Weixi Gu,Zheng Yang,Longfei Shangguan,Xiaoyu Ji,Yiyang Zhao

DOI: https://doi.org/10.1109/trustcom.2014.34

2014-01-01

Abstract:Near field authentication is of great importance for a range of applications, and has attracted many research efforts in the past decades. Several approaches have been developed and demonstrated their feasibility. The state-of-art works, however, still have much room to improve their automation and usability. First, user assistance is required in most existing approaches, which will be easily observed and imitated by attackers. Second, the authentications of several works heavily depend on special hardware, e.g., Server or high resolution screen, which greatly restricts their application scenarios. In this paper, we present a near field authentication system Tooth that needs little human assistance and is compatible with most smart phones. ToAuth is based on the key insight that the acceleration traces are similar for a pair of smart phones when they are contacting physically and vibrating. The random vibration patterns are sufficiently uncertain to provide high entropy to generate a pair of cryptographic keys yet are inimitable for a third party who does not get in touch with the vibration source. ToAuth leverages the keys to make authentication for smart phones. We implement ToAuth on Android platform and evaluate its performance under various scenarios. Extensive experiments demonstrate ToAuth could achieve around 90% success rate in stable environment, and prevent attacks depended on vibration noise.

Namin Hou,Yushi Cheng,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ICCCS61882.2024.10603286

2024-01-01

Abstract:The advancement of Fifth-Generation (5G) technology has greatly enriched individuals' access to a broad array of convenient services, offering significant benefits in mobile communications, autonomous driving, smart homes, and the Internet of Things. However, with the increase in the number of network access devices, large and frequent data interactions have brought potential security risks to wireless networks, which are related to user privacy security, traffic safety, and even social security. Malicious intrusions targeting wireless communications have resulted in significant disruptions and incurred substantial losses. Presently, user identities in wireless communications rely on software-based data identifiers, which can be forged easily. This paper proposes a hardware-level device authentication mechanism that uses the intrinsic hardware characteristics of the transmitter (shown as impairments in the radio signal of the transmission link) for identity authentication. The resulting fingerprint is naturally distinctive and highly resistant to counterfeiting attempts. We use 5 devices across different models and 10 devices of the same model for experimental evaluation. Then we apply machine learning algorithms to construct a fingerprint database and device authentication, achieving an average of 82.4% precision, 89.9% recall, and 85.9% F1-score, which can help to safeguard the security of 5G communication.

Xiaoyu Ji,Chaohao Li,Xinyan Zhou,Juchuan Zhang,Yanmiao Zhang,Wenyuan Xu

DOI: https://doi.org/10.1145/3399432

2020-01-01

ACM Transactions on Internet of Things

Abstract:Nowadays, most Internet of Things devices in smart homes rely on radio frequency channels for communication, making them exposed to various attacks such as spoofing and eavesdropping attacks. Existing methods using encryption keys may be inapplicable on these resource-constrained devices that cannot afford the computationally expensive encryption operations. Thus, in this article, we design a key-free communication method for such devices in a smart home. In particular, we introduce the Home-limited Channel (HLC) that can be accessed only within a house yet inaccessible for outside-house attackers. Utilizing HLCs, we propose HlcAuth, a challenge-response mechanism to authenticate the communications between smart devices without keys. The advantages of HlcAuth are low cost, lightweight as well as key-free, and requiring no human intervention. According to the security analysis, HlcAuth can defeat replay attacks, message-forgery attacks, and man-in-the-middle (MiTM) attacks, among others. We further evaluate HlcAuth in four different physical scenarios, and results show that HlcAuth achieves 100% true positive rate (TPR) within 4.2m for in-house devices while 0% false positive rate (FPR) for outside attackers, i.e., guaranteeing a high-level usability and security for in-house communications. Finally, we implement HlcAuth in both single-room and multi-room scenarios.

