3,999 research outputs found
Practical Provably Secure Multi-node Communication
We present a practical and provably-secure multimode communication scheme in
the presence of a passive eavesdropper. The scheme is based on a random
scheduling approach that hides the identity of the transmitter from the
eavesdropper. This random scheduling leads to ambiguity at the eavesdropper
with regard to the origin of the transmitted frame. We present the details of
the technique and analyze it to quantify the secrecy-fairness-overhead
trade-off. Implementation of the scheme over Crossbow Telosb motes, equipped
with CC2420 radio chips, shows that the scheme can achieve significant secrecy
gain with vanishing outage probability. In addition, it has significant
overhead advantage over direct extensions to two-nodes schemes. The technique
also has the advantage of allowing inactive nodes to leverage sleep mode to
further save energy.Comment: Proceedings of the IEEE International Conference on Computing,
Networking and Communications (ICNC 2014
Principles of Physical Layer Security in Multiuser Wireless Networks: A Survey
This paper provides a comprehensive review of the domain of physical layer
security in multiuser wireless networks. The essential premise of
physical-layer security is to enable the exchange of confidential messages over
a wireless medium in the presence of unauthorized eavesdroppers without relying
on higher-layer encryption. This can be achieved primarily in two ways: without
the need for a secret key by intelligently designing transmit coding
strategies, or by exploiting the wireless communication medium to develop
secret keys over public channels. The survey begins with an overview of the
foundations dating back to the pioneering work of Shannon and Wyner on
information-theoretic security. We then describe the evolution of secure
transmission strategies from point-to-point channels to multiple-antenna
systems, followed by generalizations to multiuser broadcast, multiple-access,
interference, and relay networks. Secret-key generation and establishment
protocols based on physical layer mechanisms are subsequently covered.
Approaches for secrecy based on channel coding design are then examined, along
with a description of inter-disciplinary approaches based on game theory and
stochastic geometry. The associated problem of physical-layer message
authentication is also introduced briefly. The survey concludes with
observations on potential research directions in this area.Comment: 23 pages, 10 figures, 303 refs. arXiv admin note: text overlap with
arXiv:1303.1609 by other authors. IEEE Communications Surveys and Tutorials,
201
iJam: Jamming Oneself for Secure Wireless Communication
Wireless is inherently less secure than wired networks because of its broadcast nature. Attacks that simply snoop on the wireless medium successfully defeat the security of even 802.11 networks using the most recent security standards (WPA2-PSK). In this paper we ask the following question: Can we prevent this kind of eavesdropping from happening? If so, we can potentially defeat the entire class of attacks that rely on snooping. This paper presents iJam, a PHY-layer protocol for OFDM-based wireless systems. iJam ensures that an eavesdropper cannot successfully demodulate a wireless signal not intended for it. To achieve this iJam strategically introduces interference that prevents an eavesdropper from decoding the data, while allowing the intended receiver to decode it. iJam exploits the properties of 802.11â s OFDM signals to ensure that an eavesdropper cannot even tell which parts of the signal are jammed. We implement iJam and evaluate it in a testbed of GNURadios with an 802.11-like physical layer. We show that iJam makes the data bits at the adversary look random, i.e., the BER becomes close to 50%, whereas the receiver can perfectly decode the data
Physical Layer Wireless Security Made Fast and Channel Independent
There is a growing interest in physical layer security. Recent work has demonstrated that wireless devices can generate a shared secret key by exploiting variations in their channel. The rate at which the secret bits are generated, however, depends heavily on how fast the channel changes. As a result, existing schemes have a low secrecy rate and are mainly applicable to mobile environments. In contrast, this paper presents a new physical-layer approach to secret key generation that is both fast and independent of channel variations. Our approach makes a receiver jam the signal in a manner that still allows it to decode the data, yet prevents other nodes from decoding. Results from a testbed implementation show that our method is significantly faster and more accurate than state of the art physical-layer secret key generation protocols. Specifically, while past work generates up to 44 secret bits/s with a 4% bit disagreement between the two devices, our design has a secrecy rate of 3-18 Kb/s with 0% bit disagreement
Quire: Lightweight Provenance for Smart Phone Operating Systems
Smartphone apps often run with full privileges to access the network and
sensitive local resources, making it difficult for remote systems to have any
trust in the provenance of network connections they receive. Even within the
phone, different apps with different privileges can communicate with one
another, allowing one app to trick another into improperly exercising its
privileges (a Confused Deputy attack). In Quire, we engineered two new security
mechanisms into Android to address these issues. First, we track the call chain
of IPCs, allowing an app the choice of operating with the diminished privileges
of its callers or to act explicitly on its own behalf. Second, a lightweight
signature scheme allows any app to create a signed statement that can be
verified anywhere inside the phone. Both of these mechanisms are reflected in
network RPCs, allowing remote systems visibility into the state of the phone
when an RPC is made. We demonstrate the usefulness of Quire with two example
applications. We built an advertising service, running distinctly from the app
which wants to display ads, which can validate clicks passed to it from its
host. We also built a payment service, allowing an app to issue a request which
the payment service validates with the user. An app cannot not forge a payment
request by directly connecting to the remote server, nor can the local payment
service tamper with the request
Integration of the Captive Portal paradigm with the 802.1X architecture
In a scenario where hotspot wireless networks are increasingly being used,
and given the amount of sensitive information exchanged on Internet
interactions, there is the need to implement security mechanisms that guarantee
data confidentiality and integrity in such networks, as well as the
authenticity of the hotspot providers.
However, many hotspots today use Captive Portals, which rely on
authentication through Web pages (thus, an application-level authentication
approach) instead of a link-layer approach. The consequence of this is that
there is no security in the wireless link to the hotspot (it has to be provided
at upper protocol layers), and is cumbersome to manage wireless access profiles
(we need special applications or browsers' add-ons to do that).
This work exposes the weaknesses of the Captive Portals' paradigm, which does
not follow a unique nor standard approach, and describes a solution that
intends to suppress them, based on the 802.1X architecture. This solution uses
a new EAP-compliant protocol that is able to integrate an HTTP-based
registration or authentication with a Captive Portal within the 802.1X
authentication framework
- …