Expected loss analysis of thresholded authentication protocols in noisy conditions

A number of authentication protocols have been proposed recently, where at least some part of the authentication is performed during a phase, lasting $n$ rounds, with no error correction. This requires assigning an acceptable threshold for the number of detected errors. This paper describes a framework enabling an expected loss analysis for all the protocols in this family. Furthermore, computationally simple methods to obtain nearly optimal value of the threshold, as well as for the number of rounds is suggested. Finally, a method to adaptively select both the number of rounds and the threshold is proposed.Comment: 17 pages, 2 figures; draf

Survey and Systematization of Secure Device Pairing

Secure Device Pairing (SDP) schemes have been developed to facilitate secure communications among smart devices, both personal mobile devices and Internet of Things (IoT) devices. Comparison and assessment of SDP schemes is troublesome, because each scheme makes different assumptions about out-of-band channels and adversary models, and are driven by their particular use-cases. A conceptual model that facilitates meaningful comparison among SDP schemes is missing. We provide such a model. In this article, we survey and analyze a wide range of SDP schemes that are described in the literature, including a number that have been adopted as standards. A system model and consistent terminology for SDP schemes are built on the foundation of this survey, which are then used to classify existing SDP schemes into a taxonomy that, for the first time, enables their meaningful comparison and analysis.The existing SDP schemes are analyzed using this model, revealing common systemic security weaknesses among the surveyed SDP schemes that should become priority areas for future SDP research, such as improving the integration of privacy requirements into the design of SDP schemes. Our results allow SDP scheme designers to create schemes that are more easily comparable with one another, and to assist the prevention of persisting the weaknesses common to the current generation of SDP schemes.Comment: 34 pages, 5 figures, 3 tables, accepted at IEEE Communications Surveys & Tutorials 2017 (Volume: PP, Issue: 99

Secure Neighbor Discovery and Ranging in Wireless Networks

This thesis addresses the security of two fundamental elements of wireless networking: neighbor discovery and ranging. Neighbor discovery consists in discovering devices available for direct communication or in physical proximity. Ranging, or distance bounding, consists in measuring the distance between devices, or providing an upper bound on this distance. Both elements serve as building blocks for a variety of services and applications, notably routing, physical access control, tracking and localization. However, the open nature of wireless networks makes it easy to abuse neighbor discovery and ranging, and thereby compromise overlying services and applications. To prevent this, numerous works proposed protocols that secure these building blocks. But two aspects crucial for the security of such protocols have received relatively little attention: formal verification and attacks on the physical-communication-layer. They are precisely the focus of this thesis. In the first part of the thesis, we contribute a formal analysis of secure communication neighbor discovery protocols. We build a formal model that captures salient characteristics of wireless systems such as node location, message propagation time and link variability, and we provide a specification of secure communication neighbor discovery. Then, we derive an impossibility result for a general class of protocols we term "time-based protocols", stating that no such protocol can provide secure communication neighbor discovery. We also identify the conditions under which the impossibility result is lifted. We then prove that specific protocols in the time-based class (under additional conditions) and specific protocols in a class we term "time- and location-based protocols," satisfy the neighbor discovery specification. We reinforce these results by mechanizing the model and the proofs in the theorem prover Isabelle. In the second part of the thesis, we explore physical-communication-layer attacks that can seemingly decrease the message arrival time without modifying its content. Thus, they can circumvent time-based neighbor discovery protocols and distance bounding protocols. (Indeed, they violate the assumptions necessary to prove protocol correctness in the first part of the thesis.) We focus on Impulse Radio Ultra-Wideband, a physical layer technology particularly well suited for implementing distance bounding, thanks to its ability to perform accurate indoor ranging. First, we adapt physical layer attacks reported in prior work to IEEE 802.15.4a, the de facto standard for Impulse Radio, and evaluate their performance. We show that an adversary can achieve a distance-decrease of up to hundreds of meters with an arbitrarily high probability of success, with only a minor cost in terms of transmission power (few dB). Next, we demonstrate a new attack vector that disrupts time-of-arrival estimation algorithms, in particular those designed to be precise. The distance-decrease achievable by this attack vector is in the order of the channel spread (order of 10 meters in indoor environments). This attack vector can be used in previously reported physical layer attacks, but it also creates a new type of external attack based on malicious interference. We demonstrate that variants of the malicious interference attack are much easier to mount than the previously reported external attack. We also provide design guidelines for modulation schemes and devise receiver algorithms that mitigate physical layer attacks. These countermeasures allow the system designer to trade off security, ranging precision and cost in terms of transmission power and packet length