Y Lei,DR Chen,ZD Jiang

DOI: https://doi.org/10.1109/aina.2004.1283860

2004-01-01

Abstract:With the explosion of the mobile communication market, more and more handheld devices act as clients in the Internet. People use these devices to purchase books, play games, receive emails, etc. For protecting privacies, such applications should integrate digital signature schemes. Since handheld devices have poor computational capabilities and limited battery life, traditional computation intensive digital signature protocols that are based on asymmetric cryptographic algorithms are not suitable for mobile devices. In this paper we propose a Server Based Signature (SBS) scheme for mobile devices. Besides achieving the same security level of the traditional digital signature protocols, the SBS scheme also: 1) reduces the computation complexity on the mobile devices; 2) reduces the communication consumption between signer and verifier Application results show that our scheme is very useful for mobile communication systems.

Congcong She,Lei Xie,Chuyu Wang,PeiCheng Yang,Yubo Song,Sanglu Lu

DOI: https://doi.org/10.1109/icpads47876.2019.00098

2019-01-01

Abstract:In conventional device-to-device (D2D) communication through wireless channels, it is an essential demand to authenticate with each other and establish spontaneous secure connections among the smart devices. In this paper, we propose an imitation-resistant mutual authentication and key generation framework for smart devices, by shaking these devices together. According to the multi-sensor data collected from smart devices, these devices are able to authenticate each other and generate a unique and consistent symmetric key if and only if they are shaken together. We have conducted comprehensive experimental study on shaking various devices, illustrated several novel observations and extracted some important clues for efficient key generation. We propose a series of novel techniques to make the key generation robust to noise and privacy-preserving, and generate highly distinctive and fully randomized symmetric keys among these devices. Realistic experiment results indicate that our solution is able to authenticate with each other and generate the symmetric keys with high accuracy and time-efficiency.

Pengjin Xie,Jingchao Feng,Zhichao Cao,Jiliang Wang

DOI: https://doi.org/10.1109/tnet.2018.2848262

2018-01-01

IEEE/ACM Transactions on Networking

Abstract:Device-to-device (D2D) communication is widely used for mobile devices and Internet of Things (IoT). Authentication and key agreement are critical to build a secure channel between two devices. However, existing approaches often rely on a pre-built fingerprint database and suffer from low key generation rate. We present GeneWave, a fast device authentication and key agreement protocol for commodity mobile devices. GeneWave first achieves bidirectional initial authentication based on the physical response interval between two devices. To keep the accuracy of interval estimation, we eliminate time uncertainty on commodity devices through fast signal detection and redundancy time cancellation. Then we derive the initial acoustic channel response (ACR) for device authentication. We design a novel coding scheme for efficient key agreement while ensuring security. Therefore, two devices can authenticate each other and securely agree on a symmetric key. GeneWave requires neither special hardware nor pre-built fingerprint database, and thus it is easy-to-use on commercial mobile devices. We implement GeneWave on mobile devices (i.e., Nexus 5X and Nexus 6P) and evaluate its performance through extensive experiments. Experimental results show that GeneWave efficiently accomplish secure key agreement on commodity smartphones with a key generation rate 10x faster than the state-of-the-art approach.

Congcong Shi,Lei Xie,Chuyu Wang,Peicheng Yang,Yubo Song,Sanglu Lu

DOI: https://doi.org/10.1155/2021/6668478

2021-01-01

Wireless Communications and Mobile Computing

Abstract:In traditional device-to-device (D2D) communication based on wireless channel, identity authentication and spontaneous secure connections between smart devices are essential requirements. In this paper, we propose an imitation-resistant secure pairing framework including authentication and key generation for smart devices, by shaking these devices together. Based on the data collected by multiple sensors of smart devices, these devices can authenticate each other and generate a unique and consistent symmetric key only when they are shaken together. We have conducted comprehensive experimental study on shaking various devices. Based on this study, we have listed several novel observations and extracted important clues for key generation. We propose a series of innovative technologies to generate highly unique and completely randomized symmetric keys among these devices, and the generation process is robust to noise and protects privacy. Our experimental results show that our system can accurately and efficiently generate keys and authenticate each other.

