Acoustic Integrity Codes: Secure Device Pairing Using Short-Range Acoustic Communication

Secure Device Pairing (SDP) relies on an out-of-band channel to authenticate devices. This requires a common hardware interface, which limits the use of existing SDP systems. We propose to use short-range acoustic communication for the initial pairing. Audio hardware is commonly available on existing off-the-shelf devices and can be accessed from user space without requiring firmware or hardware modifications. We improve upon previous approaches by designing Acoustic Integrity Codes (AICs): a modulation scheme that provides message authentication on the acoustic physical layer. We analyze their security and demonstrate that we can defend against signal cancellation attacks by designing signals with low autocorrelation. Our system can detect overshadowing attacks using a ternary decision function with a threshold. In our evaluation of this SDP scheme's security and robustness, we achieve a bit error ratio below 0.1% for a net bit rate of 100 bps with a signal-to-noise ratio (SNR) of 14 dB. Using our open-source proof-of-concept implementation on Android smartphones, we demonstrate pairing between different smartphone models.Comment: 11 pages, 11 figures. Published at ACM WiSec 2020 (13th ACM Conference on Security and Privacy in Wireless and Mobile Networks). Updated reference

A connection-level call admission control using genetic algorithm for MultiClass multimedia services in wireless networks

Call admission control in a wireless cell in a personal communication system (PCS) can be modeled as an M/M/C/C queuing system with m classes of users. Semi-Markov Decision Process (SMDP) can be used to optimize channel utilization with upper bounds on handoff blocking probabilities as Quality of Service constraints. However, this method is too time-consuming and therefore it fails when state space and action space are large. In this paper, we apply a genetic algorithm approach to address the situation when the SMDP approach fails. We code call admission control decisions as binary strings, where a value of “1” in the position i (i=1,…m) of a decision string stands for the decision of accepting a call in class-i; a value of “0” in the position i of the decision string stands for the decision of rejecting a call in class-i. The coded binary strings are feed into the genetic algorithm, and the resulting binary strings are founded to be near optimal call admission control decisions. Simulation results from the genetic algorithm are compared with the optimal solutions obtained from linear programming for the SMDP approach. The results reveal that the genetic algorithm approximates the optimal approach very well with less complexity

Performance analysis of contention based bandwidth request mechanisms in WiMAX networks

This article is posted here with the permission of IEEE. The official version can be obtained from the DOI below - Copyright @ 2010 IEEEWiMAX networks have received wide attention as they support high data rate access and amazing ubiquitous connectivity with great quality-of-service (QoS) capabilities. In order to support QoS, bandwidth request (BW-REQ) mechanisms are suggested in the WiMAX standard for resource reservation, in which subscriber stations send BW-REQs to a base station which can grant or reject the requests according to the available radio resources. In this paper we propose a new analytical model for the performance analysis of various contention based bandwidth request mechanisms, including grouping and no-grouping schemes, as suggested in the WiMAX standard. Our analytical model covers both unsaturated and saturated traffic load conditions in both error-free and error-prone wireless channels. The accuracy of this model is verified by various simulation results. Our results show that the grouping mechanism outperforms the no-grouping mechanism when the system load is high, but it is not preferable when the system load is light. The channel noise degrades the performance of both throughput and delay.This work was supported by the U.K. Engineering and Physical Sciences Research Council (EPSRC) under Grant EP/G070350/1 and by the Brunel University’s BRIEF Award

Using PLSI-U to Detect Insider Threats by Datamining Email

Despite a technology bias that focuses on external electronic threats, insiders pose the greatest threat to an organisation. This paper discusses an approach to assist investigators in identifying potential insider threats. We discern employees\u27 interests from e-mail using an extended version of PLSI. These interests are transformed into implicit and explicit social network graphs, which are used to locate potential insiders by identifying individuals who feel alienated from the organisation or have a hidden interest in a sensitive topic. By applying this technique to the Enron e-mail corpus, a small number of employees appear as potential insider threats

Resource Efficient Authentication and Session Key Establishment Procedure for Low-Resource IoT Devices

open access journalThe Internet of Things (IoT) can includes many resource-constrained devices, with most usually needing to securely communicate with their network managers, which are more resource-rich devices in the IoT network. We propose a resource-efficient security scheme that includes authentication of devices with their network managers, authentication between devices on different networks, and an attack-resilient key establishment procedure. Using automated validation with internet security protocols and applications tool-set, we analyse several attack scenarios to determine the security soundness of the proposed solution, and then we evaluate its performance analytically and experimentally. The performance analysis shows that the proposed solution occupies little memory and consumes low energy during the authentication and key generation processes respectively. Moreover, it protects the network from well-known attacks (man-in-the-middle attacks, replay attacks, impersonation attacks, key compromission attacks and denial of service attacks)

KALwEN: A New Practical and Interoperable Key Management Scheme for Body Sensor Networks

Key management is the pillar of a security architecture. Body sensor networks(BSNs) pose several challenges -- some inherited from wireless sensor networks(WSNs), some unique to themselves -- that require a new key management scheme to be tailor-made. The challenge is taken on, and the result is KALwEN, a new lightweight scheme that combines the best-suited cryptographic techniques in a seamless framework. KALwEN is user-friendly in the sense that it requires no expert knowledge of a user, and instead only requires a user to follow a simple set of instructions when bootstrapping or extending a network. One of KALwEN's key features is that it allows sensor devices from different manufacturers, which expectedly do not have any pre-shared secret, to establish secure communications with each other. KALwEN is decentralized, such that it does not rely on the availability of a local processing unit (LPU). KALwEN supports global broadcast, local broadcast and neighbor-to-neighbor unicast, while preserving past key secrecry and future key secrecy. The fact that the cryptographic protocols of KALwEN have been formally verified also makes a convincing case

Actor-network procedures: Modeling multi-factor authentication, device pairing, social interactions

As computation spreads from computers to networks of computers, and migrates into cyberspace, it ceases to be globally programmable, but it remains programmable indirectly: network computations cannot be controlled, but they can be steered by local constraints on network nodes. The tasks of "programming" global behaviors through local constraints belong to the area of security. The "program particles" that assure that a system of local interactions leads towards some desired global goals are called security protocols. As computation spreads beyond cyberspace, into physical and social spaces, new security tasks and problems arise. As networks are extended by physical sensors and controllers, including the humans, and interlaced with social networks, the engineering concepts and techniques of computer security blend with the social processes of security. These new connectors for computational and social software require a new "discipline of programming" of global behaviors through local constraints. Since the new discipline seems to be emerging from a combination of established models of security protocols with older methods of procedural programming, we use the name procedures for these new connectors, that generalize protocols. In the present paper we propose actor-networks as a formal model of computation in heterogenous networks of computers, humans and their devices; and we introduce Procedure Derivation Logic (PDL) as a framework for reasoning about security in actor-networks. On the way, we survey the guiding ideas of Protocol Derivation Logic (also PDL) that evolved through our work in security in last 10 years. Both formalisms are geared towards graphic reasoning and tool support. We illustrate their workings by analysing a popular form of two-factor authentication, and a multi-channel device pairing procedure, devised for this occasion.Comment: 32 pages, 12 figures, 3 tables; journal submission; extended references, added discussio