On the Effectiveness of Secret Key Extraction from ...suman/docs/Presentation.pdf · On the...
Transcript of On the Effectiveness of Secret Key Extraction from ...suman/docs/Presentation.pdf · On the...
![Page 1: On the Effectiveness of Secret Key Extraction from ...suman/docs/Presentation.pdf · On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments](https://reader035.fdocuments.net/reader035/viewer/2022071116/6000582e0087b142df066d9b/html5/thumbnails/1.jpg)
On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments
Suman Jana, Sriram Nandha Premnath
Mike Clark, Sneha K. Kasera, Neal Patwari
University of Utah
Srikanth V. Krishnamurthy
University of California, Riverside
![Page 2: On the Effectiveness of Secret Key Extraction from ...suman/docs/Presentation.pdf · On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments](https://reader035.fdocuments.net/reader035/viewer/2022071116/6000582e0087b142df066d9b/html5/thumbnails/2.jpg)
wireless nodes, Alice & Bob, need to share secret key
concerns with public key cryptography
quantum cryptography – too expensive
less expensive solution - use inherent randomness in wireless channel to extract secret key bits
Problem Definition
2
![Page 3: On the Effectiveness of Secret Key Extraction from ...suman/docs/Presentation.pdf · On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments](https://reader035.fdocuments.net/reader035/viewer/2022071116/6000582e0087b142df066d9b/html5/thumbnails/3.jpg)
measured reciprocally at Alice, Bob
when away by more than few multiples of wavelength, Eve cannot measure same channel
channel varies with time
Wireless Channel Characteristics
3
![Page 4: On the Effectiveness of Secret Key Extraction from ...suman/docs/Presentation.pdf · On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments](https://reader035.fdocuments.net/reader035/viewer/2022071116/6000582e0087b142df066d9b/html5/thumbnails/4.jpg)
Use of Received Signal Strength (RSS)
4
Alice, Bob expected to see “identical” RSS variations [Stutzman „82]
realistically, they must deal with lack of perfect reciprocity
Probe Exchange &
RSS Measurement
Alice Bob
Eve
RSS Variations AliceBob
RSS Variations
Eve
![Page 5: On the Effectiveness of Secret Key Extraction from ...suman/docs/Presentation.pdf · On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments](https://reader035.fdocuments.net/reader035/viewer/2022071116/6000582e0087b142df066d9b/html5/thumbnails/5.jpg)
Related Work
Mathur ‟08, Li ‟06, Aono ‟05 extract single bit per measurement
experimental results from limited indoor settings
Alice, Bob do not communicate to handle mismatches will result in key disagreement in large number of cases
Azimi-Sadjadi ‟07 suggested using 2 stages from quantum
cryptography - information reconciliation, privacy amplification
did not implement!
5
![Page 6: On the Effectiveness of Secret Key Extraction from ...suman/docs/Presentation.pdf · On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments](https://reader035.fdocuments.net/reader035/viewer/2022071116/6000582e0087b142df066d9b/html5/thumbnails/6.jpg)
Our Contributions
• adaptive key extraction increases secret bit rate 4-fold
• implement information reconciliation to handle bit mismatch
• implement privacy amplification to reduce correlation between successive bits
• through extensive real world measurements, identify settings (un)suitable for key extraction
• expose new predictable channel attack in static settings
6
![Page 7: On the Effectiveness of Secret Key Extraction from ...suman/docs/Presentation.pdf · On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments](https://reader035.fdocuments.net/reader035/viewer/2022071116/6000582e0087b142df066d9b/html5/thumbnails/7.jpg)
Overview
adversary model
secret key extraction
real world measurements, results
summary
7
![Page 8: On the Effectiveness of Secret Key Extraction from ...suman/docs/Presentation.pdf · On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments](https://reader035.fdocuments.net/reader035/viewer/2022071116/6000582e0087b142df066d9b/html5/thumbnails/8.jpg)
Adversary Model
adversary Eve
listens to all communication between Alice, Bob
can measure channel between herself and Alice, Bob
separated from both parties by distance >> wavelength
Eve not interested in disrupting communication between Alice, Bob
Alice, Bob are not authenticated
8
![Page 9: On the Effectiveness of Secret Key Extraction from ...suman/docs/Presentation.pdf · On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments](https://reader035.fdocuments.net/reader035/viewer/2022071116/6000582e0087b142df066d9b/html5/thumbnails/9.jpg)
Secret Bit Extraction
9
RSS
Measurements
Quantization
Information
Reconciliation
Privacy
Amplification
Secret Key
Bits
![Page 10: On the Effectiveness of Secret Key Extraction from ...suman/docs/Presentation.pdf · On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments](https://reader035.fdocuments.net/reader035/viewer/2022071116/6000582e0087b142df066d9b/html5/thumbnails/10.jpg)
Adaptive Quantization
how to generate bits from RSS measurements?
