Usable Bootstrapping of Secure Ad Hoc Communication

Ersin Uzun

PARC

1

Outline

What is “first connect” (aka “device pairing” or “bootstrapping secure communication”)? Why is it hard to secure? Why usability is important?

Methods & standards, and the current state.

2

Secure pairing of personal devices Pairing: bootstrapping the

association and the security contexts for subsequent communication.

E.g., Pairing a bluetooth phone and a

headset

Enrolling a phone or PC into a home WLAN

3

4

What devices? Desktops

Laptops

PDAs

Phones

MP3 Players

Wireless Headsets

Cameras

Device (e.g., TV) Remotes

Access Points

FAX-s/Copiers/Printers

Sensors? RFIDs?

Pacemakers? Dialysis devices?

Setting up a security association (authenticated secure communication) where:

no prior context exists (no PKI, common TTPs, key servers, shared secrets, etc.)

Ordinary non-expert users

Cost-sensitive commodity devices

Problem

Ohh! I cannot even pair my socks!

5

Wireless channel: susceptible to eavesdropping

Let’s use K as the secret keyAlice Bob

OK

6

Encrypted Communication using K

Uups!

Let’s use K as the secret keyAlice Bob

OK

Eve can decrypt the communication!Eve can impersonate either party!

7

Communication Communication

Also open to active attacks…

PKE1

Eve

PKAAlice Bob

PKE2 PKB

Man in the middle attackover Diffie-Hellman key agreement

8

Mechanisms should be intuitive

...and work on various devices!

SSID? WPA? Passcode!

Which E61?

9

… and secure

10

Security and usability coexistence Better usability = insecure?

More security = harder to use?

11

Goal: Secure, intuitive, inexpensive methods for secure communication bootstrapping One well-studied approach: using two communication

channels Assumption: Peer devices are physically identifiable Two channels:

1. Wireless channel

2. OOB channel: Human perceivable or location-limited

Other approaches Based on physical properties of wireless signals

Distance-bounding Environmental sensing

12

Some examples (not a complete list!) Various OOB channels

Cables Resurrecting Duckling, [Stanajo, et al. IWSP’99]

Camera, barcodes/LEDs Seeing-is-believing, [McCune, et al. S&P’05] SIB revisited, [Saxena, et al. S&P’06] GAnGS, [Chen, et al. Mobicom’08] SPATE, [Lin, et al. Mobisys’09]

Speakers and microphones Loud And Clear, [Goodrich, et al. ICDCS’06) HAPADEP, [Soriente, et al. ISC’08)

Other hardware Accelerometers “Shake well before use”, [Mayrhofer, et al. Pervasive’07] Ultrasound, laser transceivers and many others....

Standardization activities Wi-fi protected setup Bluetooth secure pairing Wireless USB association models

Location limited channels IrDA: Talking to Strangers, [Balfanz, et al. NDSS’02] NFC: Bluetooth specs draft

Distance-bounding (e.g., Capkun et al. TMC’10), Env. sensing (Krumm et al. Ubicomp’07)

13

Where are we now? Proposals are not adapted by manufacturers I still cannot securely pair a Bluetooth handset and a

phone in the presence of an active attacker My mother still cannot secure her WLAN at home

without my help

Emerging scenarios are even more challenging Group pairing Home sensor networks Pairing with personal RFID tags

14

Thanks!

15