 |
|
||||||||||
Authentication over Insecure Wireless Channels
News / Recent Events
- 23.12.2011 Christina Pöpper is interviewed for WRS regarding the recent U.S. drone captured in Iran and the GPS spoofing claims.
- 21.10.2011 Ghassan Karame presents the paper "Privacy-Preserving Outsourcing of Brute-Force Key Searches" at CCSW in Chicago, IL.
- 18.10.2011 Nils Ole Tippenhauer presents the paper "On the Requirements for Successful GPS Spoofing Attacks" at CCS in Chicago, IL.
- 15.9.2011 Srdjan Capkun gives a keynote at TrustED on "On Physical-Layer Identification of RFID Tags" in Leuven, Belgium.
- 12.9.2011 Christina Pöpper presents the paper "Investigation of Signal and Message Manipulations on the Wireless Channel" at ESORICS in Leuven, Belgium.
- 27.7.2011 Davide Zanetti presents the paper "On The Practicality of UHF RFID Fingerprinting: How Real is the RFID Tracking Problem?" in PETS in Waterloo, Canada
- 7.7.2011 Prof. Srdjan Capkun is now an Associate Professor at ETH
| This project deals with message authentication and integrity protection in wireless networks. The main focus of this project is authentication without pre-shared keys and/or credentials. Three proposals have so far emerged in this context: INTEGRITY-CODING, INTEGRITY-REGIONS and reliance on SHORT STRING COMPARISON. Particular attention in this project was devoted to authentication through presence awareness (i-codes and i-regions). |
 |
We proposed or contributed to the following proposals for authentication over insecure wireless channels and analyzed the underlying conditions; further information and related publications are given below:
| TITLE | CONTENT |
| Signal and Message Manipulations |
Investigation of signal and message manipulations on the wireless channel |
| Integrity codes | Message Integrity Protection and Authentication Over Insecure Channels |
| Integrity regions | Authentication Through Presence in Wireless Networks |
| Authentication based on short string comparison | A set of simple techniques for key establishment over radio link in peer-to-peer networks |
Syssec members on the project: Srdjan Capkun
Past and present collaborations: Prof. Mario Cagalj (Univ. of Split, Croatia), Prof. Jean-Pierre Hubaux (EPFL, Switzerland), Prof. Mani Srivastava (UCLA).
Investigation of Signal and Message Manipulations on the Wireless Channel
|
This work explores the possibilities of the attacker to tamper with the integrity of messages and signals on the wireless channel. We explore the suitability of Dolev-Yao-based attacker models for the security analysis of wireless communication. The Dolev-Yao model is commonly used for wireline and wireless networks. It is defined on abstract messages exchanged between entities and includes arbitrary, real-time modification of messages by the attacker. In this work, we aim at understanding and evaluating the conditions under which these real-time, covert low-energy signal modifications can be successful. In particular, we focus on the following signal and message manipulation techniques: symbol flipping and signal annihilation. We analyze these techniques theoretically, by simulations, and experiments and show their feasibility for particular wireless channels and scenarios. |
 |
Related publication:
- Christina Pöpper, Nils Ole Tippenhauer, Boris Danev, Srdjan Capkun
Investigation of Signal and Message Manipulations on the Wireless Channel
In Proceedings of the European Symposium on Research in Computer Security (ESORICS), 2011 (to appear) [PDF | bibtex]
INTEGRITY CODES: Message Integrity Protection and Authentication Over Insecure Channels
|
Inspired by unidirectional error detecting codes that are used in situations where only one kind of bit errors are possible (e.g., it is possible to change a bit “0” into a bit “1”, but not the contrary), we propose integrity codes (I-codes) for a radio communication channel, which enable integrity protection of messages exchanged between entities that do not hold any mutual authentication material (i.e. public keys or shared secret keys). The construction of I-codes enables a sender to encode any message such that if its integrity is violated in transmission over a radio channel, the receiver is able to detect it. In order to achieve this, we rely on the physical properties of the radio channel. We analyze in detail the use of I-codes on a radio communication channel and we present their implementation on a Mica2 wireless sensor platform as a “proof of concept”. We finally introduce a novel concept called “authentication through presence” that can be used for several applications, including for key establishment and for broadcast authentication over an insecure radio channel. We perform a detailed analysis of the security of our coding scheme and we show that it is secure with respect to a realistic attacker model. |
