153 research outputs found
Acoustic Integrity Codes: Secure Device Pairing Using Short-Range Acoustic Communication
Secure Device Pairing (SDP) relies on an out-of-band channel to authenticate
devices. This requires a common hardware interface, which limits the use of
existing SDP systems. We propose to use short-range acoustic communication for
the initial pairing. Audio hardware is commonly available on existing
off-the-shelf devices and can be accessed from user space without requiring
firmware or hardware modifications. We improve upon previous approaches by
designing Acoustic Integrity Codes (AICs): a modulation scheme that provides
message authentication on the acoustic physical layer. We analyze their
security and demonstrate that we can defend against signal cancellation attacks
by designing signals with low autocorrelation. Our system can detect
overshadowing attacks using a ternary decision function with a threshold. In
our evaluation of this SDP scheme's security and robustness, we achieve a bit
error ratio below 0.1% for a net bit rate of 100 bps with a signal-to-noise
ratio (SNR) of 14 dB. Using our open-source proof-of-concept implementation on
Android smartphones, we demonstrate pairing between different smartphone
models.Comment: 11 pages, 11 figures. Published at ACM WiSec 2020 (13th ACM
Conference on Security and Privacy in Wireless and Mobile Networks). Updated
reference
Recommended from our members
A connection-level call admission control using genetic algorithm for MultiClass multimedia services in wireless networks
Call admission control in a wireless cell in a personal communication system (PCS) can be modeled as an M/M/C/C queuing system with m classes of users. Semi-Markov Decision Process (SMDP) can be used to optimize channel utilization with upper bounds on handoff blocking probabilities as Quality of Service constraints. However, this method is too time-consuming and therefore it fails when state space and action space are large. In this paper, we apply a genetic algorithm approach to address the situation when the SMDP approach fails. We code call admission control decisions as binary strings, where a value of â1â in the position i (i=1,âŠm) of a decision string stands for the decision of accepting a call in class-i; a value of â0â in the position i of the decision string stands for the decision of rejecting a call in class-i. The coded binary strings are feed into the genetic algorithm, and the resulting binary strings are founded to be near optimal call admission control decisions. Simulation results from the genetic algorithm are compared with the optimal solutions obtained from linear programming for the SMDP approach. The results reveal that the genetic algorithm approximates the optimal approach very well with less complexity
Performance analysis of contention based bandwidth request mechanisms in WiMAX networks
This article is posted here with the permission of IEEE. The official version can be obtained from the DOI below - Copyright @ 2010 IEEEWiMAX networks have received wide attention as they support high data rate access and amazing ubiquitous connectivity with great quality-of-service (QoS) capabilities. In order to support QoS, bandwidth request (BW-REQ) mechanisms are suggested in the WiMAX standard for resource reservation, in which subscriber stations send BW-REQs to a base station which can grant or reject the requests according to the available radio resources. In this paper we propose a new analytical model for the performance analysis of various contention based bandwidth request mechanisms, including grouping and no-grouping schemes, as suggested in the WiMAX standard. Our analytical model covers both unsaturated and saturated traffic load conditions in both error-free and error-prone wireless channels. The accuracy of this model is verified by various simulation results. Our results show that the grouping mechanism outperforms the no-grouping mechanism when the system load is high, but it is not preferable when the system load is light. The channel noise degrades the performance of both throughput and delay.This work was supported by the U.K. Engineering and Physical Sciences Research Council (EPSRC) under Grant EP/G070350/1 and
by the Brunel Universityâs BRIEF Award
Using PLSI-U to Detect Insider Threats by Datamining Email
Despite a technology bias that focuses on external electronic threats, insiders pose the greatest threat to an organisation. This paper discusses an approach to assist investigators in identifying potential insider threats. We discern employees\u27 interests from e-mail using an extended version of PLSI. These interests are transformed into implicit and explicit social network graphs, which are used to locate potential insiders by identifying individuals who feel alienated from the organisation or have a hidden interest in a sensitive topic. By applying this technique to the Enron e-mail corpus, a small number of employees appear as potential insider threats
Resource Efficient Authentication and Session Key Establishment Procedure for Low-Resource IoT Devices
open access journalThe Internet of Things (IoT) can includes many resource-constrained devices, with most usually needing to securely communicate with their network managers, which are more resource-rich devices in the IoT network. We propose a resource-efficient security scheme that includes authentication of devices with their network managers, authentication between devices on different networks, and an attack-resilient key establishment procedure. Using automated validation with internet security protocols and applications tool-set, we analyse several attack scenarios to determine the security soundness of the proposed solution, and then we evaluate its performance analytically and experimentally. The performance analysis shows that the proposed solution occupies little memory and consumes low energy during the authentication and key generation processes respectively. Moreover, it protects the network from well-known attacks (man-in-the-middle attacks, replay attacks, impersonation attacks, key compromission attacks and denial of service attacks)
KALwEN: A New Practical and Interoperable Key Management Scheme for Body Sensor Networks
Key management is the pillar of a security architecture. Body sensor networks(BSNs) pose several challenges -- some inherited from wireless sensor networks(WSNs), some unique to themselves -- that require a new key management scheme to be tailor-made. The challenge is taken on, and the result is KALwEN, a new lightweight scheme that combines the best-suited cryptographic techniques in a seamless framework. KALwEN is user-friendly in the sense that it requires no expert knowledge of a user, and instead only requires a user to follow a simple set of instructions when bootstrapping or extending a network. One of KALwEN's key features is that it allows sensor devices from different manufacturers, which expectedly do not have any pre-shared secret, to establish secure communications with each other. KALwEN is decentralized, such that it does not rely on the availability of a local processing unit (LPU). KALwEN supports global broadcast, local broadcast and neighbor-to-neighbor unicast, while preserving past key secrecry and future key secrecy. The fact that the cryptographic protocols of KALwEN have been formally verified also makes a convincing case
Actor-network procedures: Modeling multi-factor authentication, device pairing, social interactions
As computation spreads from computers to networks of computers, and migrates
into cyberspace, it ceases to be globally programmable, but it remains
programmable indirectly: network computations cannot be controlled, but they
can be steered by local constraints on network nodes. The tasks of
"programming" global behaviors through local constraints belong to the area of
security. The "program particles" that assure that a system of local
interactions leads towards some desired global goals are called security
protocols. As computation spreads beyond cyberspace, into physical and social
spaces, new security tasks and problems arise. As networks are extended by
physical sensors and controllers, including the humans, and interlaced with
social networks, the engineering concepts and techniques of computer security
blend with the social processes of security. These new connectors for
computational and social software require a new "discipline of programming" of
global behaviors through local constraints. Since the new discipline seems to
be emerging from a combination of established models of security protocols with
older methods of procedural programming, we use the name procedures for these
new connectors, that generalize protocols. In the present paper we propose
actor-networks as a formal model of computation in heterogenous networks of
computers, humans and their devices; and we introduce Procedure Derivation
Logic (PDL) as a framework for reasoning about security in actor-networks. On
the way, we survey the guiding ideas of Protocol Derivation Logic (also PDL)
that evolved through our work in security in last 10 years. Both formalisms are
geared towards graphic reasoning and tool support. We illustrate their workings
by analysing a popular form of two-factor authentication, and a multi-channel
device pairing procedure, devised for this occasion.Comment: 32 pages, 12 figures, 3 tables; journal submission; extended
references, added discussio
- âŠ