![Page 1: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/1.jpg)
Proximity-Based Authentication of Mobile
Devices Eyal de Lara
Department of Computer Science
University of Toronto
Alex Varshavsky, Adin Scannel, Anthony LaMarca
![Page 2: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/2.jpg)
Secure Spontaneous Interaction
• Phone + hotel room TV and keyboard
• Exchange of private info
• Phone and hands free
• Paying for groceries, tickets, cola
![Page 3: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/3.jpg)
Naïve Solution
• Diffie-Hellman
a
Alice
b
Bob
![Page 4: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/4.jpg)
Naïve Solution
• Diffie-Hellman
a
Alice
b
Bob
g, ga
![Page 5: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/5.jpg)
Naïve Solution
• Diffie-Hellman
a
Alice
b
Kgab
Bob
g, ga
![Page 6: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/6.jpg)
Naïve Solution
• Diffie-Hellman
a
Alice
b
K=gab
Bob
g, ga
gb
![Page 7: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/7.jpg)
Naïve Solution
• Diffie-Hellman
a
K=gba
Alice
b
K=gab
Bob
g, ga
gb
![Page 8: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/8.jpg)
•Who is my device really communicating with?
The Problem
![Page 9: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/9.jpg)
•Who is my device really communicating with?•Spoofing
The Problem
a
Alice
b
Bob
![Page 10: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/10.jpg)
•Who is my device really communicating with?•Spoofing
The Problem
a
Alice
b
Bob
x
X
![Page 11: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/11.jpg)
•Who is my device really communicating with?•Spoofing
The Problem
a
Alice
x
X
![Page 12: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/12.jpg)
•Who is my device really communicating with?•Spoofing
The Problem
a
Alice
x
Bob
![Page 13: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/13.jpg)
•Who is my device really communicating with?•Spoofing
The Problem
a
K=gxa
Alice
x
K=gax
Bob
g, ga
gx
![Page 14: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/14.jpg)
•Who is my device really communicating with?•Spoofing•Man in the middle
The Problem
a
Alice
b
Bob
x
X
![Page 15: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/15.jpg)
•Who is my device really communicating with?•Spoofing•Man in the middle
The Problem
a
K1=gxa
Alice
b
K2=gxb
Bob
g, ga
gx
xK1=gax
K2=gbx
X
g, gx
gb
![Page 16: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/16.jpg)
•Who is my device really communicating with?•Spoofing•Man in the middle
•Solution: Ensure communication with device that is closeAssumption: attacker is not between legitimate devices
The Problem
a
K1=gxa
Alice
b
K2=gxb
Bob
g, ga
gx
xK1=gax
K2=gbx
X
g, gx
gb
![Page 17: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/17.jpg)
Existing Solutions
• Use a cable
• Use short range communication Bluetooth Infrared Laser Ultrasound Near field communication (NFC)
• Ask user to verify pairing Displaying keys Playing music, images
![Page 18: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/18.jpg)
Existing Solutions
• Use a cable
• Use short range communication Bluetooth Infrared Laser Ultrasound Near field communication (NFC)
• Ask user to verify pairing Displaying keys Playing music, images
BlueSniper Rifle by Flexis
![Page 19: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/19.jpg)
Key Idea
• Secure pairing requires a shared secret
• Devices in close proximity perceive a similar radio environment
• Derive shared secret from common radio environment Listen to traffic of ambient radio sources
Use knowledge of common radio environment as proof of
proximity
![Page 20: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/20.jpg)
Advantages
• No extra hardware Leverage radio already available on device
• No user involvement to verify pairing
• Not subject to eavesdropping Secret derived by listening to ambient sources
![Page 21: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/21.jpg)
Requirements on Radio Environment
1. Temporal variability• Signal fluctuates randomly at a single
location over time
-110
-105
-100
-95
-90
-85
-80
-75
time (s)
sign
al s
tren
gth
(dBm
)
Channel 1 Channel 2 Channel 3
![Page 22: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/22.jpg)
Requirements on Radio Environment
2. Spatial variability• Values at different locations have low
correlation
![Page 23: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/23.jpg)
Requirements on Radio Environment
3. Devices in proximity should perceive similar environment
5 cm 10 m
85% common pkts 40% common pkts
![Page 24: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/24.jpg)
Potential Authentication Methods
• Proximity-based authentication token Diffie-Hellman Authenticate using the token
• Proximity-based encryption keys Directly from the common environment Less CPU intensive?