Extracted Bits – 1 1 1 0 1 …
Extract “1”
Drop
Drop
Extract “0”
Upper Threshold
Lower
Threshold
10
adapt threshold for small blocks of measurements
![Page 11: On the Effectiveness of Secret Key Extraction from ...suman/docs/Presentation.pdf · On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments](https://reader035.fdocuments.net/reader035/viewer/2022071116/6000582e0087b142df066d9b/html5/thumbnails/11.jpg)
Adaptive Quantization
adapt # intervals depending on range
Extracted Bits - 11 10 11 10 10 11 01 00 01 …
Extract
“10”
“11”
“01”
“00” Interval 1
Interval 2
Interval 3
Interval 4
![Page 12: On the Effectiveness of Secret Key Extraction from ...suman/docs/Presentation.pdf · On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments](https://reader035.fdocuments.net/reader035/viewer/2022071116/6000582e0087b142df066d9b/html5/thumbnails/12.jpg)
Interval 1
Interval 2
Interval 3
Interval 4
Interval 5
Interval 6
Interval 7
Interval 8
Adaptive Quantization
Extracted Bits - 101 110 101 110 110 100 010 …
Extract
“111”
“110”
“101”
“100”
“011”
“010”
“001”
“000”
adapt #intervals depending on range
limit: N ≤ log [Range]
Adaptive Secret Bit Generation (ASBG)
![Page 13: On the Effectiveness of Secret Key Extraction from ...suman/docs/Presentation.pdf · On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments](https://reader035.fdocuments.net/reader035/viewer/2022071116/6000582e0087b142df066d9b/html5/thumbnails/13.jpg)
Information Reconciliation [Brassard ’06]
differences in between bit streams of Alice, Bob arise due to noise/interference, wireless hardware limitations
half-duplex nature of channel
solution: exchange parity information of small blocks of bits
locate, correct mismatches using binary search
permute, iterate until probability [success] > threshold
13
![Page 14: On the Effectiveness of Secret Key Extraction from ...suman/docs/Presentation.pdf · On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments](https://reader035.fdocuments.net/reader035/viewer/2022071116/6000582e0087b142df066d9b/html5/thumbnails/14.jpg)
Privacy Amplification [Impagliazzo ’89]
short-term correlation between subsequent bits when probing rate > (coherence time)-1
need to remove bits leaked during information reconciliation
solution: apply 2-universal hash function h: {1…M} {1…m}
for inputs x, y, probability [h(x) = h(y)] upper bounded by 1/m
decreases output length, but increases entropy
14
![Page 15: On the Effectiveness of Secret Key Extraction from ...suman/docs/Presentation.pdf · On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments](https://reader035.fdocuments.net/reader035/viewer/2022071116/6000582e0087b142df066d9b/html5/thumbnails/15.jpg)
Implementation
laptops - Alice, Bob
equipped with Intel PRO/Wireless 3945 ABG cards
monitor mode for collecting RSS measurements
use ipwraw driver for raw packet injection
probes – IEEE 802.11g beacon frames
management frames prioritized over data frames
allows better control over probing rate
probing rate ~20 packets per second 15
![Page 16: On the Effectiveness of Secret Key Extraction from ...suman/docs/Presentation.pdf · On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments](https://reader035.fdocuments.net/reader035/viewer/2022071116/6000582e0087b142df066d9b/html5/thumbnails/16.jpg)
Implementation
privacy amplification
2-universal hash functions
use BigNumber OpenSSL routines
16
![Page 17: On the Effectiveness of Secret Key Extraction from ...suman/docs/Presentation.pdf · On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments](https://reader035.fdocuments.net/reader035/viewer/2022071116/6000582e0087b142df066d9b/html5/thumbnails/17.jpg)
Implementation
17
![Page 18: On the Effectiveness of Secret Key Extraction from ...suman/docs/Presentation.pdf · On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments](https://reader035.fdocuments.net/reader035/viewer/2022071116/6000582e0087b142df066d9b/html5/thumbnails/18.jpg)
RSS Measurement Protocol
18
packet losses handled by initiator
20 ms timeout for detecting packet loss
responder discards last RSS if duplicate beacon sequence #
tim
e
Initiator
(Alice)
Responder
(Bob)
Record
RSS
Record
RSS
Record
RSS
Record
RSS
![Page 19: On the Effectiveness of Secret Key Extraction from ...suman/docs/Presentation.pdf · On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments](https://reader035.fdocuments.net/reader035/viewer/2022071116/6000582e0087b142df066d9b/html5/thumbnails/19.jpg)
Measurement Goals
• in what kind of settings, key extraction “works”?
• how does device heterogeneity affect key extraction?
