Secure Device Bootstrapping Without Secrets Resistant to Signal Manipulation Attacks

Nirnimesh Ghose, Loukas Lazos, Ming Li

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In this paper, we address the fundamental problem of securely bootstrapping a group of wireless devices to a hub, when none of the devices share prior associations (secrets) with the hub or between them. This scenario aligns with the secure deployment of body area networks, IoT, medical devices, industrial automation sensors, autonomous vehicles, and others. We develop VERSE, a physical-layer group message integrity verification primitive that effectively detects advanced wireless signal manipulations that can be used to launch man-in-the-middle (MitM) attacks over wireless. Without using shared secrets to establish authenticated channels, such attacks are notoriously difficult to thwart and can undermine the authentication and key establishment processes. VERSE exploits the existence of multiple devices to verify the integrity of the messages exchanged within the group. We then use VERSE to build a bootstrapping protocol, which securely introduces new devices to the network. Compared to the state-of-the-art, VERSE achieves in-band message integrity verification during secure pairing using only the RF modality without relying on out-of-band channels or extensive human involvement. It guarantees security even when the adversary is capable of fully controlling the wireless channel by annihilating and injecting wireless signals. We study the limits of such advanced wireless attacks and prove that the introduction of multiple legitimate devices can be leveraged to increase the security of the pairing process. We validate our claims via theoretical analysis and extensive experimentations on the USRP platform. We further discuss various implementation aspects such as the effect of time synchronization between devices and the effects of multipath and interference. Note that the elimination of shared secrets, default passwords, and public key infrastructures effectively addresses the related key management challenges when these are considered at scale.

Original languageEnglish (US)
Title of host publicationProceedings - 2018 IEEE Symposium on Security and Privacy, SP 2018
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages819-835
Number of pages17
Volume2018-May
ISBN (Electronic)9781538643525
DOIs
StatePublished - Jul 23 2018
Event39th IEEE Symposium on Security and Privacy, SP 2018 - San Francisco, United States
Duration: May 21 2018May 23 2018

Other

Other39th IEEE Symposium on Security and Privacy, SP 2018
CountryUnited States
CitySan Francisco
Period5/21/185/23/18

Fingerprint

Authentication
Synchronization
Automation
Network protocols
Sensors
Internet of things

Keywords

  • Group Bootstrapping
  • Internet of Things
  • Key Establishment
  • Man in the Middle Attack
  • Message Integrity Protection
  • ON OFF Keying
  • Physical layer Security
  • Secret free
  • Wireless Signal Manipulation Attack

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Software
  • Computer Networks and Communications

Cite this

Ghose, N., Lazos, L., & Li, M. (2018). Secure Device Bootstrapping Without Secrets Resistant to Signal Manipulation Attacks. In Proceedings - 2018 IEEE Symposium on Security and Privacy, SP 2018 (Vol. 2018-May, pp. 819-835). [8418640] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SP.2018.00055

Secure Device Bootstrapping Without Secrets Resistant to Signal Manipulation Attacks. / Ghose, Nirnimesh; Lazos, Loukas; Li, Ming.

Proceedings - 2018 IEEE Symposium on Security and Privacy, SP 2018. Vol. 2018-May Institute of Electrical and Electronics Engineers Inc., 2018. p. 819-835 8418640.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Ghose, N, Lazos, L & Li, M 2018, Secure Device Bootstrapping Without Secrets Resistant to Signal Manipulation Attacks. in Proceedings - 2018 IEEE Symposium on Security and Privacy, SP 2018. vol. 2018-May, 8418640, Institute of Electrical and Electronics Engineers Inc., pp. 819-835, 39th IEEE Symposium on Security and Privacy, SP 2018, San Francisco, United States, 5/21/18. https://doi.org/10.1109/SP.2018.00055
Ghose N, Lazos L, Li M. Secure Device Bootstrapping Without Secrets Resistant to Signal Manipulation Attacks. In Proceedings - 2018 IEEE Symposium on Security and Privacy, SP 2018. Vol. 2018-May. Institute of Electrical and Electronics Engineers Inc. 2018. p. 819-835. 8418640 https://doi.org/10.1109/SP.2018.00055
Ghose, Nirnimesh ; Lazos, Loukas ; Li, Ming. / Secure Device Bootstrapping Without Secrets Resistant to Signal Manipulation Attacks. Proceedings - 2018 IEEE Symposium on Security and Privacy, SP 2018. Vol. 2018-May Institute of Electrical and Electronics Engineers Inc., 2018. pp. 819-835
@inproceedings{d6e1fc5cde43456b9012dc93085a0033,
title = "Secure Device Bootstrapping Without Secrets Resistant to Signal Manipulation Attacks",
abstract = "In this paper, we address the fundamental problem of securely bootstrapping a group of wireless devices to a hub, when none of the devices share prior associations (secrets) with the hub or between them. This scenario aligns with the secure deployment of body area networks, IoT, medical devices, industrial automation sensors, autonomous vehicles, and others. We develop VERSE, a physical-layer group message integrity verification primitive that effectively detects advanced wireless signal manipulations that can be used to launch man-in-the-middle (MitM) attacks over wireless. Without using shared secrets to establish authenticated channels, such attacks are notoriously difficult to thwart and can undermine the authentication and key establishment processes. VERSE exploits the existence of multiple devices to verify the integrity of the messages exchanged within the group. We then use VERSE to build a bootstrapping protocol, which securely introduces new devices to the network. Compared to the state-of-the-art, VERSE achieves in-band message integrity verification during secure pairing using only the RF modality without relying on out-of-band channels or extensive human involvement. It guarantees security even when the adversary is capable of fully controlling the wireless channel by annihilating and injecting wireless signals. We study the limits of such advanced wireless attacks and prove that the introduction of multiple legitimate devices can be leveraged to increase the security of the pairing process. We validate our claims via theoretical analysis and extensive experimentations on the USRP platform. We further discuss various implementation aspects such as the effect of time synchronization between devices and the effects of multipath and interference. Note that the elimination of shared secrets, default passwords, and public key infrastructures effectively addresses the related key management challenges when these are considered at scale.",
keywords = "Group Bootstrapping, Internet of Things, Key Establishment, Man in the Middle Attack, Message Integrity Protection, ON OFF Keying, Physical layer Security, Secret free, Wireless Signal Manipulation Attack",
author = "Nirnimesh Ghose and Loukas Lazos and Ming Li",
year = "2018",
month = "7",
day = "23",
doi = "10.1109/SP.2018.00055",
language = "English (US)",
volume = "2018-May",
pages = "819--835",
booktitle = "Proceedings - 2018 IEEE Symposium on Security and Privacy, SP 2018",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - GEN