![Page 25: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/25.jpg)
Amigo: Diffie-Hellman + Proximity Token
• Devises monitor radio environment following Diffie-Hellman key exchange
• Send to each other a signature
• Each device verifies that signature similar to own observation Signature does not have to remain secret after
exchange is over
![Page 26: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/26.jpg)
Signature Verification
• Signature: sequence of hash of packet + RSSI• Segment size 1 second
![Page 27: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/27.jpg)
Classifier
• 2 stage boosted binary stump classifier• Stage 1: Filters noisy data
Marks as invalid instances with % of common pkts bellow threshold (75% works well)
• Stage 2: Assigns a score to valid instances Function of differences in signal strength Converts scores into votes based on threshold Tally votes for all instances
![Page 28: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/28.jpg)
Commitment Protocol• Reveal man-in-middle attack while exchanging signatures
• Forces attacker to forge data
• Break signature S into n blocks
• Generate nonce
• Each period exchange
• Knonce ( Hash (Ksession_key),Hash(id),si)
• Send nonce
a
K1=gxa
Alice
b
K2=gxb
Bob
KnA(H(K1)H(A)Si) xK1=gax
K2=gbx
X
KnB(H(K2)H(B)Si)
![Page 29: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/29.jpg)
Scenario 1 : Simple Attacker
• 6 laptops Friendly 5cm away Attackers 1,3,5,10 meters
• WiFi – Orinoco Gold• All at same height • Line of sight
1m3m
10m5m
Best case for attacker
![Page 30: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/30.jpg)
Traces
• 2 traces: training and testing 2 months apart 2 different location in the lab
• 10 minute trace
• 30 – 50 thousand pkts per laptop
• 11 access points
• 45 – 58 WiFi radio sources
![Page 31: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/31.jpg)
Simple Attacker
• Can pair within 5 seconds
• Can detect attacker 3 meters away or more
• 1 meter is a problem
![Page 32: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/32.jpg)
Local Entropy: Obstacles
False Positives
• Line-of-sight (1m) 81%
• Drywall (10cm) 100%
• Human (1m) 12%
• Concrete wall (30cm) 0%
• Human blocking attacker’s line of sight goes a long way to improve performance
![Page 33: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/33.jpg)
Local Entropy: Movement
Hand waving helps!
![Page 34: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/34.jpg)
• 5 laptops Friendly 1 m away Attackers 3,5,10 meters
• All at same height
• Line of sight
Stretching Co-Location
1m3m
10m5m
![Page 35: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/35.jpg)
Stretching Co-Location
![Page 36: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/36.jpg)
Scenario 2 : Attacker with Site Knowledge
• Before pairing Attacker samples exact pairing spot Creates RSSI distribution for every wireless
source it hears
• While pairing Pkts from know source assign RSSI from
distribution Pkts from unknown source
• Option 1 Discard
• Option 2 Leave unchanged (best)
![Page 37: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/37.jpg)
Scenario 2 : Attacker with Site Knowledge
With hand waving false rate positives reaches 0 within 5 seconds
![Page 38: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/38.jpg)
Scenario 3: “Omnipotent” Attacker
• Controls all radio sources Knows which pkts were received by victim
• Oracle: RSSI from current distribution
![Page 39: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/39.jpg)
Conclusions
• Possible to use knowledge of radio environment to prove physical proximity
• Advantages No extra hardware No user involvement to verify pairing Not subject to eavesdropping
• Two potential methods Location-based authentication token Location-based encryption keys
![Page 40: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/40.jpg)
Future Work
• System robustness Different cards and antennas Different environments
• Improve accuracy Software radios Multiple radios
• Proximity-based encryption keys
![Page 41: Proximity-Based Authentication of Mobile Devices Eyal de Lara Department of Computer Science University of Toronto Alex Varshavsky, Adin Scannel, Anthony](https://reader035.vdocuments.net/reader035/viewer/2022062717/56649e625503460f94b5e581/html5/thumbnails/41.jpg)
Questions?
Eyal de [email protected]
www.cs.toronto.edu/~delara
Varshavsky, Scannell, LaMarca, de Lara“Amigo: Proximity-based Authentication of Mobile Devices”
9th Int. Conference on Ubiquitous Computing (UbiComp) Innsbruck, Austria, Sep. 2007