PSKA: Usable and Secure Key

sunflowerplateΤεχνίτη Νοημοσύνη και Ρομποτική

21 Νοε 2013 (πριν από 3 χρόνια και 4 μήνες)

64 εμφανίσεις

PSKA: Usable and Secure Key
Agreement Scheme for Body Area
Networks

Authors:

Krishna K.
Venkatasubramanian
,
Ayan

Banerjee,
Sandeep

K.S. Gupta


Presenter:Francis

Usher

Problem


Domain: Body Area Networks (BANs)


Sensors in BANs collect and disseminate
sensitive health


Security via cryptography requires key
distribution

Cryptography (overview)


Problem of sharing data securely


Symmetric
-
key cryptography


Secret key
k

is used to obscure message
m

into
cyphertext

c


Given
c
, only
k

can be used to reveal
m


Advantage: provable that adversary can only
break cryptosystem with negligible probability


Problem: how do we communicate keys?

Key sharing (generic approaches)


Pre
-
sharing


Manufacturer embeds long
-
term keys in device


Problem: not dynamic enough to handle key
compromise situations


Asymmetric crypto handshake


Asymmetric crypto doesn’t require shared secret


Problem: Usually requires contacting trusted
identity authority

Physiological Signal
-
based key sharing
(for BANs)


Design goals:


Length & randomness


Low latency


Distinctiveness


Temporal variance


Previous work: Inter
-
pulse
-
interval (IPI)
-
based,
independent, mutual key generation


Physiological Signal based Key Agreement (PSKA)



Use shared physiological signals to build & access
“fuzzy vault” containing session key

IPI
-
based key generation


Synchronized sensors measure IPI (EKG/PPG)


Encode measurements as key


4 observations:


Meets randomness goal, however:


High
-
latency


Two keys generated tend to differ in half of bits


This distance tends not to vary much in time between
generation or across different patients


No good tradeoff threshold between false
positive/negative rates




Digression: Shamir’s Secret
Sharing
(
p
recursor)


Secret value v to be shared among k people


Should take at least n people to determine secret


Degree
-
n
-
1

polynomial, random coefficients


P(x) =
𝑃
𝑥
=

𝑣
+
𝑐
1
𝑥
+
𝑐
2
𝑥
2
+

+
𝑐


1
𝑥


1


Evaluate at
k >= n

random points


Any n of these k points uniquely determines P


Otherwise even dist.
o
f choices for v



PSKA: Sharing keys using fuzzy vaults


Different
sensors
measure phys. signals


“Loosely synchronized”


Transform signals to create “features”


Generate random polynomial representing key


Map features under polynomial


Obscure feature maps using “chaff” points


Only similar feature set can infer polynomial from
vault (features + chaff)


Use MACs to affirm that key was shared correctly



Fuzzy Vault Security


Perfect match will always unlock vault


Close match corrected by oversampling


Hard to pick right set of points if lots of chaff


Picking the correct
s

elements of
m
(brute force)


𝑚
𝑠
=

!


𝑠
!



𝑠
!


Analysis of technique


Long & random keys


Low latency (only ~ 5
-
10 seconds of data)


Distinctiveness (across subjects)


Temporal variance (across time)


Feature generation


Use peaks from frequency domain (FFTs)


Concatenate indexes & values across windows


Features should demonstrate distinctiveness
and temporal
variance











Feasability
: implementation


Power, resource constraints


Can technique be implemented as efficiently
as competitors?


Classical, elliptic
-
curve
Diffie

Hellman


Evaluation in VHDL (formal hardware
specification language)


Metrics: clock cycles, memory footprint


Possible attacks


Fuzzy vault attacks


Some based on application to biometrics


One attack based on vault
-
construction artifact


Early points (features) have more “free area”


Dismissed but not thoroughly argued against

Idea for future work


Use fuzzy vaults to communicate public keys


Use asymmetric crypto handshakes to establish
session keys


Frequent update of public keys


Eliminates problem of contacting trusted authority
since physiological signals good for authentication
of body
-
area presence