Secret key establishment based on parameters of the communication channel is a highly attractive option for many applications that operate in a dynamic mobile environment with peer-to-peer association. On the other hand, high usability and dynamic key management are still very difficult to achieve for wireless devices which have to operate under strict resource constraints. In fact, most previously reported key generation methods cannot operate in such environment. In this work, we present a new system architecture which is suitable also for resource-constrained platforms. Our design strongly focuses on security, rather than a robust key generation rate, as well as on low complexity and efficiency. Our approach has the potential to dramatically reduce the cost of securing small embedded devices for the Internet of Things, and hence make mass production and deployment viable.
Using the randomness provided by the physical environment to build security solutions has received much attention recently. In particular, the shared entropy provided by measuring ambient audio, luminosity modalities or electromagnetic emanations has been used to build locationbased, proximity-based, or context-based security mechanisms. The majority of those protocols is based on a standard model consisting channel probing, quantization, information reconciliation, privacy amplification, and key verification. The main problem for almost all approaches is the limited understanding of the security that is provided. For example, security analyses often only address single components and not the entire system or are based on broad abstractions of the physical source of randomness. Further, a big open question is the feasibility of such systems for low-resource platforms. Our first contribution is a detailed, optimized realization of a key establishment system. We demonstrate the feasibility of deriving a shared secret from correlated quantities on resource-constrained devices with tight power budget. Our system was realized on the popular ARM Cortex-M3 processor that reports detailed resource requirements. The second major contribution is a summary and abstraction of previous works together with a detailed security analysis using attack trees. We substantiate our investigation by presenting practical attack results.
CCS Concepts•Security and privacy → Key management; Mobile and wireless security; Security requirements; Formal security models; Embedded systems security; Usability in security and privacy; •Software and its engineering → Software prototyping;
The random number generator (RNG) is a critical, if not in fact the most important, component in every cryptographic device. Introducing the symmetric radio channel, represented by estimations of location-specific, reciprocal, and time-variant channel characteristics, as a common RNG is not a trivial task. In recent years, several practice-oriented protocols have been proposed, challenging the utilization of wireless communication channels to enable the computation of a shared key. However, the security claims of those protocols typically rely on channel abstractions that are not fully experimentally substantiated, and (at best) rely on statistical off-line tests. In the present paper, we investigate on-line statistical testing for channel-based key extraction schemes, which is independent from channel abstractions due to the capability to verify the entropy of the resulting key material. We demonstrate an important security breach if on-line estimation is not applied, e.g., if the device is in an environment with an insufficient amount of entropy. Further, we present real-world evaluation results of 10 recent protocols for the generation of keys with a verified security level of 128-bit.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.