 I-Coding: An example of I-coding at the sender using the complementary encoding rule 1-> 10 and 0-> 01 |
Related publications and presentations:
- Srdjan Capkun, Mario Cagalj, Ramkumar Rengaswamy, Ilias Tsigkogiannis, Jean-Pierre Hubaux, Mani Srivastava
Integrity Codes: Message Integrity Protection and Authentication Over Insecure Channels
in IEEE Transactions on Dependable and Secure Computing, 2008 [PDF | bibtex]
- Mario Cagalj*, Srdjan Capkun*, RamKumar Rengaswamy, Ilias Tsigkogiannis, Mani Srivastava and Jean-Pierre Hubaux,
Integrity (I) codes: Message Integrity Protection and Authentication over Insecure Channels,
in Proceeding of the IEEE Symposium on Security and Privacy (S&P), 2006 [PDF] (* equally contributing authors)
Presentation: [PDF]
INTEGRITY REGIONS: Authentication Through Presence in Wireless Networks
| We introduce Integrity (I) regions, a novel security primitive that enables message authentication in wireless networks without the use of pre-established or pre-certified keys. Integrity regions are based on the verification of entity proximity through time-of-arrival ranging techniques. We demonstrate how I-regions can be efficiently implemented with ultrasonic ranging, in spite of the fact that ultrasound ranging techniques are vulnerable to distance enlargement and reduction attacks. We further discuss how I-regions can be used in key establishment applications in peer-to-peer wireless networks. |
 Examples of applications of integrity regions. (a) Key establishment (e.g., exchange of the Diffie-Hellman public keys - bidirectional message au- thentication and integrity verification); (b) Device authentication (user receives an authentic public-key of a device - unidirectional message authentication and integrity verification). |
Srdjan Capkun, Mario Cagalj, Ghassan Karame, Nils Ole Tippenhauer
Integrity Regions: Authentication Through Presence in Wireless Networks
IEEE Transactions on Mobile Computing, 2010 (to appear) [bibtex]
Related publications and presentations:
- Srdjan Capkun* and Mario Cagalj*
Integrity Regions: Authentication Through Presence in Wireless Networks
ACM Workshop on Wireless Security, WiSe 2006 [PDF]
(* equally contributing authors)
AUTHENTICATION BASED ON SHORT STRING COMPARISON
We present a set of simple techniques for key establishment over a radio link in peer-to-peer networks. Our approach is based on the Diffie-Hellman key agreement protocol, which is known to be vulnerable to the “man-in-the-middle” attack if the two users involved in the protocol do not share any authenticated information about each other (e.g., public keys, certificates, passwords, shared keys, etc.) prior to the protocol execution. In this paper, we solve the problem by leveraging on the natural ability of users to authenticate each other by visual and verbal contact. We propose three techniques. The first is based on visual comparison of short strings, the second on distance bounding, and the third on integrity codes; in each case, the users do not need to enter any password or other data, nor do they need physical or infrared connectivity between their devices. We base our analysis on a well-established methodology that leads us to a rigorous modularization and a thorough robustness proof of our proposal.
Related publications and presentations:
- M. Cagalj, S. Capkun, J. P. Hubaux,
Key agreement in peer-to-peer wireless networks,
Proceedings of the IEEE (Special Issue on Cryptography and Security), 2006 [PDF]
Wichtiger Hinweis:
Diese Website wird in älteren Versionen von Netscape ohne
graphische Elemente dargestellt. Die Funktionalität der
Website ist aber trotzdem gewährleistet. Wenn Sie diese
Website regelmässig benutzen, empfehlen wir Ihnen, auf
Ihrem Computer einen aktuellen Browser zu installieren. Weitere
Informationen finden Sie auf
folgender
Seite.
Important Note:
The content in this site is accessible to any browser or
Internet device, however, some graphics will display correctly
only in the newer versions of Netscape. To get the most out of
our site we suggest you upgrade to a newer browser.
More
information