Security of Ubiquitous Computing Systems

The chapters in this open access book arise out of the EU Cost Action project Cryptacus, the objective of which was to improve and adapt existent cryptanalysis methodologies and tools to the ubiquitous computing framework. The cryptanalysis implemented lies along four axes: cryptographic models, cryptanalysis of building blocks, hardware and software security engineering, and security assessment of real-world systems. The authors are top-class researchers in security and cryptography, and the contributions are of value to researchers and practitioners in these domains. This book is open access under a CC BY license

Security of Ubiquitous Computing Systems

The chapters in this open access book arise out of the EU Cost Action project Cryptacus, the objective of which was to improve and adapt existent cryptanalysis methodologies and tools to the ubiquitous computing framework. The cryptanalysis implemented lies along four axes: cryptographic models, cryptanalysis of building blocks, hardware and software security engineering, and security assessment of real-world systems. The authors are top-class researchers in security and cryptography, and the contributions are of value to researchers and practitioners in these domains. This book is open access under a CC BY license

Intelligent Sensor Networks

In the last decade, wireless or wired sensor networks have attracted much attention. However, most designs target general sensor network issues including protocol stack (routing, MAC, etc.) and security issues. This book focuses on the close integration of sensing, networking, and smart signal processing via machine learning. Based on their world-class research, the authors present the fundamentals of intelligent sensor networks. They cover sensing and sampling, distributed signal processing, and intelligent signal learning. In addition, they present cutting-edge research results from leading experts

Biometrics & [and] Security:Combining Fingerprints, Smart Cards and Cryptography

Since the beginning of this brand new century, and especially since the 2001 Sept 11 events in the U.S, several biometric technologies are considered mature enough to be a new tool for security. Generally associated to a personal device for privacy protection, biometric references are stored in secured electronic devices such as smart cards, and systems are using cryptographic tools to communicate with the smart card and securely exchange biometric data. After a general introduction about biometrics, smart cards and cryptography, a second part will introduce our work with fake finger attacks on fingerprint sensors and tests done with different materials. The third part will present our approach for a lightweight fingerprint recognition algorithm for smart cards. The fourth part will detail security protocols used in different applications such as Personal Identity Verification cards. We will discuss our implementation such as the one we developed for the NIST to be used in PIV smart cards. Finally, a fifth part will address Cryptography-Biometrics interaction. We will highlight the antagonism between Cryptography – determinism, stable data – and Biometrics – statistical, error-prone –. Then we will present our application of challenge-response protocol to biometric data for easing the fingerprint recognition process

Proceedings of the 35th WIC Symposium on Information Theory in the Benelux and the 4th joint WIC/IEEE Symposium on Information Theory and Signal Processing in the Benelux, Eindhoven, the Netherlands May 12-13, 2014

Compressive sensing (CS) as an approach for data acquisition has recently received much attention. In CS, the signal recovery problem from the observed data requires the solution of a sparse vector from an underdetermined system of equations. The underlying sparse signal recovery problem is quite general with many applications and is the focus of this talk. The main emphasis will be on Bayesian approaches for sparse signal recovery. We will examine sparse priors such as the super-Gaussian and student-t priors and appropriate MAP estimation methods. In particular, re-weighted l2 and re-weighted l1 methods developed to solve the optimization problem will be discussed. The talk will also examine a hierarchical Bayesian framework and then study in detail an empirical Bayesian method, the Sparse Bayesian Learning (SBL) method. If time permits, we will also discuss Bayesian methods for sparse recovery problems with structure; Intra-vector correlation in the context of the block sparse model and inter-vector correlation in the context of the multiple measurement vector problem

Excavator Pose Estimation for Safety Monitoring by Fusing Computer Vision and RTLS Data