Wei Xi,Xiang-Yang Li,Chen Qian,Jinsong Han,Shaojie Tang,Jizhong Zhao,Kun Zhao

DOI: https://doi.org/10.1109/IWQoS.2014.6914340

2014-01-01

Abstract:Device to device (D2D) communication is expected to become a promising technology of the next-generation wireless communication systems. Security issues have become technical barriers of D2D communication due to its “open-air” nature and lack of centralized control. Generating symmetric keys individually on different communication parties without key exchange or distribution is desirable but challenging. Recent work has proposed to extract keys from the measurement of physical layer random variations of a wireless channel, e.g., the channel state information (CSI) from orthogonal frequency-division multiplexing (OFDM). Existing CSI-based key extraction methods usually use the measurement results of individual subcarriers. However, our real world experiment results show that CSI measurements from near-by subcarriers have strong correlations and a generated key may have a large proportion of repeated bit segments. Hence attackers may crack the key in a relatively short time and hence reduce the security level of the generated keys. In this work, we propose a fast secret key extraction protocol, called KEEP. KEEP uses a validation-recombination mechanism to obtain consistent secret keys from CSI measurements of all subcarriers. It achieves high security level of the keys and fast key-generation rate. We implement KEEP using off-the-shelf 802.11n devices and evaluate its performance via extensive experiments. Both theoretical analysis and experimental results demonstrate that KEEP is safer and more effective than the state-of-the-art approaches.

Weitao Xu,Zhenjiang Li,Wanli Xue,Xiaotong Yu,Bo Wei,Jia Wang,Chengwen Luo,Wei Li,Albert Y. Zomaya

DOI: https://doi.org/10.1145/3412382.3458260

2021-03-26

Abstract:Secure Device-to-Device (D2D) communication is becoming increasingly important with the ever-growing number of Internet-of-Things (IoT) devices in our daily life. To achieve secure D2D communication, the key agreement between different IoT devices without any prior knowledge is becoming desirable. Although various approaches have been proposed in the literature, they suffer from a number of limitations, such as low key generation rate and short pairing distance. In this paper, we present InaudibleKey, an inaudible acoustic signal-based key generation protocol for mobile devices. Based on acoustic channel reciprocity, InaudibleKey exploits the acoustic channel frequency response of two legitimate devices as a common secret to generating keys. InaudibleKey employs several novel technologies to significantly improve its performance. We conduct extensive experiments to evaluate the proposed system in different real environments. Compared to state-of-the-art works, InaudibleKey improves key generation rate by 3-145 times, extends pairing distance by 3.2-44 times, and reduces information reconciliation counts by 2.5-16 times. Security analysis demonstrates that InaudibleKey is resilient to a number of malicious attacks. We also implement InaudibleKey on modern smartphones and resource-limited IoT devices. Results show that it is energy-efficient and can run on both powerful and resource-limited IoT devices without incurring excessive resource consumption.

Networking and Internet Architecture,Cryptography and Security

Yuchen Miao,Chaojie Gu,Zhenyu Yan,Sze Yiu Chau,Rui Tan,Qi Lin,Wen Hu,Shibo He,Jiming Chen

DOI: https://doi.org/10.1145/3596264

2023-01-01

Abstract:Secure device pairing is important to wearables. Existing solutions either degrade usability due to the need of specific actions like shaking, or they lack universality due to the need of dedicated hardware like electrocardiogram sensors. This paper proposes TouchKey, a symmetric key generation scheme that exploits the skin electric potential (SEP) induced by powerline electromagnetic radiation. The SEP is ubiquitously accessible indoors with analog-to-digital converters widely available on Internet of Things devices. Our measurements show that the SEP has high randomness and the SEPs measured at two close locations on the same human body are similar. Extensive experiments show that TouchKey achieves a high key generation rate of 345 bit/s and an average success rate of 99.29%. Under a range of adversary models including active and passive attacks, TouchKey shows a low false acceptance rate of 0.86%, which outperforms existing solutions. Besides, the overall execution time and energy usage are 0.44 s and 2.716 mJ, which make it suitable for resource-constrained devices.

