The Synergy of Family and Neighborhood on Rural Dating Violence Victimization

The use of reciprocal and random properties of wireless channels for the generation of secret keys is a highly attractive option for many applications that operate in a mobile environment. In recent years, several practice-oriented protocols have been proposed, but unfortunately without a sufficient and consistent security analysis and without a fair comparison between each other. This can be attributed to the fact that until now neither a common evaluation basis, nor a security metric in an on-line scenario (e.g., with changing channel properties) was proposed. We attempt to close this gap by presenting test vectors based on a large measurement campaign, an extensive comparative evaluation framework (including ten protocols as well as new on-line entropy estimators), and a rigorous experimental security analysis. Further, we answer for the first time a variety of security and performance related questions about the behavior of 10 channelbased key establishment schemes from the literature.

show abstract

The Passive Eavesdropper Affects My Channel: Secret-Key Rates under Real-World Conditions

Zenger

Vogt

Zimmer

et al. 2016

View full text Add to dashboard Cite

Channel-reciprocity based key generation (CRKG) has gained significant importance as it has recently been proposed as a potential lightweight security solution for IoT devices. However, the impact of the attacker's position in close range has only rarely been evaluated in practice, posing an open research problem about the security of real-world realizations. Furthermore, this would further bridge the gap between theoretical channel models and their practice-oriented realizations. For security metrics, we utilize cross-correlation, mutual information, and a lower bound on secret-key capacity. We design a practical setup of three parties such that the channel statistics, although based on joint randomness, are always reproducible. We run experiments to obtain channel states and evaluate the aforementioned metrics for the impact of an attacker depending on his position. It turns out the attacker himself affects the outcome, which has not been adequately regarded yet in standard channel models.

show abstract

Constructive and Destructive Aspects of Adaptive Wormholes for the 5G Tactile Internet

Zenger

Zimmer

Pietersz

et al. 2016

View full text Add to dashboard Cite

Exploiting the Physical Environment for Securing the Internet of Things

Zenger

Zimmer

Pietersz

et al. 2015

View full text Add to dashboard Cite

Using the randomness provided by the physical environment to build security solutions has received much attention recently. In particular, the shared entropy provided by measuring ambient audio, luminosity modalities or electromagnetic emanations has been used to build locationbased, proximity-based, or context-based security mechanisms. The majority of those protocols is based on a standard model consisting channel probing, quantization, information reconciliation, privacy amplification, and key verification. The main problem for almost all approaches is the limited understanding of the security that is provided. For example, security analyses often only address single components and not the entire system or are based on broad abstractions of the physical source of randomness. Further, a big open question is the feasibility of such systems for low-resource platforms. Our first contribution is a detailed, optimized realization of a key establishment system. We demonstrate the feasibility of deriving a shared secret from correlated quantities on resource-constrained devices with tight power budget. Our system was realized on the popular ARM Cortex-M3 processor that reports detailed resource requirements. The second major contribution is a summary and abstraction of previous works together with a detailed security analysis using attack trees. We substantiate our investigation by presenting practical attack results. CCS Concepts•Security and privacy → Key management; Mobile and wireless security; Security requirements; Formal security models; Embedded systems security; Usability in security and privacy; •Software and its engineering → Software prototyping;

show abstract

On-line Entropy Estimation for Secure Information Reconciliation

Zenger¹,

Zimmer²,

Posielek³

et al. 2015

View full text Add to dashboard Cite

The random number generator (RNG) is a critical, if not in fact the most important, component in every cryptographic device. Introducing the symmetric radio channel, represented by estimations of location-specific, reciprocal, and time-variant channel characteristics, as a common RNG is not a trivial task. In recent years, several practice-oriented protocols have been proposed, challenging the utilization of wireless communication channels to enable the computation of a shared key. However, the security claims of those protocols typically rely on channel abstractions that are not fully experimentally substantiated, and (at best) rely on statistical off-line tests. In the present paper, we investigate on-line statistical testing for channel-based key extraction schemes, which is independent from channel abstractions due to the capability to verify the entropy of the resulting key material. We demonstrate an important security breach if on-line estimation is not applied, e.g., if the device is in an environment with an insufficient amount of entropy. Further, we present real-world evaluation results of 10 recent protocols for the generation of keys with a verified security level of 128-bit.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Jan Zimmer

Authenticated key establishment for low-resource devices exploiting correlated random channels

Security Analysis of Quantization Schemes for Channel-based Key Extraction

The Passive Eavesdropper Affects My Channel: Secret-Key Rates under Real-World Conditions

Constructive and Destructive Aspects of Adaptive Wormholes for the 5G Tactile Internet

Exploiting the Physical Environment for Securing the Internet of Things

On-line Entropy Estimation for Secure Information Reconciliation

Contact Info

Product

Resources

About