19
![Page 20: On the Effectiveness of Secret Key Extraction from ...suman/docs/Presentation.pdf · On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments](https://reader035.fdocuments.net/reader035/viewer/2022071116/6000582e0087b142df066d9b/html5/thumbnails/20.jpg)
Experiments
A. Underground concrete tunnel
B. Ed Catmull Gallery
C. Lawn
20
D. Walk Indoors
E. Walk Outdoors
F. Bike Ride
G. Crowded Cafeteria
H. Across busy road
1. Stationary Endpoints, Intermediate objects
2. Mobile Endpoints
3. Stationary Endpoints, Mobile Intermediate objects
![Page 21: On the Effectiveness of Secret Key Extraction from ...suman/docs/Presentation.pdf · On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments](https://reader035.fdocuments.net/reader035/viewer/2022071116/6000582e0087b142df066d9b/html5/thumbnails/21.jpg)
Stationary Endpoints & Intermediate Objects
variations very small (range: ~2 dB), exhibit poor reciprocity
expect Alice‟s & Bob‟s bit streams to have very high mismatch
small scale variations represent noise
21
Underground Concrete Tunnel Experiment
distance between Alice, Bob = 10 feet
-59
-58
-57
-56
-55
-54
RSS
Probes Alice Bob
snapshot of data collected for few seconds
![Page 22: On the Effectiveness of Secret Key Extraction from ...suman/docs/Presentation.pdf · On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments](https://reader035.fdocuments.net/reader035/viewer/2022071116/6000582e0087b142df066d9b/html5/thumbnails/22.jpg)
Stationary Endpoints & Intermediate Objects
22
Gallery Experiment Lawn Experiment
• even typical stationary settings are no different from underground concrete tunnel!
distance = 30 ft distance = 10 ft
-85
-75
-65
-55
-45
RSS
Probes Alice Bob -66
-64
-62
-60
-58
-56
-54
RSS
Probes Alice Bob
![Page 23: On the Effectiveness of Secret Key Extraction from ...suman/docs/Presentation.pdf · On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments](https://reader035.fdocuments.net/reader035/viewer/2022071116/6000582e0087b142df066d9b/html5/thumbnails/23.jpg)
Mobile Endpoints
23
Walk Indoors Experiment large variations
range ~25 dB
highly reciprocal
hints that Alice‟s & Bob‟s bit streams will have very low mismatch
normal walk speed
distance = 10-15 ft
-75
-70
-65
-60
-55
-50
-45
RSS
Probes Alice Bob
![Page 24: On the Effectiveness of Secret Key Extraction from ...suman/docs/Presentation.pdf · On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments](https://reader035.fdocuments.net/reader035/viewer/2022071116/6000582e0087b142df066d9b/html5/thumbnails/24.jpg)
Mobile Endpoints
24
Walk Outdoors Experiment Bike Ride Experiment
• more evidence - mobile devices likely to have very low mismatch
• effects of noise diminished by large scale variations
normal walk speed
20-25 ft distance
slow bike ride
10 ft or more distance
-85
-75
-65
-55
-45
RSS
Probes Alice Bob
-80
-70
-60
-50
-40
-30
RSS
Probes Alice Bob
![Page 25: On the Effectiveness of Secret Key Extraction from ...suman/docs/Presentation.pdf · On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments](https://reader035.fdocuments.net/reader035/viewer/2022071116/6000582e0087b142df066d9b/html5/thumbnails/25.jpg)
Mobile Intermediate Objects & Stationary Endpoints
25
Crowded Cafeteria Experiment Experiment Across Busy Road
intermediate variation range (~8-16 dB), reciprocity
hints - Alice‟s, Bob‟s bit streams will have moderate mismatch
low speed mobility; distance = 10 ft high speed mobility; distance = 25 ft
-66
-62
-58
-54
-50
-46
RSS
Probes Alice Bob-79
-77
-75
-73
-71
-69
RSS
Probes Alice Bob
![Page 26: On the Effectiveness of Secret Key Extraction from ...suman/docs/Presentation.pdf · On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments](https://reader035.fdocuments.net/reader035/viewer/2022071116/6000582e0087b142df066d9b/html5/thumbnails/26.jpg)
Predictable Channel Attack
novel attack
in „all stationary‟ settings Eve can cause predictable channel variations by controlling movements of
intermediate objects
break key extraction schemes without spending compute power
26
![Page 27: On the Effectiveness of Secret Key Extraction from ...suman/docs/Presentation.pdf · On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments](https://reader035.fdocuments.net/reader035/viewer/2022071116/6000582e0087b142df066d9b/html5/thumbnails/27.jpg)
Predictable Channel Attack
no precision machinery required
Eve can produce zig-zag patterns, or any other pattern by controlling movements
no post processing will ensure security of extracted key!