Chien-Ming Chen,King-Hang Wang,Tsu-Yang Wu,Jeng-Shyang Pan,Hung-Min Sun

DOI: https://doi.org/10.1109/tifs.2013.2270106

IF: 7.231

2013-01-01

IEEE Transactions on Information Forensics and Security

Abstract:The man-in-the-middle (MITM) attack is the major threat for handheld devices to agree on a session key in which they do not share any prior secret in advance, even if these devices are physically located in the same place. Apart from insecurely typing passwords into handheld devices or comparing long hexadecimal keys displayed on the devices' screens, many other human-verifiable protocols have been proposed in the literature to solve the problem. Unfortunately, most of these schemes are unscalable to more users. Even when there are only three entities attempting to agree on a session key, these protocols need to be rerun three times. In this paper, we present a bipartite and a tripartite authentication protocol using a temporary confidential channel. Besides, we further extend the system into a transitive authentication protocol that allows multiple handheld devices to establish a conference key securely and efficiently. In addition, we provide a formal proof to our protocol to demonstrate our scheme is indeed secure. We also implement the prototype of the system on a mobile phone with satisfying performance.

Zhi Wang,Jinsong Han,Wei Xi,Jizhong Zhao

DOI: https://doi.org/10.1007/s11227-014-1247-1

2014-01-01

Abstract:Generating keys and keeping them secret are critical in secure communications. Due to the “open air” nature, key distribution is more susceptible to attacks in wireless communications. An ingenious solution is to generate secret keys for two communicating parties separately without the need of key exchange or distribution, and regenerate them on needs. Recently, it is promising to extract keys by measuring the random variation in wireless channels, e.g., RSS. In this paper, we propose an efficient secret key extraction protocol with decorrelating compressive (SKEDC). It establishes common cryptographic keys for two communicating parties in wireless networks via real-time measurement on channel state information (CSI). It outperforms RSS-based key generation approaches in terms of multiple subcarriers measurement, perfect symmetry in channel for key coincidence, rapid decorrelation with distance, and high sensitivity towards environments changes. In the SKEDC design, we also propose effective mechanisms, such as the adaptive key stream generation, to fully exploit the excellent properties of CSI and eliminate the correlation among the subcarriers. We implement SKEDC on off-the-shelf 802.11n devices and evaluate its performance via extensive experiments. The results demonstrate that SKEDC achieves more than \(3\times \) throughput gain in the key generation from the state-of-the-art RSS-based approaches.

Jizhong Zhao,Wei Xi,Jinsong Han,Shaojie Tang,Xiangyang Li,Yunhao Liu,Yihong Gong,Zehua Zhou

DOI: https://doi.org/10.48550/arxiv.1208.0688

2012-01-01

Abstract:Generating keys and keeping them secret is critical in secure communications. Due to the "open-air" nature, key distribution is more susceptible to attacks in wireless communications. An ingenious solution is to generate common secret keys by two communicating parties separately without the need of key exchange or distribution, and regenerate them on needs. Recently, it is promising to extract keys by measuring the random variation in wireless channels, e.g., RSS. In this paper, we propose an efficient Secret Key Extraction protocol without Chasing down Errors, SKECE. It establishes common cryptographic keys for two communicating parties in wireless networks via the realtime measurement of Channel State Information (CSI). It outperforms RSS-based approaches for key generation in terms of multiple subcarriers measurement, perfect symmetry in channel, rapid decorrelation with distance, and high sensitivity towards environments. In the SKECE design, we also propose effective mechanisms such as the adaptive key stream generation, leakage resilient consistence validation, and weighted key recombination, to fully exploit the excellent properties of CSI. We implement SKECE on off-the-shelf 802.11n devices and evaluate its performance via extensive experiments. The results demonstrate that SKECE achieves a more than 3x throughput gain in the key generation from one subcarrier in static scenarios, and due to its high efficiency, a 50 on the communication overhead compared to the state-of-the-art RSS based approaches.

