下載/瀏覽Download
Download
Report
Transcript 下載/瀏覽Download
多媒體網路安全實驗室
Mobility Assisted Secret Key
Generation Using Wireless Link
Signatures
Date:2012.04.05
Reporter : Hong Ji Wei
Auther : Junxing Zhang Kasera, S.K. Patwari, N.
出處: INFOCOM, 2010 Proceedings IEEE
多媒體網路安全實驗室
Outline
1
INTRODUCTION
2
ADVERSARY MODEL
3 MOBILITY ASSISTED KEY ESTABLISHMENT
4
PROTOCOL EVALUATION
35
CONCLUTIONS
多媒體網路安全實驗室
INTRODUCTION
these link signatures can be measured almost
symmetrically between two ends of a wireless
link.
location locking attack:the adversary steals
some signature measurements it has a good
chance to determine the key generated.
CIR:the channel impulse response
多媒體網路安全實驗室
the wireless link signatures at different
unpredictable locations and combine these
measurements to produce strong secret keys.
Using extensive measurements in both indoor
and outdoor settings
(i) when movement step size is larger than one foot
the measured CIRs are mostly uncorrelated
(ii) more diffusion in the mobility results in less
correlation in the measured CIRs
多媒體網路安全實驗室
ADVERSARY MODEL
an adversary:that can overhear all the
communication between the two devices A and
B.
Assume that the adversary cannot cause a
person-in-the-middle attack.
Our adversary is also not interested in causing
any Denial-of-Service attacks
多媒體網路安全實驗室
MOBILITY ASSISTED KEY ESTABLISHMENT
A. Key Establishment Protocol
Phase1:SIGGEN (short for signature generation)
A and B exchange SIGGEN and SIGACK
messages.
Between each pair of SIGGEN and SIGACK
message exchange, A and B individually, or both
move to a new location.
多媒體網路安全實驗室
Phase2:SIGCHK (short for signature check)
Upon receiving the SIGCHK message from A, B
quantizes all CIR it has measured and removes any
duplicates.
then encodes the remaining quantized CIRs to
produce both message symbols and parity symbols.
B sends only the parity symbols to A in multiple
SIGFEC (short for signature forward error correction)
messages.
A quantizes the corresponding CIRs that she had
measured and encodes them to produce message
symbols.
多媒體網路安全實驗室
A then combines her message symbols with parity
symbols she receives from B to obtain a bit stream
that is identical to that of B.
In the final KEYGEN (short for key generation)
phase, A and B generate a new secret key with the
reconciled bit streams and verify.
To convert the bit stream obtained: utilize a key
compression function(SHA-256, SHA-384, and
SHA-512).
多媒體網路安全實驗室
B. Quantization and Bit Extraction
Because CIRs are continuous random variables,
must quantize them in order to use them for secret
key generation.
first normalize each CIR with its maximum element
value.
Next, to quantize the normalized CIR to 2q discrete
values with equal intervals.
simply convert integers in the resulting vector to
their binary representation to extract the initial bits.
多媒體網路安全實驗室
C. Jigsaw Encoding
the simple uniform quantization cannot preserve
reciprocity and even increase the discrepancy rate
in quantized CIRs.
多媒體網路安全實驗室
多媒體網路安全實驗室
D. RS Error Correction
adopt the RS forward error correction (FEC)
scheme
Each RS output codeword has p symbols including
k input symbols followed by 2 × t parity symbols.
t :the errorcorrection capability
ε:the link signature discrepancy rate.
多媒體網路安全實驗室
the computational complexity Γ
EX:
1. For m = 10 and q = 5, it is larger than 2133.
2. For m = 10 and q = 1, 2, it is in the order
of 2427
多媒體網路安全實驗室
PROTOCOL EVALUATION
A. Measurement Campaign
we use three mobility models: random walk ,
Levy walk, and Brownian motion
Levy walk:
Brownian motion:懸浮在液體或氣體中的微粒所
作的永不停息的無規則運動
多媒體網路安全實驗室
Impact of Mobility on Link Signatures
多媒體網路安全實驗室
多媒體網路安全實驗室
C.Quality of Key Generation
多媒體網路安全實驗室
we use a metric called Secret Bit Rate that is
defined as the average number of secret bits
extracted from each channel response.
We plot the entropy values of the bit stream
generated with different quantization bit
numbers (per channel response).
多媒體網路安全實驗室
多媒體網路安全實驗室
CONCLUTIONS
We propose an approach where wireless
devices,interested in establishing a secret key.
Our results show that our scheme generates
very high entropy secret bits and that too at a
high bit rate.
多媒體網路安全實驗室