PSKA: Usable and Secure Key
Agreement Scheme for Body Area
Networks
Authors:
Krishna K.
Venkatasubramanian
,
Ayan
Banerjee,
Sandeep
K.S. Gupta
Presenter:Francis
Usher
Problem
•
Domain: Body Area Networks (BANs)
•
Sensors in BANs collect and disseminate
sensitive health
•
Security via cryptography requires key
distribution
Cryptography (overview)
•
Problem of sharing data securely
•
Symmetric

key cryptography
–
Secret key
k
is used to obscure message
m
into
cyphertext
c
–
Given
c
, only
k
can be used to reveal
m
•
Advantage: provable that adversary can only
break cryptosystem with negligible probability
•
Problem: how do we communicate keys?
Key sharing (generic approaches)
•
Pre

sharing
–
Manufacturer embeds long

term keys in device
–
Problem: not dynamic enough to handle key
compromise situations
•
Asymmetric crypto handshake
–
Asymmetric crypto doesn’t require shared secret
–
Problem: Usually requires contacting trusted
identity authority
Physiological Signal

based key sharing
(for BANs)
•
Design goals:
–
Length & randomness
–
Low latency
–
Distinctiveness
–
Temporal variance
•
Previous work: Inter

pulse

interval (IPI)

based,
independent, mutual key generation
•
Physiological Signal based Key Agreement (PSKA)
–
Use shared physiological signals to build & access
“fuzzy vault” containing session key
IPI

based key generation
•
Synchronized sensors measure IPI (EKG/PPG)
•
Encode measurements as key
•
4 observations:
–
Meets randomness goal, however:
–
High

latency
–
Two keys generated tend to differ in half of bits
–
This distance tends not to vary much in time between
generation or across different patients
–
No good tradeoff threshold between false
positive/negative rates
Digression: Shamir’s Secret
Sharing
(
p
recursor)
•
Secret value v to be shared among k people
–
Should take at least n people to determine secret
•
Degree

n

1
polynomial, random coefficients
P(x) =
𝑃
𝑥
=
𝑣
+
𝑐
1
𝑥
+
𝑐
2
𝑥
2
+
⋯
+
𝑐
−
1
𝑥
−
1
Evaluate at
k >= n
random points
Any n of these k points uniquely determines P
Otherwise even dist.
o
f choices for v
PSKA: Sharing keys using fuzzy vaults
•
Different
sensors
measure phys. signals
–
“Loosely synchronized”
•
Transform signals to create “features”
•
Generate random polynomial representing key
•
Map features under polynomial
•
Obscure feature maps using “chaff” points
•
Only similar feature set can infer polynomial from
vault (features + chaff)
•
Use MACs to affirm that key was shared correctly
Fuzzy Vault Security
•
Perfect match will always unlock vault
•
Close match corrected by oversampling
•
Hard to pick right set of points if lots of chaff
–
Picking the correct
s
elements of
m
(brute force)
𝑚
𝑠
=
!
−
𝑠
!
∙
𝑠
!
Analysis of technique
•
Long & random keys
•
Low latency (only ~ 5

10 seconds of data)
•
Distinctiveness (across subjects)
•
Temporal variance (across time)
Feature generation
•
Use peaks from frequency domain (FFTs)
–
Concatenate indexes & values across windows
•
Features should demonstrate distinctiveness
and temporal
variance
Feasability
: implementation
•
Power, resource constraints
•
Can technique be implemented as efficiently
as competitors?
–
Classical, elliptic

curve
Diffie
Hellman
•
Evaluation in VHDL (formal hardware
specification language)
•
Metrics: clock cycles, memory footprint
Possible attacks
•
Fuzzy vault attacks
–
Some based on application to biometrics
–
One attack based on vault

construction artifact
•
Early points (features) have more “free area”
•
Dismissed but not thoroughly argued against
Idea for future work
•
Use fuzzy vaults to communicate public keys
–
Use asymmetric crypto handshakes to establish
session keys
–
Frequent update of public keys
–
Eliminates problem of contacting trusted authority
since physiological signals good for authentication
of body

area presence
Comments 0
Log in to post a comment