Xinlei Chen,Yulei Zhao,Yong Li,Xu Chen,Ning Ge,Sheng Chen

DOI: https://doi.org/10.1109/jsac.2018.2825658

IF: 16.4

2018-01-01

IEEE Journal on Selected Areas in Communications

Abstract:In a device-to-device (D2D) communications underlaying cellular network, any user is a potential eavesdropper for the transmissions of others that occupy the same spectrum. The physical-layer security mechanism of theoretical secure capacity, which maximizes the rate of reliable communication from the source user to the legitimate receiver and ensure unauthorized users learn as little as information as possible, is typically employed to guarantee secure communications. As hand-held devices are carried by human beings, we may leverage their social trust to decrease the number of potential eavesdroppers. Aiming to establish a new paradigm for solving the challenging problem of security and efficiency tradeoff, we propose a social trust-aware D2D communication architecture that exploits the social-domain trust for securing the physical-domain communication. In order to understand the impact of social trust on the security of transmissions, we analyze the system ergodic rate of social trust aided communications via stochastic geometry, and our result based on a real data set shows that the proposed social trust aided D2D communication increases the system secrecy rate by about 63% compared with the scheme without considering social trust relation. Furthermore, in order to provide implementation mechanism, we utilize matching theory to implement efficient resource allocation among multiple users. Numerical results show that our proposed mechanism increases the system secrecy rate by 28% with fast convergence over the social oblivious approach.

Yichuan Wang,Wen Gao,Xinhong Hei,Irenee Mungwarama,Ju Ren

DOI: https://doi.org/10.1109/ithings-greencom-cpscom-smartdata-cybermatics50389.2020.00032

2020-01-01

Abstract:The development of mobile internet has brought convenience to people, but the openness and diversity of mobile Internet make it face the security threat of communication privacy data disclosure. In this paper, a trusted android device security communication method based on TrustZone is proposed. Firstly, Elliptic Curve Diffie-Hellman (ECDH) key agreement algorithm is used to make both parties negotiate the session key in the Trusted Execution Environment (TEE), and then, we stored the key safely in the TEE. Finally, TEE completes the encryption and decryption of the transmitted data. This paper constructs a secure communication between mobile devices without a trusted third party and analyzes the feasibility of the method from time efficiency and security. The experimental results show that the method can resist malicious application monitoring in the process of data encryption and ensures the security of the session key. Compared with the traditional scheme, it is found that the performance of the scheme is not significantly reduced.

Yue-Hsun Lin,Ahren Studer,Yao-Hsin Chen,Hsu-Chun Hsiao,Li-Hsiang Kuo,Jason Lee,Jonathan M. McCune,King-Hang Wang,Maxwell Krohn,Phen-Lan Lin,Adrian Perrig,Hung-Min Sun,Bo-Yin Yang

DOI: https://doi.org/10.1109/tmc.2010.150

IF: 6.075

2010-01-01

IEEE Transactions on Mobile Computing

Abstract:Establishing trust between a group of individuals remains a difficult problem. Prior works assume trusted infrastructure, require an individual to trust unknown entities, or provide relatively low probabilistic guarantees of authenticity (95 percent for realistic settings). This work presents SPATE, a primitive that allows users to establish trust via mobile devices and physical interaction. Once the SPATE protocol runs to completion, its participants' mobile devices have authentic data that their applications can use to interact securely (i.e., the probability of a successful attack is 2^{-24}). For this work, we leverage SPATE as part of a larger system to facilitate efficient, secure, and user-friendly collaboration via e-mail, file-sharing, and text messaging services. Our implementation of SPATE on Nokia N70 smartphones allows users to establish trust in small groups of up to eight users in less than one minute. The example SPATE applications provide increased security with little overhead noticeable to users once keys are established.

Shan Gao,Junjie Chen,Bingsheng Zhang,Kui Ren,Xiaohua Ye,Yongsheng Shen

DOI: https://doi.org/10.23919/cje.2023.00.192

IF: 1.019

2024-01-01

Chinese Journal of Electronics

Abstract:In modern industrial control systems (ICSs), when user retrieving the data stored in field device like smart sensor, there exists two main problems: one is lack of the verification for identification of user and field device; the other is that user and field device need exchange a key to encrypt sensitive data transmitted over the network. We propose a comprehensive authentication and key agreement framework that enables all connected devices in an ICS to mutually authenticate each other and establish a peer-to-peer session key. The framework combines two types of protocols for authentication and session key agreement: The first one is an asymmetric cryptographic key agreement protocol based on transport layer security handshake protocol used for Internet access, while the second one is a newly designed lightweight symmetric cryptographic key agreement protocol specifically for field devices. This proposed lightweight protocol imposes very light computational load and merely employs simple operations like one-way hash function and exclusive-or (XOR) operation. In comparison to other lightweight protocols, our protocol requires the field device to perform fewer computational operations during the authentication phase. The simulation results obtained using OpenSSL demonstrates that each authentication and key agreement process in the lightweight protocol requires only 0.005 ms. Our lightweight key agreement protocol satisfies several essential security features, including session key secrecy, identity anonymity, untraceability, integrity, forward secrecy, and mutual authentication. It is capable of resisting impersonation, man-in-the-middle, and replay attacks. We have employed the Gong-Needham-Yahalom (GNY) logic and automated validation of Internet security protocols and application tool to verify the security of our symmetric cryptographic key agreement protocol.