The construction industry is considered as a hazardous industry because of its high number of accidents and fatality rates. Safety is one of the main requirements on construction sites since an insecure site drops the morale of the workers, which can also result in lower productivity. To address safety issues, many proactive methods have been introduced by researchers and equipment manufacturers. Studying these methods shows that most of them are using radio-based technologies that perform based on the locations of the attached sensors to the moving objects, which could be expensive and impractical for the large fleet of available construction equipment. Safety monitoring is a sensitive task and avoiding collisions requires a detailed information of the articulated equipment (e.g. excavators) and the motion of each part of that equipment. Therefore, it is necessary to install the location sensors on each moving part of the equipment for estimating its pose, which is a difficult, time consuming, and expensive task. On the other hand, the application of Computer Vision (CV) techniques is growing and becoming more practical and affordable. However, most of the available CV-based techniques evaluate the proximity of the resources by considering each object as a single point regardless of its shape and pose. Moreover, the process of manually collecting and annotating a large image dataset of different pieces of equipment is one of the most time consuming tasks. Furthermore, relying on a single source of data may not only decrease the accuracy of the pose estimation system because of missing data or calculation errors, but it may also increase the computation time. Moreover, when there are multiple objects and equipment in the field of view of each camera, CV-based algorithms are under a higher risk of false recognition of the equipment and their parts. Therefore, fusing the cameras’ data with data from Real-Time Location System (RTLS) can help the pose estimation system by limiting the search area for the parts’ detectors, and consequently reducing the processing time and improving the accuracy by reducing the false detections. This research aims to estimate the excavator pose by fusing CV and RTLS data for safety monitoring and has the following objectives: (1) improving the CV training by developing a method to automatically generate and annotate around-view synthetic images of equipment and their parts using the 3D model of the equipment and the real images of the construction sites as background; (2) developing a guideline for applying stereo vision system in construction sites using regular surveillance cameras with long baseline at a high level; (3) improving the accuracy and speed of CV detection by fusing RTLS data with cameras’ data; and (4) estimating the 3D pose of the equipment for detecting potential collisions based on a pair of Two Dimensional (2D) skeletons of the parts from the views of two cameras. To support these objectives, a comprehensive database of the synthetic images of the excavator and its parts are generated, and multiple detectors from multiple views are trained for each part of the excavator using the image database. Moreover, the RTLS data, providing the location of the equipment, are linked with the corresponding video frames from two cameras to fuse the location data with the video data. Knowing the overall size of the equipment and its location provided by the RTLS system, a virtual cylinder defined around the equipment is projected on the video frames to limit the search scope of the object detection algorithm within the projected cylinder, resulting in a faster processing time and higher detection accuracy. Additionally, knowing the equipment ID assigned to each RTLS device and the cameras’ locations and heights, it is possible to select the suitable detectors for each equipment. After detecting a part, the background of the detected bounding box are removed to estimate the location and orientation of each part. The final skeleton of the excavator is derived by connecting the start and end points of the parts to their adjacent parts knowing the kinematic information of the excavator. Estimating the skeleton of the excavator from each camera view on one hand, and knowing the extrinsic and intrinsic parameters of all available cameras on the construction site, on the other hand, are used for estimating the 3D pose by triangulating the estimated skeleton from each camera. In order to use the available collision avoidance systems, the 3D pose of the excavator is sent to the game environment and the potential collisions are detected followed by generating a warning. The contributions of this research are: (1) developing a method for creating and annotating the synthetic images of the construction equipment and their parts using the equipment 3D models and the real images of the construction sites; (2) creating and training the HOG-based excavator’s parts detectors using the database of the synthetic images developed earlier and automatically produced negative samples from the other excavator parts in addition to the real images of different construction sites while the target object is cut from these; (3) developing a data fusion framework after calibrating two regular surveillance cameras with the long baseline to integrate the RTLS data received from GPS with the video data from the cameras to decrease the processing efforts for detecting excavator parts while increasing the detection accuracy by limiting the search scope for the detectors; (4) developing a clustering technique to subtract parts’ background and extracting the 2D skeleton of the excavator in each camera’s view and to estimate the 3D pose of the excavator; and (5) transferring the 3D pose data of the excavator to the game environment using TCP/IP connection and visualizing the near real-time pose of the excavator in the game engine for detecting the potential collisions