27
-63
-58
-53
-48
-43
RSS
Probes
bits extracted: 0000 1111 0000 1111 …
![Page 28: On the Effectiveness of Secret Key Extraction from ...suman/docs/Presentation.pdf · On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments](https://reader035.fdocuments.net/reader035/viewer/2022071116/6000582e0087b142df066d9b/html5/thumbnails/28.jpg)
Effect of Device Heterogeneity
greater mismatch than with homogeneous devices
mismatch low enough to help establish secret key
28
Walk Indoors Experiment
-85-80-75-70-65-60-55-50-45-40
RSS
Probes
Alice (Intel 3945 ABG) Bob (Atheros)
![Page 29: On the Effectiveness of Secret Key Extraction from ...suman/docs/Presentation.pdf · On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments](https://reader035.fdocuments.net/reader035/viewer/2022071116/6000582e0087b142df066d9b/html5/thumbnails/29.jpg)
Comparison of Key Extraction Approaches in Various Settings
29
performance metrics entropy rate
mismatch rate
secret bit rate
single bit, multiple bit extraction
![Page 30: On the Effectiveness of Secret Key Extraction from ...suman/docs/Presentation.pdf · On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments](https://reader035.fdocuments.net/reader035/viewer/2022071116/6000582e0087b142df066d9b/html5/thumbnails/30.jpg)
Comparison of Key Extraction Approaches in various Settings
30
• secret bit stream from ASBG
entropy close to 1
passes randomness tests of NIST test suite we conduct
0.00
0.25
0.50
0.75
1.00
Entr
op
y
Experiments Aono Mathur Tope Azimi-Sadjadi ASBG
stationary
mobile
intermediate
![Page 31: On the Effectiveness of Secret Key Extraction from ...suman/docs/Presentation.pdf · On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments](https://reader035.fdocuments.net/reader035/viewer/2022071116/6000582e0087b142df066d9b/html5/thumbnails/31.jpg)
Comparison of Key Extraction Approaches in various Settings
31
• mobile settings yield bits with low mismatch rates
0.00
0.25
0.50
0.75
1.00
Entr
op
y
Experiments Aono Mathur Tope Azimi-Sadjadi ASBG
0.00
0.25
0.50
0.75
1.00
Mis
mat
ch R
ate
Experiments Aono Mathur Tope Azimi-Sadjadi ASBG
stationary
mobile
intermediate
stationary
mobile
intermediate
![Page 32: On the Effectiveness of Secret Key Extraction from ...suman/docs/Presentation.pdf · On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments](https://reader035.fdocuments.net/reader035/viewer/2022071116/6000582e0087b142df066d9b/html5/thumbnails/32.jpg)
Comparison of Key Extraction Approaches in various Settings
32
• ASBG exhibits highest secret bit rate among those with entropy > 0.7
0.00
0.25
0.50
0.75
1.00
Entr
op
y
Experiments Aono Mathur Tope Azimi-Sadjadi ASBG
0.00
0.25
0.50
0.75
1.00
Secr
et b
it r
ate
Experiments Aono Mathur Tope Azimi-Sadjadi ASBG
0.00
0.25
0.50
0.75
1.00
Mis
mat
ch R
ate
Experiments Aono Mathur Tope Azimi-Sadjadi ASBG
stationary
mobile
intermediate
stationary
mobile
intermediate
stationary
mobile
intermediate
![Page 33: On the Effectiveness of Secret Key Extraction from ...suman/docs/Presentation.pdf · On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments](https://reader035.fdocuments.net/reader035/viewer/2022071116/6000582e0087b142df066d9b/html5/thumbnails/33.jpg)
Multiple Bit Extraction
33
significant increase in secret bit rate at least 4 times (with N = 2) compared to single bit extraction
0.00
0.05
0.10
0.15
0.20
0.25
0.30
0.35
Mis
mat
ch R
ate
Experiments 2 bits Gray 3 bits Gray 4 bits Gray
0.00
0.25
0.50
0.75
1.00
Secr
et b
it r
ate
Experiments
1 bit 2 bits Gray 3 bits Gray 4 bits Gray
bit mismatch rate increases with N
Gray code assignment produces smaller mismatch rates
mobile
intermediate
mobile
intermediate
![Page 34: On the Effectiveness of Secret Key Extraction from ...suman/docs/Presentation.pdf · On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments](https://reader035.fdocuments.net/reader035/viewer/2022071116/6000582e0087b142df066d9b/html5/thumbnails/34.jpg)
Summary
mobile settings best suited for key extraction due to low mismatch
don‟t depend solely on movements of limited intermediate objects beware of predictable channel attack!
our environment adaptive quantization scheme + information reconciliation + privacy amplification generates high entropy bits at high rate
34