Inshil Doh,Jiyoung Lim,Shi Li,Kijoon Chae

DOI: https://doi.org/10.2298/csis130922065d

2014-01-01

Computer Science and Information Systems

Abstract:In the ubiquitous environment, more and more devices are deployed in our daily life, and need to communicate with one another. M2M (Machine-to-Machine) communication is considered to be one of the major issues in future networks. M2M is expected to bring various benefits in wireless communications when it is interconnected with cellular networks. Considering the characteristics of cellular M2M networks, traditional security solutions are not proper to be applied to cellular M2M networks because the M2M network itself is vulnerable to various attacks. We consider security aspects for cellular M2M communications and propose a key management mechanism including the pairwise key and group key establishment. Our proposal could provide reliability and efficiency for the cellular M2M communication network in the secure manner.

Xuebin Sun,Shuang Men,Chenglin Zhao,Zheng Zhou

DOI: https://doi.org/10.1002/sec.551

IF: 1.968

2012-05-10

Security and Communication Networks

Abstract:Machine‐to‐machine (M2M) techniques have significant application potential in the emerging internet of things, which may cover many fields from intelligence to ubiquitous environment. However, because of the data exposure when transmitted via cable, wireless mobile devices, and other technologies, its security vulnerability has become a great concern during its further extending development. This problem may even get worse if the user privacy and property are considered. Therefore, the authentication process of communicating entities has attracted wide investigation. Meanwhile, the data confidentiality also becomes an important issue in M2M, especially when the data are transmitted in a public and thereby insecure channel. In this paper, we propose a promising M2M application model that connects a mobile user with the home network using the existing popular Time Division‐Synchronous Code Division Multiple Access (TD‐SCDMA) network. Subsequently, a password‐based authentication and key establishment protocol is designed to identify the communicating parties and hence establish a secure channel for data transmissions. The final analysis shows the reliability of our proposed protocol. Copyright © 2012 John Wiley & Sons, Ltd. In this article, we propose a promising M2M application model that connects a mobile user with the home network by using the existing popular Time Division‐Synchronous Code Division Multiple Access (TD‐SCDMA) network. A reliability password‐based authentication and key establishment protocol is also designed to identify the communicating parties and hence, establish a secure channel for data transmissions.

computer science, information systems,telecommunications

Hyunchae Chun,Iris Choi,Grahame Faulkner,Larry Clarke,Bryan Barber,Glenn George,Colin Capon,Antti Niskanen,Joachim Wabnig,Dominic OBrien,David Bitauld

DOI: https://doi.org/10.48550/arXiv.1608.07465

2016-08-26

Abstract:Mobile devices have become an inseparable part of our everyday life. They are used to transmit an ever-increasing amount of sensitive health, financial and personal information. This exposes us to the growing scale and sophistication of cyber-attacks. Quantum Key Distribution (QKD) can provide unconditional and future-proof data security but implementing it for handheld mobile devices comes with specific challenges. To establish security, secret keys of sufficient length need to be transmitted during the time of a handheld transaction (~1s) despite device misalignment, ambient light and user's inevitable hand movements. Transmitters and receivers should ideally be compact and low-cost, while avoiding security loopholes. Here we demonstrate the first QKD transmission from a handheld transmitter with a key-rate large enough to overcome finite key effects. Using dynamic beam-steering, reference-frame-independent encoding and fast indistinguishable pulse generation, we obtain a secret key rate above 30kb/s over a distance of 0.5m under ambient light conditions.

Quantum Physics