AEROKEY: Using Ambient Electromagnetic Radiation for Secure and Usable Wireless Device Authentication

Wireless connectivity is becoming common in increasingly diverse personal devices, enabling various interoperation- and Internet-based applications and services. More and more interconnected devices are simultaneously operated by a single user with short-lived connections, making usable device authentication methods imperative to ensure both high security and seamless user experience. Unfortunately, current authentication methods that heavily require human involvement, in addition to form factor and mobility constraints, make this balance hard to achieve, often forcing users to choose between security and convenience. In this work, we present a novel over-the-air device authentication scheme named AEROKEY that achieves both high security and high usability. With virtually no hardware overhead, AEROKEY leverages ubiquitously observable ambient electromagnetic radiation to autonomously generate spatiotemporally unique secret that can be derived only by devices that are closely located to each other. Devices can make use of this unique secret to form the basis of a symmetric key, making the authentication procedure more practical, secure and usable with no active human involvement. We propose and implement essential techniques to overcome challenges in realizing AEROKEY on low-cost microcontroller units, such as poor time synchronization, lack of precision analog front-end, and inconsistent sampling rates. Our real-world experiments demonstrate reliable authentication as well as its robustness against various realistic adversaries with low equal-error rates of 3.4% or less and usable authentication time of as low as 24 s

Establishing Trust in Vehicle-to-Vehicle Coordination: A Sensor Fusion Approach

Autonomous vehicles (AVs) use diverse sensors to understand their surroundings as they continually make safety- critical decisions. However, establishing trust with other AVs is a key prerequisite because safety-critical decisions cannot be made based on data shared from untrusted sources. Existing protocols require an infrastructure network connection and a third-party root of trust to establish a secure channel, which are not always available. In this paper, we propose a sensor-fusion approach for mobile trust establishment, which combines GPS and visual data. The combined data forms evidence that one vehicle is nearby another, which is a strong indication that it is not a remote adversary hence trustworthy. Our preliminary experiments show that our sensor-fusion approach achieves above 80% successful pairing of two legitimate vehicles observing the same object with 5 meters of error. Based on these preliminary results, we anticipate that a refined approach can support fuzzy trust establishment, enabling better collaboration between nearby AVs

Establishing Trust in Vehicle-to-Vehicle Coordination: A Sensor Fusion Approach

As we add more autonomous and semi-autonomous vehicles (AVs) to our roads, their effects on passenger and pedestrian safety are becoming more important. Despite extensive testing, AVs do not always identify roadway hazards. Failures in object recognition components have already led to several fatal collisions, e.g. as a result of faults in sensors, software, or vantage point. Although a particular AV may fail, there is an untapped pool of information held by other AVs in the vicinity that could be used to identify roadway hazards before they present a safety threat

Melanocytic Nevus in the External Auditory Canal with Keratin Accumulation

Nevus is a benign melanocytic neoplasm and the most common type of skin tumor. It may occur anywhere on the skin, but it is rare in the external auditory canal (EAC). We present a case of melanocytic nevus in the EAC with keratin accumulation. In microscopic surgery, the mass was excised completely, and the wax and keratin material medial portion of the EAC behind the mass was removed. In this patient, a melanocytic nevus in the EAC caused symptoms of hearing loss and wax and keratin buildup. For melanocytic nevus in the EAC, excision and pathologic confirmation should be performed if there are symptoms or when malignant transformation is suspected

SyncBleed: A Realistic Threat Model and Mitigation Strategy for Zero-Involvement Pairing and Authentication (ZIPA)

Zero Involvement Pairing and Authentication (ZIPA) is a promising technique for auto-provisioning large networks of Internet-of-Things (IoT) devices. Presently, these networks use password-based authentication, which is difficult to scale to more than a handful of devices. To deal with this challenge, ZIPA enabled devices autonomously extract identical authentication or encryption keys from ambient environmental signals. However, during the key negotiation process, existing ZIPA systems leak information on a public wireless channel which can allow adversaries to learn the key. We demonstrate a passive attack called SyncBleed, which uses leaked information to reconstruct keys generated by ZIPA systems. To mitigate SyncBleed, we present TREVOR, an improved key generation technique that produces nearly identical bit sequences from environmental signals without leaking information. We demonstrate that TREVOR can generate keys from a variety of environmental signal types under 4 seconds, consistently achieving a 90-95% bit agreement rate across devices within various environmental sources

