Secure Wireless Communication with Dynamic Secrets

SECURE WIRELESS COMMUNICATION WITH DYNAMIC SECRETS

Sheng Xiao, Weibo Gong and Don Towsley,2010 Infocom

Outline Problem statement Overview Dynamic secrets

ExtractionCollectionAmplification

System secret protection Bootstrapping security and implementation Summary and conclusion

Problem statement Data security in wireless communication

Security mechanism desirable in the case of secret leakage

Solution: use dynamic secrets, based on the link layer communications between wireless devices

Related Work Prior work uses the wireless physical

channel properties for secret sharing

However, they usually demand special hardware upgrades or at least specific interfaces to provide channel measurement information.

Related Work Instead of working with the physical layer

channel model to calculate the secret capacity, we shift attention to the link layer and emphasize the dynamics of secrets.

In wireless communication, it is practically impossible to eavesdrop link layer communication for a long period without errors

The single-point of failure occurs at the attackers

Outline Problem statement Overview Dynamic secrets

ExtractionCollectionAmplification

System secret protection Bootstrapping security and implementation Summary and conclusion

Series of Dynamic Secrets Let Hk indicates how many bits the adversary

needs to guess about the key. When Hk = 0, the adversary knows the key explicitly and the communication is not secure.

Solution: Use a series of dynamic secrets, i.e., updates between t0 and t1

Rationale: Secrecy replenished as the attacker cannot constantly overhear perfectly

Secret Safety Model

No dynamic secrets

Dynamic secrets, i.e.,

Advantage of Dynamic Secret Information loss is not recoverable by any

computational effort

Information loss can be accumulated

Outline Problem statement Overview Dynamic secrets

ExtractionCollectionAmplification

System secret protection Bootstrapping security and implementation Summary and conclusion

Extracting Dynamic Secrets Key ideas

Monitor retransmissionsSender and receiver agree on set of framesHash such frames into dynamic secrets

One Time Frame (OTF) is refers to a frame that is only aired once and correctly received.

AET Algorithms

Example: Stop-n-Wait

Collecting Dynamic Secrets Maintain a set of frames ψ

Initially ψs = ψr = Ø

Remarksψs and ψr differ of at most 1 frameThe reception of a new frame ensures ψs = ψr

Collecting Dynamic Secrets Maintain a set of frames ψ

Initially ψs = ψr = Ø

Remarksψs and ψr differ of at most 1 frameThe reception of a new frame ensures ψs = ψr

ψ

Amplifying Attacker’s Entropy Goal: Increase attacker’s uncertainty Input: ψ set Output: A secret S with high entropy

Denoted as

S = F(ψ)

Amplifying Attacker’s Entropy Random hashing theory

uniform-randomly choosing a function from a universal-2 hashing class

The expected hash output distribution will be close to the uniform distribution when the output is sufficiently short [1] - J.L. Carter and M. N. Wegman. Universal classes of hash functions. Journal of Computer and System Sciences, 18:396-407, 1979

Amplifying Attacker’s Entropy Entropy amplification

If Attacker has < 1 bit info about S If Uncertainty bounded by ϵ - 1

[2] – Alfred Rényi. On measures of information and entropy. In Proceedings of the 4° Berkeley Symposium on Mathematics, Statistics and Probability, 1960

Dynamic Secret Generation The above discussion justifies the use of the

following method

Collect OTFs until | ψ | > nts

Agree on a randomly chosen universal-2 hash function F

Generate S(t) = F(ψ)Reset ψ = Ø

Outline Problem statement Overview Dynamic secrets

ExtractionCollectionAmplification

System secret protection Bootstrapping security and implementation Summary and conclusion

System Secret Protection At secret generation

Divide s(t) = u(t) || v(t)To protect the private public key pair and secret

symmetric key respectively

Remark: information loss will accumulate Entropy is non decreasing

System Secret Protection

Outline Problem statement Overview Dynamic secrets

ExtractionCollectionAmplification

System secret protection Bootstrapping security and implementation Summary and conclusion

Bootstrapping Security Scenario: Use time to invest in security Solution: the sender transmits random

data at first to build up security

Prototype Implementation 802.11g

Hash

Extracting dynamic secrets at sender

Extracting dynamic secrets at receiver

Outline Problem statement Overview Dynamic secrets

ExtractionCollectionAmplification

System secret protection Bootstrapping security and implementation Summary and conclusion

Summary and conclusion Our work strengthens security in the

case of secrecy leakages by using dynamic secrets

For future work, use prototype for experimental evaluation