A Practical Man-In-The-Middle Attack on Signal-Based Key Generation Protocols

Eberz, Simon; Strohmeier, Martin; Wilhelm, Matthias; Martinovic, Ivan

doi:10.1007/978-3-642-33167-1_14

Cited by 66 publications

(52 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We note that our work focuses on demonstrating feasibility of analyzing security for physical layer key extraction from experimentally falsifiable assumptions; while our instantiation is practical, we leave for future work the further optimization of efficiency within our framework. Finally we stress that a more ambitious objective would be to provide a framework for security in the active adversarial model; indeed, in key extraction protocols certain types of active attacks have been demonstrated, e.g., [12], [36], [37]. While this is beyond the scope of the present work, a framework such as ours that provides a way to lower bound the conditional entropy available to the two transceivers can be a fundamental intermediate step towards a formal treatment of security in the active model.…”

Section: A Related Work and Our Resultsmentioning

confidence: 99%

On the Security of Key Extraction From Measuring Physical Quantities

Edman

Kiayias

Tang

et al. 2016

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

Abstract-Key extraction via measuring a physical quantity is a class of information theoretic key exchange protocols that rely on the physical characteristics of the communication channel, to enable the computation of a shared key by two parties that share no prior secret information. The key is supposed to be information theoretically hidden to an eavesdropper. Despite the recent surge of research activity in the area, concrete claims about the security of the protocols typically rely on channel abstractions that are not fully experimentally substantiated. In this work, we propose a novel methodology for the experimental security analysis of these protocols. The crux of our methodology is a falsifiable channel abstraction that is accompanied by an efficient experimental approximation algorithm of the conditional minentropy available to the parties given the view of the eavesdropper.We focus on the signal strength between two wirelessly communicating transceivers as the measured quantity and we use an experimental setup to compute the conditional min-entropy of the channel given the view of the attacker which we find to be linearly increasing. Armed with this understanding of the channel, we showcase the methodology by providing a general protocol for key extraction in this setting that is shown to be secure for a concrete parameter selection. In this way we provide a comprehensively analyzed wireless key extraction protocol that is demonstrably secure against passive adversaries assuming our falsifiable channel abstraction. Our use of hidden Markov models as the channel model and a dynamic programming approach to approximate conditional min-entropy might be of independent interest, while other possible instantiations of our methodology can be feasible and may be motivated by this work.

show abstract

Section: A Related Work and Our Resultsmentioning

confidence: 99%

On the Security of Key Extraction From Measuring Physical Quantities

Edman

Kiayias

Tang

et al. 2016

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

show abstract

“…As shown in [17], existing key generation strategies that are based on the RSSI and channel impulse response (CIR) [23], [29]- [32] or the phase [33] are vulnerable to the manin-the-middle attacks. For instance, eavesdroppers can reveal 40% to 50% of the keys, and attackers can sabotage the key agreements with 95% confidence by injecting spoofing signals during less than 4% of the overall communication duration [17].…”

Section: B Security and Performance Analysismentioning

confidence: 99%

“…on the received signal strength (RSS) of a single radio source, many of the proximity tests suffer from the limited proximity range and the authentication accuracy is not high in both stationary and fast changing radio environments [14], [15]. Moreover, a recent study has shown that the RSSbased strategies are vulnerable to man-in-the-middle attacks [17]. To address this problem, Zheng et al have proposed a location tag-based proximity test, which exploits the contents of ambient radio signals to improve the authentication accuracy and provides flexible range control [16].…”

Section: Introductionmentioning

confidence: 99%

Proximity-Based Security Techniques for Mobile Users in Wireless Networks

Xiao

Yan

Lou

et al. 2013

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

Abstract-In this paper, we propose a privacy-preserving proximity-based security system for location-based services (LBS) in wireless networks, without requiring any pre-shared secret, trusted authority or public key infrastructure. In this system, the proximity-based authentication and session key establishment are implemented based on spatial temporal location tags. Incorporating the unique physical features of the signals sent from multiple ambient radio sources, the location tags cannot be easily forged by attackers. More specifically, each radio client builds a public location tag according to the received signal strength indicators (RSSI), sequence numbers and MAC addresses of the ambient packets. Each client also keeps a secret location tag that consists of the packet arrival time information to generate the session keys. As clients never disclose their secret location tags, this system is robust against eavesdroppers and spoofers outside the proximity range. The system improves the authentication accuracy by introducing a nonparametric Bayesian method called infinite Gaussian mixture model in the proximity test and provides flexible proximity range control by taking into account multiple physical-layer features of various ambient radio sources. Moreover, the session key establishment strategy significantly increases the key generation rate by exploiting the packet arrival time of the ambient signals. The authentication accuracy and key generation rate are evaluated via experiments using laptops in typical indoor environments.

show abstract

“…MiM in the form of injection type of attacks constitute one of the most serious limitations in SKG systems extracting secret keys from RSS measurements [5,11,12] (it is yet unknown whether this attack can be launched to systems using CSI or the phase of the received signal [13]). Various possible approaches have so far surfaced on how to launch injection attacks; in [5] the attack consisted in controlling the movement of intermediate objects in the wireless medium, thus generating predictable changes in the received RSS (e.g., by obstructing or not a LOS), while in [11] whenever similar channel envelope measurements were received from Alice and Bob, Mallory spoofed the SKG process by injecting a MiM signal W .…”

Section: Injection Attacksmentioning

confidence: 99%

“…However, neither the optimality of employing constant jamming signals nor the scenario of an adversary with imperfect estimate of the main channel CSI were addressed. Furthermore, in [11] and it was shown that injection type of attacks allow an active adversary to act as a man in the middle (MiM) and potentially control (a large) part of the generated key. A simple heuristic approach to defend against injection type of attacks was presented in [12] by multiplying the received signals with independent zero-mean random signals, locally generated at the legitimate nodes.…”

Section: Introductionmentioning

confidence: 99%

A Study of Injection and Jamming Attacks in Wireless Secret Sharing Systems

Chorti

2017

Proceedings of the 2nd Workshop on Communication Security

View full text Add to dashboard Cite

Secret key generation (SKG) schemes have been shown to be vulnerable to denial of service (DoS) attacks in the form of jamming and to man in the middle attacks implemented as injection attacks. In this paper, a comprehensive study on the impact of correlated and uncorrelated jamming and injection attacks in wireless SKG systems is presented. First, two optimal signalling schemes for the legitimate users are proposed and the impact of injection attacks as well as counter-measures are investigated. Finally, it is demonstrated that the jammer should inject either correlated jamming when imperfect channel state information (CSI) regarding the main channel is at their disposal, or, uncorrelated jamming when the main channel CSI is completely unknown.

show abstract

A Practical Man-In-The-Middle Attack on Signal-Based Key Generation Protocols

Cited by 66 publications

References 21 publications

On the Security of Key Extraction From Measuring Physical Quantities

On the Security of Key Extraction From Measuring Physical Quantities

Proximity-Based Security Techniques for Mobile Users in Wireless Networks

A Study of Injection and Jamming Attacks in Wireless Secret Sharing Systems

Contact Info

Product

Resources

About