Tamper-Evident Pairing (TEP) Protocol for Secure Wireless Pairing Without Passwords

Slide Note
Embed
Share

This article discusses the challenges of traditional secure wireless pairing methods that rely on password validation and proposes the Tamper-Evident Pairing (TEP) protocol as a secure in-band solution to protect against Man-in-the-Middle (MITM) attacks. TEP eliminates the need for out-of-band channels and passwords, making it a practical and secure approach for wireless device pairing. The protocol has been formally proven to be secure, works on existing 802.11 cards and operating systems, and effectively safeguards against wireless tampering.

quer_sna
quer_sna Follow

Uploaded on Sep 06, 2024 | 1 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Secure In-Band Wireless Pairing Shyamnath Gollakota Nabeel Ahmed Nickolai Zeldovich Dina Katabi

  2. Secure Wireless Pairing is Important Traditional solutions require user to enter or validate passwords

  3. Entering or Validating Passwords is Difficult Ordinary users struggle with picking long random passwords Devices with no interfaces for entering passwords Problem Statement: Secure pairing without having the user enter or validate passwords

  4. Tentative Solution:

  5. Tentative Solution: Use Diffie-Hellman Key Exchange Man-in-the-middle attacks Anyone can receive/transmit Bob Alice Adversary Full fledged man-in-the-middle attack on CDMA and 4G networks at DEFCON 19

  6. Status of Secure Pairing Without Passwords Academic Approach Industry Approach Users simply press buttons to initiate pairing e.g., WiFi Push Button configuration, Bluetooth simple pairing Use trusted out-of-band channels e.g., camera-displays, audio, tactile or infrared channels May be infeasible due to cost or size Susceptible to MITM attacks Can we get the best of both worlds?

  7. Tamper Evident Pairing (TEP) First in-band secure pairing protocol Protects from MITM attacks Doesn t require out-of-band channels or passwords Formally proven to be secure Works on existing 802.11 cards and OS Implemented and evaluated on operational networks

  8. How do We Protect Against MITM Attacks Without Out-of-Band Channels? Prior out-of-band systems: Assume attacker can arbitrarily tamper with wireless messages Can t trust messages on shared wireless channel Our approach: Understand wireless tampering and detect it Trust un-tampered messages Collect all messages within a time window; Pair if only one message and no tampering

  9. How Can Adversary Tamper with Wireless Messages? 1. Adversary alters message 2. Adversary hides that message was sent 3. Adversary prevents message from being sent Bob Alice Adversary

  10. How Can Adversary Tamper with Wireless Messages? 1. Adversary alters message 2. Adversary hides that message was sent 3. Adversary prevents message from being sent Bob Alice Time Adversary

  11. How Can Adversary Tamper with Wireless Messages? 1. Adversary alters message 2. Adversary hides that message was sent 3. Adversary prevents message from being sent Collision! Bob Alice Adversary Collisions are typical in wireless networks

  12. How Can Adversary Tamper with Wireless Messages? 1. Adversary alters message 2. Adversary hides that message was sent 3. Adversary prevents message from being sent Tamper Evident Message: 1. Can t be altered without detection at receivers 2. Can t be hidden from the receiver 3. Can t be prevented from being sent Bob Alice Adversary Occupy the medium all the time

  13. 1. How to Protect From Altering of Messages? Wireless property: Can t generate silence from energy 101000001111 Time Alice s Message Follow message by message-specific silence pattern Silence pattern = Hash of message payload Send a random packet for 1 and remain silent for 0

  14. 1. How to Protect From Altering of Messages? Wireless property: Can t generate silence from energy Time Alice s Message Alice s 1 bits Follow message by message-specific silence pattern Silence pattern = Hash of message payload Send a random packet for 1 and remain silent for 0 Changing message requires changing silence pattern

  15. 1. How to Protect From Altering of Messages? Wireless property: Can t generate silence from energy Time Alice s Message Follow message by message-specific silence pattern Silence pattern = Hash of message payload Send a random packet for 1 and remain silent for 0 Changing message requires changing silence pattern

  16. 2. How to Protect From Hiding the Message? Time Alice s Message Bob misses the message

  17. 2. How to Protect From Hiding the Message? Synchronization pkt Time Alice s Message Send an unusually long packet with random content

  18. 3. How Do We Ensure Message Gets Sent? Synchronization pkt Time Alice s Message Message can t be altered, hidden or prevented, Force transmit after timeout even if medium is occupied without being detected at receivers

