extracting a secret key from a wireless channel
play

Extracting a Secret Key from a Wireless Channel Suhas Mathur - PowerPoint PPT Presentation

Nov 07, 2022 •98 likes •711 views

Extracting a Secret Key from a Wireless Channel Suhas Mathur suhas@winlab.rutgers.edu W. Trappe, N. Mandayam (WINLAB) Chunxuan Ye, Alex Reznik (InterDigital) Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 1 / 28 Introduction

  1. Extracting a Secret Key from a Wireless Channel Suhas Mathur suhas@winlab.rutgers.edu W. Trappe, N. Mandayam (WINLAB) Chunxuan Ye, Alex Reznik (InterDigital) Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 1 / 28

  2. Introduction Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 2 / 28

  3. Alice & Bob have never met. Alice Bob Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 3 / 28

  4. Alice & Bob have never met. They’d like to exchange a secret message. Alice Bob Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 3 / 28

  5. Alice & Bob have never met. They’d like to exchange a secret message. Alice Bob Eve Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 3 / 28

  6. Alice & Bob have never met. They’d like to exchange a secret message. But they don’t share a secret key. Alice Bob Eve Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 3 / 28

  7. ? Alice Bob Eve Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 4 / 28

  8. ← − Diffie Hellman key exchange! − → Alice Bob Eve Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 5 / 28

  9. ← − Diffie Hellman key exchange! − → Alice Bob Eve Computational Secrecy (Computationally bounded Eve) k = key, Y = Eve’s obervations It ’should be computationally infeasible’ to compute k from Y . Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 5 / 28

  10. Alice Bob Eve Unconditional secrecy (Computationally unbounded Eve) H ( k | Y ) = H ( k ). Y is useless to the attacker in computing any useful information about k . Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 6 / 28

  11. RANDOMLY VARYING CHANNEL BETWEEN ALICE AND BOB Alice Bob Eve Unconditional secrecy (Computationally unbounded Eve) H ( k | Y ) = H ( k ). Y is useless to the attacker in computing any useful information about k . Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 6 / 28

  12. [Maurer ’93] and [Ahlswede & Csiszar ’93] showed correlated random variables can be used to derive keys by public discussion Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 7 / 28

  13. [Maurer ’93] and [Ahlswede & Csiszar ’93] showed correlated random variables can be used to derive keys by public discussion ↓ Quantum Key Distribution Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 7 / 28

  14. [Maurer ’93] and [Ahlswede & Csiszar ’93] showed correlated random variables can be used to derive keys by public discussion ↓ Quantum Key Distribution Everyday wireless channels can enable this! Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 7 / 28

  15. Summary of fading wireless channels Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 8 / 28

  16. Summary of fading wireless channels Fading is a multiplicative distortion h ( t ) due to the channel that is Random Time varying Reciprocal (Alice → Bob ≡ Alice ← Bob) Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 8 / 28

  17. Summary of fading wireless channels Fading is a multiplicative distortion h ( t ) due to the channel that is Random Time varying Reciprocal (Alice → Bob ≡ Alice ← Bob) 2 1.5 h(t) 1 0.5 0 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 8 / 28

  18. Summary of fading wireless channels Fading is a multiplicative distortion h ( t ) due to the channel that is Random Time varying Reciprocal (Alice → Bob ≡ Alice ← Bob) 2 1.5 h(t) 1 0.5 0 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 The fading parameter h ( t ) decorrelates in space and time Space: Over distances of ∼ λ/ 2 (= 6 cm @ 2.4 Ghz) Time: Over one coherence time T c ∝ 1 f d ( f d ≈ 10 Hz @ 1 m/s) Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 8 / 28

  19. So how do Alice and Bob actually obtain identical secret bits? Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 9 / 28

  20. First, they probe the channel many times Alice Bob Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 10 / 28

  21. First, they probe the channel many times Y 1 h ( t ) − → Alice Bob Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 10 / 28

  22. First, they probe the channel many times X 1 Y 1 h ( t ) − → ← − Alice Bob Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 10 / 28

  23. First, they probe the channel many times X 1 Y 1 h ( t ) − → Y 2 ← − Alice Bob − → Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 10 / 28