Genomic Insight Into the Predominance of Candidate Phylum Atribacteria JS1 Lineage in Marine Sediments

Candidate phylum Atribacteria JS1 lineage is one of the predominant bacterial groups in anoxic subseafloor sediments, especially in organic-rich or gas hydrate-containing sediments. However, due to the lack of axenic culture representatives, metabolic potential and biogeochemical roles of this phylum have remained elusive. Here, we examined the microbial communities of marine sediments of the Ross Sea, Antarctica, and found candidate phylum Atribacteria JS1 lineage was the most abundant candidate phylum accounting for 9.8-40.8% of the bacterial communities with a single dominant operational taxonomic unit (OTU). To elucidate the metabolic potential and ecological function of this species, we applied a single-cell genomic approach and obtained 18 single-cell amplified genomes presumably from a single species that was consistent with the dominant OTU throughout the sediments. The composite genome constructed by co-assembly showed the highest genome completeness among available Atribacteria JS1 genomes. Metabolic reconstruction suggested fermentative potential using various substrates and syntrophic acetate oxidation coupled with hydrogen or formate scavenging methanogens. This metabolic potential supports the predominance of Atribacteria JS1 in anoxic environments expanding our knowledge of the ecological function of this uncultivated group.

Moonshine: An Online Randomness Distiller for Zero-Involvement Authentication

Context-based authentication is a promising method for transparently validating another device\u27s legitimacy to do join a network based on location. Devices can seamlessly pair with one another by harvesting environmental noise to generate a random key with no user involvement. But there are presently gaps in our understanding of the theoretical limitations of environmental noise harvesting, which makes it difficult for researchers to build efficient algorithms for sampling environmental noise and distilling keys from that noise. In this work, we explore the information-theoretic capacity of context-based authentication mechanisms to generate random bit strings from environmental noise sources with known properties. Using only mild assumptions about the characteristics of the source process, we demonstrate that commonly-used bit extraction algorithms extract only about 10% of the available randomness from a source noise process. We present an efficient algorithm to improve the quality of keys generated by context-based methods and evaluate it on real key extraction hardware. Moonshine is a randomness distiller which is more efficient at extracting bits from an environmental entropy source than existing methods. Our techniques nearly double the quality of keys as measured by the NIST randomness tests, producing keys that can be used in real-world authentication scenario

CLUSTOM-CLOUD: In-Memory Data Grid-Based Software for Clustering 16S rRNA Sequence Data in the Cloud Environment.

High-throughput sequencing can produce hundreds of thousands of 16S rRNA sequence reads corresponding to different organisms present in the environmental samples. Typically, analysis of microbial diversity in bioinformatics starts from pre-processing followed by clustering 16S rRNA reads into relatively fewer operational taxonomic units (OTUs). The OTUs are reliable indicators of microbial diversity and greatly accelerate the downstream analysis time. However, existing hierarchical clustering algorithms that are generally more accurate than greedy heuristic algorithms struggle with large sequence datasets. To keep pace with the rapid rise in sequencing data, we present CLUSTOM-CLOUD, which is the first distributed sequence clustering program based on In-Memory Data Grid (IMDG) technology-a distributed data structure to store all data in the main memory of multiple computing nodes. The IMDG technology helps CLUSTOM-CLOUD to enhance both its capability of handling larger datasets and its computational scalability better than its ancestor, CLUSTOM, while maintaining high accuracy. Clustering speed of CLUSTOM-CLOUD was evaluated on published 16S rRNA human microbiome sequence datasets using the small laboratory cluster (10 nodes) and under the Amazon EC2 cloud-computing environments. Under the laboratory environment, it required only ~3 hours to process dataset of size 200 K reads regardless of the complexity of the human microbiome data. In turn, one million reads were processed in approximately 20, 14, and 11 hours when utilizing 20, 30, and 40 nodes on the Amazon EC2 cloud-computing environment. The running time evaluation indicates that CLUSTOM-CLOUD can handle much larger sequence datasets than CLUSTOM and is also a scalable distributed processing system. The comparative accuracy test using 16S rRNA pyrosequences of a mock community shows that CLUSTOM-CLOUD achieves higher accuracy than DOTUR, mothur, ESPRIT-Tree, UCLUST and Swarm. CLUSTOM-CLOUD is written in JAVA and is freely available at http://clustomcloud.kopri.re.kr