan Uddin, Ambarish Karole, Arun Kumar, Ramnath Prasad, Alexander Gallego
Collaborators
Thanks!