  24. First, they probe the channel many times X 1 Y 1 h ( t ) − → X 2 Y 2 ← − Alice Bob − → ← − Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 10 / 28

  25. First, they probe the channel many times X 1 Y 1 h ( t ) − → X 2 Y 2 . . ← − . . . . Alice Bob − → X n Y n ← − X n = { X 1 , . . . X n } Y n = { Y 1 , . . . Y n } Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 10 / 28

  26. First, they probe the channel many times X 1 Y 1 h ( t ) − → X 2 Y 2 . . ← − . . . . Alice Bob − → X n Y n ← − X n = { X 1 , . . . X n } Y n = { Y 1 , . . . Y n } Alice 1.6 1.4 1.2 1 0.8 Bob 0.6 0.4 0.2 5 10 15 20 25 Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 10 / 28

  27. First, they probe the channel many times X 1 Y 1 h ( t ) − → X 2 Y 2 . . ← − . . . . Alice Bob − → X n Y n ← − X n = { X 1 , . . . X n } Y n = { Y 1 , . . . Y n } Alice 1.6 1.4 1.2 1 0.8 Bob 0.6 0.4 0.2 5 10 15 20 25 Eve overhears Z n , which is uncorrelated with X n and Y n Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 10 / 28

  28. Then they each locally compute thresholds One-bit quantizer Thresholds = ⇒ � 1 = median + α · SD q + if x > q + Q ( x ) = 0 if x < q − q − = median − α · SD q + q − Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 11 / 28

  29. Then they each locally compute thresholds One-bit quantizer Thresholds = ⇒ � 1 = median + α · SD q + if x > q + Q ( x ) = 0 if x < q − q − = median − α · SD Positive Excursion q + q − Negative Excursion m = Min # of points to be considered an excursion Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 12 / 28

  30. Positive Negative Excursions Excursion q + q − 10 20 30 40 50 60 X n Y n Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 13 / 28

  31. Positive Negative Excursions Excursion q + q − 10 20 30 40 50 60 X n Y n Find locations of excursions in X n of size ≥ m . e.g. { 6 , 27 , 42 , 52 , 64 , 98 , . . . } Send a random subset to Bob L = { 6 , 42 , 52 , 98 , . . . } Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 13 / 28

  32. Positive Negative Excursions Excursion q + q − 10 20 30 40 50 60 X n Y n Find locations of excursions in X n of size ≥ m . e.g. { 6 , 27 , 42 , 52 , 64 , 98 , . . . } Send a random subset to Bob L = { 6 , 42 , 52 , 98 , . . . } Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 13 / 28

  33. Positive Negative Excursions Excursion q + q − 10 20 30 40 50 60 X n Y n L Find locations of excursions in X n of size − → L ⊆ L where Y n has Find those indices ˜ ≥ m . e.g. { 6 , 27 , 42 , 52 , 64 , 98 , . . . } excursions. ˜ L = { 6 , 52 , . . . } Send a random subset to Bob L = { 6 , 42 , 52 , 98 , . . . } Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 13 / 28

  34. Positive Negative Excursions Excursion q + q − 10 20 30 40 50 60 X n Y n L Find locations of excursions in X n of size − → L ⊆ L where Y n has Find those indices ˜ ≥ m . e.g. { 6 , 27 , 42 , 52 , 64 , 98 , . . . } excursions. ˜ L = { 6 , 52 , . . . } Send a random subset to Bob L = { 6 , 42 , 52 , 98 , . . . } If | ˜ L | / | L | < 1 2 + ǫ for some 0 < ǫ < 1 2 , declare attack & abort. Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 13 / 28

  35. Positive Negative Excursions Excursion q + q − 10 20 30 40 50 60 X n Y n L Find locations of excursions in X n of size − → L ⊆ L where Y n has Find those indices ˜ ≥ m . e.g. { 6 , 27 , 42 , 52 , 64 , 98 , . . . } excursions. ˜ L = { 6 , 52 , . . . } Send a random subset to Bob L = { 6 , 42 , 52 , 98 , . . . } If | ˜ L | / | L | < 1 2 + ǫ for some 0 < ǫ < 1 2 , declare attack & abort. ELSE Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 13 / 28

