Title | Secure Device Bootstrapping Without Secrets Resistant to Signal Manipulation Attacks |
Publication Type | Conference Paper |
Year of Publication | 2018 |
Authors | Ghose, Nirnimesh, Lazos, Loukas, Li, Ming |
Conference Name | 2018 IEEE Symposium on Security and Privacy (SP) |
Date Published | may |
Keywords | advanced wireless attacks, authenticated channels, authentication, authorisation, Autonomous vehicles, body area networks, bootstrapping protocol, Communication system security, cryptographic protocols, data integrity, extensive human involvement, Group Bootstrapping, hub, in-band message integrity verification, industrial automation sensors, Internet of Things, key establishment, key establishment processes, man in the middle attack, man-in-the-middle attacks, Medical Devices, message authentication, Message Integrity Protection, multiple devices, multiple legitimate devices, ON OFF Keying, out-of-band channels, pairing process, performance evaluation, physical layer security, physical-layer group message integrity, Protocols, pubcrawl, public key cryptography, resilience, Resiliency, Scalability, Secret free, secure deployment, secure device bootstrapping, secure pairing, Security by Default, security of data, shared secrets, signal manipulation attacks, telecommunication security, VERSE, wireless channel, wireless channels, Wireless communication, wireless devices, Wireless sensor networks, wireless signal annihilation, wireless signal injection, Wireless Signal Manipulation Attack, wireless signal manipulations |
Abstract | In this paper, we address the fundamental problem of securely bootstrapping a group of wireless devices to a hub, when none of the devices share prior associations (secrets) with the hub or between them. This scenario aligns with the secure deployment of body area networks, IoT, medical devices, industrial automation sensors, autonomous vehicles, and others. We develop VERSE, a physical-layer group message integrity verification primitive that effectively detects advanced wireless signal manipulations that can be used to launch man-in-the-middle (MitM) attacks over wireless. Without using shared secrets to establish authenticated channels, such attacks are notoriously difficult to thwart and can undermine the authentication and key establishment processes. VERSE exploits the existence of multiple devices to verify the integrity of the messages exchanged within the group. We then use VERSE to build a bootstrapping protocol, which securely introduces new devices to the network. Compared to the state-of-the-art, VERSE achieves in-band message integrity verification during secure pairing using only the RF modality without relying on out-of-band channels or extensive human involvement. It guarantees security even when the adversary is capable of fully controlling the wireless channel by annihilating and injecting wireless signals. We study the limits of such advanced wireless attacks and prove that the introduction of multiple legitimate devices can be leveraged to increase the security of the pairing process. We validate our claims via theoretical analysis and extensive experimentations on the USRP platform. We further discuss various implementation aspects such as the effect of time synchronization between devices and the effects of multipath and interference. Note that the elimination of shared secrets, default passwords, and public key infrastructures effectively addresses the related key management challenges when these are considered at scale. |
DOI | 10.1109/SP.2018.00055 |
Citation Key | ghose_secure_2018 |