  19. Issue: Unintentional Tampering 802.11 devices transmit when channel is unoccupied Legitimate transmission Synchronization pkt Time Silence period Alice s Message Create a number of false positives

  20. Issue: Unintentional Tampering 802.11 devices transmit when channel is unoccupied Legitimate transmission Synchronization pkt Time Silence period Alice s Message Leverage CTS to reserve the wireless medium

  21. Issue: Unintentional Tampering 802.11 devices transmit when channel is unoccupied CTS Synchronization pkt Time Reserved duration Alice s Message Leverage CTS to reserve the wireless medium

  22. In-Band Secure Pairing Protocol Industry: User pushes buttons within 120 seconds Timeout after a period greater than 120 seconds Pair if only one message is received and no tampering Push Button Timeout request Alice Push Button Timeout reply Bob Adversary

  23. In-Band Secure Pairing Protocol Industry: User pushes buttons within 120 seconds Timeout after a period greater than 120 seconds Pair if only one message is received and no tampering Push Button Two replies No pairing Timeout request Alice Push Button Timeout reply Bob reply Adversary

  24. In-Band Secure Pairing Protocol Industry: User pushes buttons within 120 seconds Timeout after a period greater than 120 seconds Pair if only one message is received and no tampering Push Button Tampering detected No pairing Timeout request Alice Push Button Timeout reply Bob Tamper reply Adversary

  25. TEP is proven secure Theorem: If the pairing devices are within radio range and the user presses the buttons, an adversary cannot convince either device to pair with it (except with negligible probability) Assumptions: Don t confuse hash packets ( 1 ) for silence ( 0 ) Detect synchronization packet

  26. Implementation Implemented in the 802.11 driver Used Atheros 802.11 cards and Linux

  27. Implementation Challenges Minimize duration of hash bits Use high-definition timers in kernel 40 us hash bits 128 bits hash function Less than 5 milli seconds Set sync packet longer than any packet Pick sync duration as 17 ms Maximum sized IP packet = 12 ms Minimum 802.11 bit rate

  28. Evaluation False negatives Proved probability of false negatives is negligible Assumptions Don t confuse hash packets ( 1 ) for silence ( 0 ) Detect synchronization packet False positive Empirical estimation of its probability

  29. Testbed 12-locations over 21,080 square feet Every run randomly pick two nodes to perform pairing

  30. Can We Distinguish Between One and Zero Bits? 1 0.8 0.6 0.4 0.2 0 0 0.2 0.4 0.6 0.8 1 Normalized Received Power

  31. Can We Distinguish Between One and Zero Bits? 1 Zero bits 0.8 0.6 0.4 0.2 0 0 0.2 0.4 0.6 0.8 1 Normalized Received Power

  32. Can We Distinguish Between One and Zero Bits? 1 Zero bits One bits 0.8 0.6 0.4 0.2 0 0 0.2 0.4 0.6 0.8 1 Normalized Received Power Receiver doesn t confuse one hash bits for silence

  33. False Positives Mistaking cross-traffic energy as sync packet Mistaking corrupted hash bits for an attack

  34. Can TEP Mistake Cross-Traffic for Sync Packet? Look at SIGCOMM 2010 and MIT network 1 0.8 0.6 0.4 0.2 0 0.002 2 0.001 1 0.003 3 0.004 4 0.005 5 0 Continuous Energy Duration (in milliseconds)

  35. Can TEP Mistake Cross-Traffic for Sync Packet? Look at SIGCOMM 2010 and MIT network 1 0.8 0.6 0.4 SIGCOMM 2010 0.2 0 0.002 2 0.001 1 0.003 3 0.004 4 0.005 5 0 Continuous Energy Duration (in milliseconds)

  36. Can TEP Mistake Cross-Traffic for Sync Packet? Look at SIGCOMM 2010 and MIT network 1 0.8 0.6 MIT 0.4 SIGCOMM 2010 0.2 0 0.002 2 0.001 1 0.003 3 0.004 4 0.005 5 0 Continuous Energy Duration (in milliseconds) Studied networks show zero probability of mistaking cross- traffic for sync packet Much smaller than 17 ms of the sync packet

  37. Can TEP Mistake Corrupted Hash Bits for Attack? Due to CTS WiFi cross-traffic doesn t transmit during hash bits Non-WiFi devices like Bluetooth may still transmit Exp: Use Bluetooth to transfer file between Android phones 1 0.8 0.6 0.4 0.2 0 1 2 3 4 Number of attempts