  36. Positive Negative Excursions Excursion q + q − 10 20 30 40 50 60 X n Y n L Find locations of excursions in X n of size − → L ⊆ L where Y n has Find those indices ˜ ≥ m . e.g. { 6 , 27 , 42 , 52 , 64 , 98 , . . . } excursions. ˜ L = { 6 , 52 , . . . } Send a random subset to Bob L = { 6 , 42 , 52 , 98 , . . . } If | ˜ L | / | L | < 1 2 + ǫ for some 0 < ǫ < 1 2 , declare attack & abort. ELSE Quantize Y n at indices in ˜ L { 1011010.. } First N bits = for MAC. Remaining bits = secret key. Suhas Mathur (WINLAB) Secret bits from the channel 12/10/08 13 / 28

Recommend

Lecture 1 Wireless Channel I-Hsiang Wang ihwang@ntu.edu.tw 2/20, 2014 Wireless

Lecture 1 Wireless Channel I-Hsiang Wang ihwang@ntu.edu.tw 2/20, 2014 Wireless

Lecture 1 Wireless Channel I-Hsiang Wang ihwang@ntu.edu.tw 2/20, 2014 Wireless channels vary at two scales Channel quality Time Large-scale fading: path loss, shadowing, etc. Small-scale fading:

3.11k views • 35 slides
Lecture 1 Wireless Channel I-Hsiang Wang ihwang@ntu.edu.tw 2/20, 2014 Wireless

Lecture 1 Wireless Channel I-Hsiang Wang ihwang@ntu.edu.tw 2/20, 2014 Wireless

Lecture 1 Wireless Channel I-Hsiang Wang ihwang@ntu.edu.tw 2/20, 2014 Wireless channels vary at two scales Channel quality Time Large-scale fading: path loss, shadowing, etc. Small-scale fading:

781 views • 47 slides
Lecture 1 Wireless Channel I-Hsiang Wang ihwang@ntu.edu.tw 2/20, 2014 Wireless

Lecture 1 Wireless Channel I-Hsiang Wang ihwang@ntu.edu.tw 2/20, 2014 Wireless

Lecture 1 Wireless Channel I-Hsiang Wang ihwang@ntu.edu.tw 2/20, 2014 Wireless channels vary at two scales Channel quality Time Large-scale fading: path loss, shadowing, etc. Small-scale fading:

629 views • 46 slides
Secret key exchange Problem: Obtain a joint secret key via interaction over a public channel:

Secret key exchange Problem: Obtain a joint secret key via interaction over a public channel:

Secret key exchange Problem: Obtain a joint secret key via interaction over a public channel: Alice Bob $ x ... ; X ... COMPUTATIONAL NUMBER THEORY X ! $ ... ; Y ... y Y K A F A (

518 views • 19 slides
CS 4453 Computer Networks Chapter 5 Wireless and Mobile Networks 2015 Winter A wireless network

CS 4453 Computer Networks Chapter 5 Wireless and Mobile Networks 2015 Winter A wireless network

CS 4453 Computer Networks Chapter 5 Wireless and Mobile Networks 2015 Winter A wireless network communication takes place over a wireless channel (which is usually a radio channel, or sometimes an infrared channel). The challenges for wireless

1.42k views • 113 slides
Lecture 2: Wireless Physical Lecture 2: Wireless Physical Layer, Channel, and Capacity Layer,

Lecture 2: Wireless Physical Lecture 2: Wireless Physical Layer, Channel, and Capacity Layer,

Lecture 2: Wireless Physical Lecture 2: Wireless Physical Layer, Channel, and Capacity Layer, Channel, and Capacity Mythili Vutukuru CS 653 Spring 2014 Jan 9, Thursday Radio waves and spectrum Physical layer of mobile systems wireless

327 views • 20 slides
Lecture 4: Wireless Physical Lecture 4: Wireless Physical Layer: Channel Coding Layer: Channel

Lecture 4: Wireless Physical Lecture 4: Wireless Physical Layer: Channel Coding Layer: Channel

Lecture 4: Wireless Physical Lecture 4: Wireless Physical Layer: Channel Coding Layer: Channel Coding Mythili Vutukuru CS 653 Spring 2014 Jan 16, Thursday Channel Coding Modulated waveforms disrupted by signal Modulated waveforms

