proximity-based authentication of mobile devices eyal de lara department of computer science...

Proximity-Based Authentication of Mobile

Devices Eyal de Lara

Department of Computer Science

University of Toronto

Alex Varshavsky, Adin Scannel, Anthony LaMarca

Secure Spontaneous Interaction

• Phone + hotel room TV and keyboard

• Exchange of private info

• Phone and hands free

• Paying for groceries, tickets, cola

Naïve Solution

• Diffie-Hellman

a

Alice

b

Bob

Naïve Solution

• Diffie-Hellman

a

Alice

b

Bob

g, ga

Naïve Solution

• Diffie-Hellman

a

Alice

b

Kgab

Bob

g, ga

Naïve Solution

• Diffie-Hellman

a

Alice

b

K=gab

Bob

g, ga

gb

Naïve Solution

• Diffie-Hellman

a

K=gba

Alice

b

K=gab

Bob

g, ga

gb

•Who is my device really communicating with?

The Problem

•Who is my device really communicating with?•Spoofing

The Problem

a

Alice

b

Bob

•Who is my device really communicating with?•Spoofing

The Problem

a

Alice

b

Bob

x

X

•Who is my device really communicating with?•Spoofing

The Problem

a

Alice

x

X

•Who is my device really communicating with?•Spoofing

The Problem

a

Alice

x

Bob

•Who is my device really communicating with?•Spoofing

The Problem

a

K=gxa

Alice

x

K=gax

Bob

g, ga

gx

•Who is my device really communicating with?•Spoofing•Man in the middle

The Problem

a

Alice

b

Bob

x

X

•Who is my device really communicating with?•Spoofing•Man in the middle

The Problem

a

K1=gxa

Alice

b

K2=gxb

Bob

g, ga

gx

xK1=gax

K2=gbx

X

g, gx

gb

•Who is my device really communicating with?•Spoofing•Man in the middle

•Solution: Ensure communication with device that is closeAssumption: attacker is not between legitimate devices

The Problem

a

K1=gxa

Alice

b

K2=gxb

Bob

g, ga

gx

xK1=gax

K2=gbx

X

g, gx

gb

Existing Solutions

• Use a cable

• Use short range communication Bluetooth Infrared Laser Ultrasound Near field communication (NFC)

• Ask user to verify pairing Displaying keys Playing music, images

Existing Solutions

• Use a cable

• Use short range communication Bluetooth Infrared Laser Ultrasound Near field communication (NFC)

• Ask user to verify pairing Displaying keys Playing music, images

BlueSniper Rifle by Flexis

Key Idea

• Secure pairing requires a shared secret

• Devices in close proximity perceive a similar radio environment

• Derive shared secret from common radio environment Listen to traffic of ambient radio sources

Use knowledge of common radio environment as proof of

proximity

Advantages

• No extra hardware Leverage radio already available on device

• No user involvement to verify pairing

• Not subject to eavesdropping Secret derived by listening to ambient sources

Requirements on Radio Environment

1. Temporal variability• Signal fluctuates randomly at a single

location over time

-110

-105

-100

-95

-90

-85

-80

-75

time (s)

sign

al s

tren

gth

(dBm

)

Channel 1 Channel 2 Channel 3

Requirements on Radio Environment

2. Spatial variability• Values at different locations have low

correlation

Requirements on Radio Environment

3. Devices in proximity should perceive similar environment

5 cm 10 m

85% common pkts 40% common pkts

Potential Authentication Methods

• Proximity-based authentication token Diffie-Hellman Authenticate using the token

• Proximity-based encryption keys Directly from the common environment Less CPU intensive?

Amigo: Diffie-Hellman + Proximity Token

• Devises monitor radio environment following Diffie-Hellman key exchange

• Send to each other a signature

• Each device verifies that signature similar to own observation Signature does not have to remain secret after

exchange is over

Signature Verification

• Signature: sequence of hash of packet + RSSI• Segment size 1 second

Classifier

• 2 stage boosted binary stump classifier• Stage 1: Filters noisy data

Marks as invalid instances with % of common pkts bellow threshold (75% works well)

• Stage 2: Assigns a score to valid instances Function of differences in signal strength Converts scores into votes based on threshold Tally votes for all instances

Commitment Protocol• Reveal man-in-middle attack while exchanging signatures

• Forces attacker to forge data

• Break signature S into n blocks

• Generate nonce

• Each period exchange

• Knonce ( Hash (Ksession_key),Hash(id),si)

• Send nonce

a

K1=gxa

Alice

b

K2=gxb

Bob

KnA(H(K1)H(A)Si) xK1=gax

K2=gbx

X

KnB(H(K2)H(B)Si)

Scenario 1 : Simple Attacker

• 6 laptops Friendly 5cm away Attackers 1,3,5,10 meters

• WiFi – Orinoco Gold• All at same height • Line of sight

1m3m

10m5m

Best case for attacker

Traces

• 2 traces: training and testing 2 months apart 2 different location in the lab

• 10 minute trace

• 30 – 50 thousand pkts per laptop

• 11 access points

• 45 – 58 WiFi radio sources

Simple Attacker

• Can pair within 5 seconds

• Can detect attacker 3 meters away or more

• 1 meter is a problem

Local Entropy: Obstacles

False Positives

• Line-of-sight (1m) 81%

• Drywall (10cm) 100%

• Human (1m) 12%

• Concrete wall (30cm) 0%

• Human blocking attacker’s line of sight goes a long way to improve performance

Local Entropy: Movement

Hand waving helps!

• 5 laptops Friendly 1 m away Attackers 3,5,10 meters

• All at same height

• Line of sight

Stretching Co-Location

1m3m

10m5m

Stretching Co-Location

Scenario 2 : Attacker with Site Knowledge

• Before pairing Attacker samples exact pairing spot Creates RSSI distribution for every wireless

source it hears

• While pairing Pkts from know source assign RSSI from

distribution Pkts from unknown source

• Option 1 Discard

• Option 2 Leave unchanged (best)

Scenario 2 : Attacker with Site Knowledge

With hand waving false rate positives reaches 0 within 5 seconds

Scenario 3: “Omnipotent” Attacker

• Controls all radio sources Knows which pkts were received by victim

• Oracle: RSSI from current distribution

Conclusions

• Possible to use knowledge of radio environment to prove physical proximity

• Advantages No extra hardware No user involvement to verify pairing Not subject to eavesdropping

• Two potential methods Location-based authentication token Location-based encryption keys

Future Work

• System robustness Different cards and antennas Different environments

• Improve accuracy Software radios Multiple radios

• Proximity-based encryption keys

Questions?

Eyal de Laradelara@cs.toronto.edu

www.cs.toronto.edu/~delara

Varshavsky, Scannell, LaMarca, de Lara“Amigo: Proximity-based Authentication of Mobile Devices”

9th Int. Conference on Ubiquitous Computing (UbiComp) Innsbruck, Austria, Sep. 2007