ABSTRACT
This paper presents a new pairing protocol that allows two CPU-constrained wireless devices Alice and Bob to establish a shared secret at a very low cost. To our knowledge, this is the first software pairing scheme that does not rely on expensive public-key cryptography, out-of-band channels (such as a keyboard or a display) or specific hardware, making it inexpensive and suitable for CPU-constrained devices such as sensors.
In the described protocol, Alice can send the secret bit 1 to Bob by broadcasting an (empty) packet with the source field set to Alice. Similarly, Alice can send the secret bit 0 to Bob by broadcasting an (empty) packet with the source field set to Bob. Only Bob can identify the real source of the packet (since it did not send it, the source is Alice), and can recover the secret bit (1 if the source is set to Alice or 0 otherwise). An eavesdropper cannot retrieve the secret bit since it cannot figure out whether the packet was actually sent by Alice or Bob. By randomly generating n such packets Alice and Bob can agree on an n-bit secret key.
Our scheme requires that the devices being paired, Alice and Bob, are shaken during the key exchange protocol. This is to guarantee that an eavesdropper cannot identify the packets sent by Alice from those sent by Bob using data from the RSSI (Received Signal Strength Indicator) registers available in commercial wireless cards. The proposed protocol works with off-the-shelf 802.11 wireless cards and is secure against eavesdropping attacks that use power analysis. It requires, however, some firmware changes to protect against attacks that attempt to identify the source of packets from their transmission frequency.
- Fundamentals of Quartz Oscillators. HP Application Note 200-2.Google Scholar
- http://www.telluriantech.com. Specialty Crystals, Quartz Crystals.Google Scholar
- Alpern, B., and Schneider, F. Key exchange using "Keyless Cryptography". Information processing letters 16, 2 (February 1983), 79--82.Google ScholarCross Ref
- Chayat, N. 802.11a PHY Overview. Slides available at: http://www.nwest.nist.gov/mtg3/papers/chayat.pdf.Google Scholar
- Dai, W. Speed benchmarks for various ciphers and hash functions. URL:http://www.eskimo.com/~weidai/.Google Scholar
- Diffie, W., and Hellman, M. New directions in cryptography. IEEE Transactions on Information Theory IT-22, 6 (1976), 644--654.Google ScholarDigital Library
- Gehrmann, C., and Nyberg, K. Enhancements to bluetooth baseband security. In Nordsec'01 (Kopenhagen, Denmark, November 2001).Google Scholar
- Goldwasser, S., and Bellare, M. Lectures notes in cryptography. URL:http://www.cs.ucsd.edu/users/mihir/papers/gb.html.Google Scholar
- Hill, J., Szewczyk, R., Woo, A., Hollar, S., Culler, D. E., and Pister, K. S. J. System architecture directions for networked sensors. In Architectural Support for Programming Languages and Operating Systems (2000), pp. 93--104. Google ScholarDigital Library
- Hoepman, J.-H. Ephemeral pairing in anonymous networks. Available at: http://www.cs.kun.nl/~jhh/publications/anonpairing.pdf.Google Scholar
- Hoepman, J.-H. The ephemeral pairing problem. In 8th Int. Conf. Financial Cryptography (Key West, Florida, February 9-12 2004), pp. 212--226.Google ScholarCross Ref
- Holmquist et al, L. A. Smart-Its Friends: A Technique for Users to Easily Establish Connections between Smart Artefacts. In Ubicomp 2001 (Atlanta, Georgia, September 30, October 2 2001). Google ScholarDigital Library
- Karlof, C., Sastry, N., and Wagner, D. Tinysec: A link layer security architecture for wireless sensor networks. In Second ACM Conference on Embedded Networked Sensor Systems (SenSys 2004) (November 2004). Google ScholarDigital Library
- Lenstra, A. K., and Verheul, E. R. Selecting cryptographic key sizes. Journal of Cryptology: the journal of the International Association for Cryptologic Research 14, 4 (2001), 255--293.Google Scholar
- Lester, J., Hannaford, B., and G., B. "Are You with Me? - Using Accelerometers to Determine If Two Devices Are Carried by the Same Person". In Pervasive 2004 (Vienna, Austria, April 21-23 2004).Google Scholar
- Menezes, A. J., Van Oorschot, P. C., and Vanstone, S. A. Handbook of applied cryptography. CRC Press series on discrete mathematics and its applications. 1997. ISBN 0-8493-8523-7. Google ScholarDigital Library
- Ogilvie, B. Clock Solutions for WiFi (IEEE 802.11). Saronix(tm) application note, 2003.Google Scholar
- Rivest, R., Shamir, A., and Adleman, L. A method for obtaining digital signatures and public-key cryptosystems. Coomunications of the ACM 21 (1978), 120--126. Google ScholarDigital Library
- Stajano, F., and Anderson, R. The resurrecting duckling: Security issues for ad-hoc wireless networks. In Proceedings of the 7th International Workshop on Security Protocols (1999), pp. 172--194. Google ScholarDigital Library
- Vig, J., and Ballato, A. Frequency Control Devices. Reprinted from Ultrasonic Instruments and Devices, Academic Press, 1999.Google Scholar
- Want, R., and Pering, T. New Horizons for Mobile Computing. In First IEEE International Conference on Pervasive Computing and Communication (PerCom'03) (Dallas, Texas), pp. 3--8. Google ScholarDigital Library
Index Terms
- Shake them up!: a movement-based pairing protocol for CPU-constrained devices
Recommendations
Shake Well Before Use: Intuitive and Secure Pairing of Mobile Devices
A challenge in facilitating spontaneous mobile interactions is to provide pairing methods that are both intuitive and secure. Simultaneous shaking is proposed as a novel and easy-to-use mechanism for pairing of small mobile devices. The underlying ...
Shake well before use: authentication based on accelerometer data
PERVASIVE'07: Proceedings of the 5th international conference on Pervasive computingSmall, mobile devices without user interfaces, such as Bluetooth headsets, often need to communicate securely over wireless networks. Active attacks can only be prevented by authenticating wireless communication, which is problematic when devices do not ...
Quantum correlation swapping
Quantum correlations (QCs), including quantum entanglement and those different, are important quantum resources and have attracted much attention recently. Quantum entanglement swapping as a kernel technique has already been applied to quantum repeaters ...
Comments