532 views • 14 slides
The Wireless Channel Ermanno Pietrosemoli ICTP Objective To present the basics concepts of

The Wireless Channel Ermanno Pietrosemoli ICTP Objective To present the basics concepts of

The Wireless Channel Ermanno Pietrosemoli ICTP Objective To present the basics concepts of telecommunication systems with focus on digital and wireless 2 Agenda Signals Bandwidth Spectrum Ideal channel, attenuation, delay

936 views • 45 slides
Wireless and Mobile Networks Wireless and 802.11 LANs wireless links: shared, fading,

Wireless and Mobile Networks Wireless and 802.11 LANs wireless links: shared, fading,

Wireless and Mobile Networks Wireless and 802.11 LANs wireless links: shared, fading, interference, hidden terminal problem IEEE 802.11 ( wi-fi ) CSMA/CA reflects wireless channel characteristics DIFS, SIFS,

1.43k views • 83 slides
Efficient One-Way Secret-Key Agreement and Private Channel Coding via Polarization Joseph M.

Efficient One-Way Secret-Key Agreement and Private Channel Coding via Polarization Joseph M.

Efficient One-Way Secret-Key Agreement and Private Channel Coding via Polarization Joseph M. Renes, Renato Renner, David Sutter Institute for Theoretical Physics ASIACRYPT 2013, Bangalore 1 / 13 Information Theoretic Cryptography Goal:

600 views • 21 slides
Towards Wireless Multi-Gigabit Systems Towards Wireless Multi Gigabit Systems Channel Models,

Towards Wireless Multi-Gigabit Systems Towards Wireless Multi Gigabit Systems Channel Models,

Technische Universitt Carolo-Wilhelmina zu Braunschweig tubs.CITY Jahrestagung 2009 tubs C Ja estagu g 009 Towards Wireless Multi-Gigabit Systems Towards Wireless Multi Gigabit Systems Channel Models, Regulation and Standardisation

519 views • 38 slides
Extracting keys from FPGAs, OTP Tokens and Door Locks Side-Channel (and other) Attacks in Practice

Extracting keys from FPGAs, OTP Tokens and Door Locks Side-Channel (and other) Attacks in Practice

Extracting keys from FPGAs, OTP Tokens and Door Locks Side-Channel (and other) Attacks in Practice David Oswald david.oswald@rub.de No, I did not do all this stuff alone Christof Paar Benedikt Driessen Timo Kasper Gregor Leander

1.2k views • 95 slides
Channel Models for Indoor Wireless Transmission P. Sharma, P. Sachetta, C. Thompson &amp; K.

Channel Models for Indoor Wireless Transmission P. Sharma, P. Sachetta, C. Thompson &amp; K.

Channel Models for Indoor Wireless Transmission P. Sharma, P. Sachetta, C. Thompson &amp; K. Chandra Center for Advanced Computation &amp; Telecommunications University of Massachusetts, Lowell Presentation Outline Indoor Wireless

159 views • 13 slides
Further Properties of Wireless Channel Capacity Fengyou Sun and Yuming Jiang Norwegian University

Further Properties of Wireless Channel Capacity Fengyou Sun and Yuming Jiang Norwegian University

Wireless Channel Capacity Analysis of Cumulative Capacity Analysis of Maximum and Minimum Cumulative Capacity Further Properties of Wireless Channel Capacity Fengyou Sun and Yuming Jiang Norwegian University of Science and Technology (NTNU)

260 views • 22 slides
Online Template Attack on ECDSA: Extracting Keys Via The Other Side By: Niels Roelofs, Niels

Online Template Attack on ECDSA: Extracting Keys Via The Other Side By: Niels Roelofs, Niels

Online Template Attack on ECDSA: Extracting Keys Via The Other Side By: Niels Roelofs, Niels Samwel, Lejla Batina and Joan Daemen Africacrypt Conference 2020 July 2020 Side Channel Attack Introduction A side-channel is any unintentional

375 views • 36 slides
Achieving Single Channel Full-Duplex Wireless Communication Jung Il Choi, Mayank Jain, Kannan