  38. Can TEP Mistake Corrupted Hash Bits for Attack? Due to CTS WiFi cross-traffic doesn t transmit during hash bits Non-WiFi devices like Bluetooth may still transmit Exp: Use Bluetooth to transfer file between Android phones 1 0.8 0.6 0.4 0.2 0 1 2 3 4 TEP works even in the presence of interference from non-WiFi Number of attempts devices such as Bluetooth Bluetooth is not synchronized with our pairing protocol

  39. Related Work Pairing with out-of-band channels (cameras, audio, tactile, infrared, ) TEP is in-band Work on Integrity Codes Ensuring message integrity but still requires dedicated out-of- band wireless channels Tamper evident messages Stronger than message integrity Purely in-band pairing protocol

  40. Conclusions First in-band secure pairing protocol Protects from MITM attacks Doesn t require out-of-band channels or passwords Formally proven to be secure Works on existing 802.11 cards and OS Implemented and evaluated on operational networks

Related


Enhance Your Wireless Range: 192.168.188.1 Wireless Extender Setup with Top Apps

Enhance Your Wireless Range: 192.168.188.1 Wireless Extender Setup with Top Apps

Jonty1
Scrolls:Rolling Flexible Surfaces for Wideband Wireless

Scrolls:Rolling Flexible Surfaces for Wideband Wireless

prudence
Effective Management of CDIS User Passwords and Account Lockouts

Effective Management of CDIS User Passwords and Account Lockouts

leonard
Understanding Wireless Communication Networks by Dr. K. Gopi at SITAMS

Understanding Wireless Communication Networks by Dr. K. Gopi at SITAMS

thelonious
Understanding Device Settings and Strong Passwords for Digital Citizenship

Understanding Device Settings and Strong Passwords for Digital Citizenship

urban
Understanding Mobile Computing and TCP/IP Protocol Suite

Understanding Mobile Computing and TCP/IP Protocol Suite

ambrosia
Strengthen Your Digital Literacy with Strong Password Strategies

Strengthen Your Digital Literacy with Strong Password Strategies

eleonora
Importance of Secure Passwords in Internet Safety

Importance of Secure Passwords in Internet Safety

yamileth
Understanding OSI Model and TCP/IP Protocol Suite in Computer Networking

Understanding OSI Model and TCP/IP Protocol Suite in Computer Networking

gwendolyn
Understanding EIGRP: A Comprehensive Overview

Understanding EIGRP: A Comprehensive Overview

rebeca
Understanding SFTP Server Functionality with ACS 5.x by Mohammad Azharuddin AAA Team

Understanding SFTP Server Functionality with ACS 5.x by Mohammad Azharuddin AAA Team

aimenmo
Exploring Quarkyonic Matter and Chiral Pairing Phenomena

Exploring Quarkyonic Matter and Chiral Pairing Phenomena

millhouse_k
Effective Strategies for Creating Strong and Memorable Passwords

Effective Strategies for Creating Strong and Memorable Passwords

viers_m
Exploring Wireless Technologies and Mobile Commerce

Exploring Wireless Technologies and Mobile Commerce

rut_mac
Mastering Strong Passwords: A Practical Guide

Mastering Strong Passwords: A Practical Guide

darl_359
STM32WB BLE Secure Connections Overview

STM32WB BLE Secure Connections Overview

jeffreys_n
Understanding Wireless Networks: Types and Applications

Understanding Wireless Networks: Types and Applications

jets_849
Enhancing Public Wi-Fi Security with Opportunistic Wireless Encryption (OWE)

Enhancing Public Wi-Fi Security with Opportunistic Wireless Encryption (OWE)

deng_l
Overview of External Wireless Communication System on International Space Station (ISS)

Overview of External Wireless Communication System on International Space Station (ISS)

jang395
Wireless Programming for Hardware Dummies: Simplifying Wireless Research in the Industry

Wireless Programming for Hardware Dummies: Simplifying Wireless Research in the Industry

ptak_h
Understanding Protocol Deviations in Clinical Trials

Understanding Protocol Deviations in Clinical Trials

lakh_6
Quantum Public-Key Encryption with Tamper-Resilient Public Keys

Quantum Public-Key Encryption with Tamper-Resilient Public Keys

nberg

More Related Content