T1 - Secure Device Bootstrapping Without Secrets Resistant to Signal Manipulation Attacks

AU - Ghose, Nirnimesh

AU - Lazos, Loukas

AU - Li, Ming

PY - 2018/7/23

Y1 - 2018/7/23

N2 - In this paper, we address the fundamental problem of securely bootstrapping a group of wireless devices to a hub, when none of the devices share prior associations (secrets) with the hub or between them. This scenario aligns with the secure deployment of body area networks, IoT, medical devices, industrial automation sensors, autonomous vehicles, and others. We develop VERSE, a physical-layer group message integrity verification primitive that effectively detects advanced wireless signal manipulations that can be used to launch man-in-the-middle (MitM) attacks over wireless. Without using shared secrets to establish authenticated channels, such attacks are notoriously difficult to thwart and can undermine the authentication and key establishment processes. VERSE exploits the existence of multiple devices to verify the integrity of the messages exchanged within the group. We then use VERSE to build a bootstrapping protocol, which securely introduces new devices to the network. Compared to the state-of-the-art, VERSE achieves in-band message integrity verification during secure pairing using only the RF modality without relying on out-of-band channels or extensive human involvement. It guarantees security even when the adversary is capable of fully controlling the wireless channel by annihilating and injecting wireless signals. We study the limits of such advanced wireless attacks and prove that the introduction of multiple legitimate devices can be leveraged to increase the security of the pairing process. We validate our claims via theoretical analysis and extensive experimentations on the USRP platform. We further discuss various implementation aspects such as the effect of time synchronization between devices and the effects of multipath and interference. Note that the elimination of shared secrets, default passwords, and public key infrastructures effectively addresses the related key management challenges when these are considered at scale.

AB - In this paper, we address the fundamental problem of securely bootstrapping a group of wireless devices to a hub, when none of the devices share prior associations (secrets) with the hub or between them. This scenario aligns with the secure deployment of body area networks, IoT, medical devices, industrial automation sensors, autonomous vehicles, and others. We develop VERSE, a physical-layer group message integrity verification primitive that effectively detects advanced wireless signal manipulations that can be used to launch man-in-the-middle (MitM) attacks over wireless. Without using shared secrets to establish authenticated channels, such attacks are notoriously difficult to thwart and can undermine the authentication and key establishment processes. VERSE exploits the existence of multiple devices to verify the integrity of the messages exchanged within the group. We then use VERSE to build a bootstrapping protocol, which securely introduces new devices to the network. Compared to the state-of-the-art, VERSE achieves in-band message integrity verification during secure pairing using only the RF modality without relying on out-of-band channels or extensive human involvement. It guarantees security even when the adversary is capable of fully controlling the wireless channel by annihilating and injecting wireless signals. We study the limits of such advanced wireless attacks and prove that the introduction of multiple legitimate devices can be leveraged to increase the security of the pairing process. We validate our claims via theoretical analysis and extensive experimentations on the USRP platform. We further discuss various implementation aspects such as the effect of time synchronization between devices and the effects of multipath and interference. Note that the elimination of shared secrets, default passwords, and public key infrastructures effectively addresses the related key management challenges when these are considered at scale.

KW - Group Bootstrapping

KW - Internet of Things

KW - Key Establishment

KW - Man in the Middle Attack

KW - Message Integrity Protection

KW - ON OFF Keying

KW - Physical layer Security

KW - Secret free

KW - Wireless Signal Manipulation Attack

UR - http://www.scopus.com/inward/record.url?scp=85051017940&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85051017940&partnerID=8YFLogxK

U2 - 10.1109/SP.2018.00055

DO - 10.1109/SP.2018.00055

M3 - Conference contribution

VL - 2018-May

SP - 819

EP - 835

BT - Proceedings - 2018 IEEE Symposium on Security and Privacy, SP 2018

PB - Institute of Electrical and Electronics Engineers Inc.

ER -