Achieving Single Channel Full-Duplex Wireless Communication Jung Il Choi, Mayank Jain, Kannan

Achieving Single Channel Full-Duplex Wireless Communication Jung Il Choi, Mayank Jain, Kannan Srinivasan, Philip Levis and Sachin Katti 1 Can a wireless node transmit AND receive at the same time on a single band? 2 Can a wireless node

1.06k views • 63 slides
Achieving Single Channel Full-Duplex Wireless Communication Jung Il Choi, Mayank Jain, Kannan

Achieving Single Channel Full-Duplex Wireless Communication Jung Il Choi, Mayank Jain, Kannan

Achieving Single Channel Full-Duplex Wireless Communication Jung Il Choi, Mayank Jain, Kannan Srinivasan, Philip Levis and Sachin Katti 1 Can a wireless node transmit AND receive at the same time on a single band? 2 Can a wireless node

1.05k views • 66 slides
Meltdown &amp; Spectre Attacks Overview An analogy CPU cache and use it as side channel

Meltdown &amp; Spectre Attacks Overview An analogy CPU cache and use it as side channel

Meltdown &amp; Spectre Attacks Overview An analogy CPU cache and use it as side channel Meltdown attack Spectre attack Microsoft Interview Question Stealing A Secret Secret: 7 Guard with Memory Eraser Restricted Room CPU

732 views • 30 slides
A new Dynamic Co-channel Interference Model for Simulation of Heterogeneous Wireless Networks

A new Dynamic Co-channel Interference Model for Simulation of Heterogeneous Wireless Networks

technische universitt dortmund A new Dynamic Co-channel Interference Model for Simulation of Heterogeneous Wireless Networks Andreas Lewandowski, Volker Kster and Christian Wietfeld Faculty of Electrical Engineering and Information

331 views • 9 slides
Multiple Antenna Secret Broadcast over Multiple Antenna Secret Broadcast over Wireless Networks

Multiple Antenna Secret Broadcast over Multiple Antenna Secret Broadcast over Wireless Networks

Multiple Antenna Secret Broadcast over Multiple Antenna Secret Broadcast over Wireless Networks Wireless Networks Ruoheng Liu and H. Vincent Poor Ruoheng Liu and H. Vincent Poor Princeton University Princeton University IAB IAB

579 views • 26 slides
Channel Surfing and Spatial Retreats: Defenses against Wireless Denial of Service W enyuan Xu,

Channel Surfing and Spatial Retreats: Defenses against Wireless Denial of Service W enyuan Xu,

Channel Surfing and Spatial Retreats: Defenses against Wireless Denial of Service W enyuan Xu, Tim othy W ood, W ade Trappe, Yanyong Zhang W I NLAB, Rutgers University I AB 2 0 0 4 Roadmap Motivation and Introduction Detection

486 views • 33 slides
Secret Sharing and Visual Cryptography Outline Secret Sharing Visual Secret Sharing

Secret Sharing and Visual Cryptography Outline Secret Sharing Visual Secret Sharing

Secret Sharing and Visual Cryptography Outline Secret Sharing Visual Secret Sharing Constructions Moir Cryptography Issues Secret Sharing Secret Sharing Threshold Secret Sharing (Shamir, Blakely 1979) Motivation

1.32k views • 62 slides
Interference-Aware Channel Assignment in Multi-Radio Wireless Networks K. N. Ramachandran, E. M.

Interference-Aware Channel Assignment in Multi-Radio Wireless Networks K. N. Ramachandran, E. M.

Interference-Aware Channel Assignment in Multi-Radio Wireless Networks K. N. Ramachandran, E. M. Belding, K. C. Almeroth, M. M. Buddhikot Motivation If the capacity problem is the major concern, Why not considering multiple radios for

411 views • 14 slides
Capacity of Ad Hoc Networks Quality of Wireless links Quality of Wireless links

Capacity of Ad Hoc Networks Quality of Wireless links Quality of Wireless links

Capacity of Ad Hoc Networks Quality of Wireless links Quality of Wireless links Physical Layer Issues Physical Layer Issues The Channel Capacity The Channel Capacity Path Loss Model and Signal Degradation Path

458 views • 31 slides

More recommend