Securing Ad-hoc Connections over Wireless Short-range Communication Channels
基於無線短距離通信的臨時信道安全性分析
Student thesis: Doctoral Thesis
Author(s)
Related Research Unit(s)
Detail(s)
Awarding Institution | |
---|---|
Supervisors/Advisors |
|
Award date | 19 Aug 2021 |
Link(s)
Permanent Link | https://scholars.cityu.edu.hk/en/theses/theses(e8d21ca2-aad7-4ab3-881b-6f7af92680e4).html |
---|---|
Other link(s) | Links |
Abstract
The Internet of Things (IoT) is a well-known paradigm that aims at interrelating different kinds of devices to the internet for seamless connectivity and data transfer. IoT devices exchange data with millions of other devices around the globe in ad-hoc manners, namely short-range wireless communications. However, due to this temporary features, some security services may be challenging to be provided by traditional cryptography, especially when establishing a key between two devices with no prior relationship. Moreover, proof-of-proximity is vulnerable to the relay attack since all authentication process can be relayed without being detected by legitimate entities. Therefore, physical context based approaches are proposed as the compensation of traditional cryptography to support secure ad-hoc connections. In this thesis, we first survey numerous approaches based on physical context based to support key pairing and proof-of-proximity. These physical characteristics are extracted from three categories: environment of devices, communication channels of devices and devices themselves. Further, we discuss two specific approaches: friendly jamming and distance bounding protocols. The former focuses on key pairing and the latter supports proof-of-proximity.
Friendly jamming is a simple way to transmit data securely, which can support key pairing in ad-hoc connections. In recent years, several practical friendly jamming scenes have been proposed based on the general principle that the recipient jams the channel while the data is being sent by another party. However, the security analysis of these schemes is a tricky subject, with works often showing that the scheme is secure against a specific implementation of a passive attacker or multiple attackers. These attackers are often modeled as conventional receivers, but interesting questions can be raised about whether there are better or new methods for attackers to use to recover jammed data. This thesis introduces a signal correlation-based message recovery method against friendly jamming. Using this method, a single eavesdropper is able to recover large parts of the secret message under the condition which is assumed to be secure enough by previous practical friendly jamming schemes. We analyze the impact of factors on our method, such as start positions, relation thresholds, the length of the section signals and plaintext by simulation. Results of experiment attacking an acoustic friendly jamming system indicative of this approach shows a much lower SNR upper threshold.
In addition, in the aspect of proof-of-proximity, distance bounding (DB) protocols combine accurate time-of-flight measurements with carefully crafted cryptographic exchanges to verify device proximity. One of the main considerations for implementing DB protocols on resource-limited devices, in potentially noisy environments, is transmission errors. Thresholds and error correction codes (ECCs) are two methods to provide error-resilience for DB protocols working in noisy environments. However, the threshold adds overheads and the ECC increases the adversary success probability when implemented in pre-commitment DB protocols. In this thesis, we we modify the ECC method to compensate the lower security level. To demonstrate this idea, we compare a prominent pre-commitment protocol by Brands and Chaum (BC) integrated with different types of ECCs with two existing error-resilience methods and further discuss the BC protocol with the new ECC method. On the other hand, high efficiency is another expectation of DB protocols. We show multistate DB protocols can decrease execution time while maintaining security level over a noisy environment with careful configurations.
Friendly jamming is a simple way to transmit data securely, which can support key pairing in ad-hoc connections. In recent years, several practical friendly jamming scenes have been proposed based on the general principle that the recipient jams the channel while the data is being sent by another party. However, the security analysis of these schemes is a tricky subject, with works often showing that the scheme is secure against a specific implementation of a passive attacker or multiple attackers. These attackers are often modeled as conventional receivers, but interesting questions can be raised about whether there are better or new methods for attackers to use to recover jammed data. This thesis introduces a signal correlation-based message recovery method against friendly jamming. Using this method, a single eavesdropper is able to recover large parts of the secret message under the condition which is assumed to be secure enough by previous practical friendly jamming schemes. We analyze the impact of factors on our method, such as start positions, relation thresholds, the length of the section signals and plaintext by simulation. Results of experiment attacking an acoustic friendly jamming system indicative of this approach shows a much lower SNR upper threshold.
In addition, in the aspect of proof-of-proximity, distance bounding (DB) protocols combine accurate time-of-flight measurements with carefully crafted cryptographic exchanges to verify device proximity. One of the main considerations for implementing DB protocols on resource-limited devices, in potentially noisy environments, is transmission errors. Thresholds and error correction codes (ECCs) are two methods to provide error-resilience for DB protocols working in noisy environments. However, the threshold adds overheads and the ECC increases the adversary success probability when implemented in pre-commitment DB protocols. In this thesis, we we modify the ECC method to compensate the lower security level. To demonstrate this idea, we compare a prominent pre-commitment protocol by Brands and Chaum (BC) integrated with different types of ECCs with two existing error-resilience methods and further discuss the BC protocol with the new ECC method. On the other hand, high efficiency is another expectation of DB protocols. We show multistate DB protocols can decrease execution time while maintaining security level over a noisy environment with careful configurations.