Transcript Secure Wireless Communication with Dynamic Secrets

Sheng Xiao, Weibo Gong and Don Towsley,2010 Infocom
Outline
Problem statement
 Overview
 Dynamic secrets

 Extraction
 Collection
 Amplification
System secret protection
 Bootstrapping security and implementation
 Summary and conclusion

Problem statement

Data security in wireless communication

Security mechanism desirable in the
case of secret leakage

Solution: use dynamic secrets, based on
the link layer communications between
wireless devices
Related Work

Prior work uses the wireless physical
channel properties for secret sharing

However, they usually demand special
hardware upgrades or at least specific
interfaces to provide channel measurement
information.
Related Work
Instead of working with the physical layer
channel model to calculate the secret
capacity, we shift attention to the link layer
and emphasize the dynamics of secrets.
 In wireless communication, it is practically
impossible to eavesdrop link layer
communication for a long period without
errors
 The single-point of failure occurs at the
attackers

Outline
Problem statement
 Overview
 Dynamic secrets

 Extraction
 Collection
 Amplification
System secret protection
 Bootstrapping security and implementation
 Summary and conclusion

Series of Dynamic Secrets
Let Hk indicates how many bits the adversary
needs to guess about the key. When Hk = 0,
the adversary knows the key explicitly and
the communication is not secure.
 Solution: Use a series of dynamic secrets, i.e.,
updates between t0 and t1


Rationale: Secrecy replenished as the
attacker cannot constantly overhear perfectly
Secret Safety Model
No dynamic secrets
Dynamic secrets, i.e.,
Advantage of Dynamic Secret

Information loss is not recoverable by any
computational effort

Information loss can be accumulated
Outline
Problem statement
 Overview
 Dynamic secrets

 Extraction
 Collection
 Amplification
System secret protection
 Bootstrapping security and implementation
 Summary and conclusion

Extracting Dynamic Secrets

Key ideas
 Monitor retransmissions
 Sender and receiver agree on set of frames
 Hash such frames into dynamic secrets

One Time Frame (OTF) is refers to a
frame that is only aired once and
correctly received.
AET Algorithms
Example: Stop-n-Wait
Collecting Dynamic Secrets

Maintain a set of frames ψ

Initially ψs = ψr = Ø

Remarks
 ψs and ψr differ of at most 1 frame
 The reception of a new frame ensures ψs = ψr
Collecting Dynamic Secrets

Maintain a set of frames ψ

Initially ψs = ψr = Ø

Remarks
 ψs and ψr differ of at most 1 frame
 The reception of a new frame ensures ψs = ψr
ψ
Amplifying Attacker’s Entropy
Goal: Increase attacker’s uncertainty
 Input: ψ set
 Output: A secret S with high entropy


Denoted as
S = F(ψ)
Amplifying Attacker’s Entropy

Random hashing theory
 uniform-randomly choosing a function from a
universal-2 hashing class

The expected hash output distribution will be
close to the uniform distribution when the output
is sufficiently short
[1] - J.L. Carter and M. N. Wegman. Universal classes of hash functions.
Journal of Computer and System Sciences, 18:396-407, 1979
Amplifying Attacker’s Entropy

Entropy amplification
If
 If

 Attacker has < 1 bit info about S
 Uncertainty bounded by ϵ - 1
[2] – Alfred Rényi. On measures of information and entropy. In Proceedings of
the 4° Berkeley Symposium on Mathematics, Statistics and Probability, 1960
Dynamic Secret Generation

The above discussion justifies the use of the
following method
 Collect OTFs until | ψ | > nts
 Agree on a randomly chosen universal-2 hash
function F
 Generate S(t) = F(ψ)
 Reset ψ = Ø
Outline
Problem statement
 Overview
 Dynamic secrets

 Extraction
 Collection
 Amplification
System secret protection
 Bootstrapping security and implementation
 Summary and conclusion

System Secret Protection

At secret generation
 Divide s(t) = u(t) || v(t)
 To protect the private public key pair and secret
symmetric key respectively
Remark: information loss will accumulate
 Entropy is non decreasing

System Secret Protection
Outline
Problem statement
 Overview
 Dynamic secrets

 Extraction
 Collection
 Amplification
System secret protection
 Bootstrapping security and implementation
 Summary and conclusion

Bootstrapping Security
Scenario: Use time to invest in security
 Solution: the sender transmits random
data at first to build up security

Prototype Implementation

802.11g
Extracting
dynamic secrets
at receiver
Hash
Extracting dynamic
secrets at sender
Outline
Problem statement
 Overview
 Dynamic secrets

 Extraction
 Collection
 Amplification
System secret protection
 Bootstrapping security and implementation
 Summary and conclusion

Summary and conclusion

Our work strengthens security in the
case of secrecy leakages by using
dynamic secrets

For future work, use prototype for
experimental evaluation