Advertisement

Wireless Networks

, Volume 25, Issue 2, pp 733–751 | Cite as

PSP: proximity-based secure pairing of mobile devices using WiFi signals

  • Weirong CuiEmail author
  • Chenglie Du
  • Jinchao Chen
Article
  • 210 Downloads

Abstract

Wireless device-to-device (D2D) communication, which enables direct communication between co-located devices without Internet access, is becoming common. Simultaneously, security issues have become technical barriers to D2D communication due to its “open-air” nature and lack of centralized control. Automatically establishing the secure association between wireless devices that do not share a prior trust remains an open and challenging problem. Recent work has proposed to extract shared keys from the similar ambient radio signals of two co-located wireless devices. Using such methods, information reconciliation based on error-correcting techniques is implemented to make two co-located devices extract the same bitstreams as the shared keys from their similar ambient radio environment. However, due to the bounded capability of the error-correcting code, existing methods can only work effectively in a very short distance range. In this paper, we propose a novel solution, called proximity-based secure pairing (PSP), which allows two wireless devices in physical proximity to automatically authenticate each other and obtain shared keys according to the channel state information of the WiFi signals. In contrast to existing methods, PSP is built on private set intersection computation rather than information reconciliation, which makes it effective over a wider distance range while ensuring security and efficiency. We provide a thorough security analysis and performance evaluation of PSP and demonstrate its advantages in terms of security, efficiency and usability over state-of-the-art methods.

Keywords

Secure pairing Key agreement WiFi Channel state information 

References

  1. 1.
    Kang, H. J., Park, K. Y., Cho, K., & Kang, C. G. (2014). Mobile caching policies for device-to-device (D2D) content delivery networking. In Computer Communications Workshops (INFOCOM WKSHPS), 2014 IEEE Conference on (pp. 299–304). IEEE.Google Scholar
  2. 2.
    Akhtar, R., Leng, S., Wu, F., & Memon, I. (2013). Improvement of content delivery in mobile social networks. In Computational Problem-solving (ICCP), 2013 International Conference on. (pp. 139–143). IEEE.Google Scholar
  3. 3.
    Das, A. K., Kumari, S., Odelu, V., Li, X., Wu, F., & Huang, X. (2016). Provably secure user authentication and key agreement scheme for wireless sensor networks. Security and Communication Networks, 9(16), 3670–3687.CrossRefGoogle Scholar
  4. 4.
    McCune, J. M., Perrig, A., & Reiter, M. K. (2005). Seeing-is-believing: Using camera phones for human-verifiable authentication. In 2005 IEEE Symposium on Security and Privacy (S&P’05) (pp. 110–124). IEEE.Google Scholar
  5. 5.
    Goodrich, M. T., Sirivianos, M., Solis, J., Tsudik, G., & Uzun, E. (2006). Loud and clear: Human-verifiable authentication based on audio. In 26th IEEE International Conference on Distributed Computing Systems (ICDCS’06) (p. 10). IEEE.Google Scholar
  6. 6.
    Mayrhofer, R., & Gellersen, H. (2007). Shake well before use: Authentication based on accelerometer data. In International Conference on Pervasive Computing (pp. 144–161). Springer.Google Scholar
  7. 7.
    Mathur, S., Miller, R., Varshavsky, A., Trappe, W., & Mandayam, N. (2011). Proximate: Proximity-based secure pairing using ambient wireless signals. In Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services (pp. 211–224). ACM.Google Scholar
  8. 8.
    Varshavsky, A., Scannell, A., LaMarca, A., & De Lara, E. (2007). Amigo: Proximity-based authentication of mobile devices. In International Conference on Ubiquitous Computing (pp. 253–270). Springer.Google Scholar
  9. 9.
    Rappaport, T. S. (1996). Wireless communications: Principles and practice (Vol. 2). New Jersey: Prentice Hall PTR.zbMATHGoogle Scholar
  10. 10.
    Jana, S., Premnath, S. N., Clark, M., Kasera, S. K., Patwari, N., & Krishnamurthy, S. V. (2009). On the effectiveness of secret key extraction from wireless signal strength in real environments. In Proceedings of the 15th Annual International Conference on Mobile Computing and Networking (pp. 321–332). ACM.Google Scholar
  11. 11.
    Premnath, S. N., Jana, S., Croft, J., Gowda, P. L., Clark, M., Kasera, S. K., et al. (2013). Secret key extraction from wireless signal strength in real environments. IEEE Transactions on Mobile Computing, 12(5), 917–930.CrossRefGoogle Scholar
  12. 12.
    Liu, H., Yang, J., Wang, Y., & Chen, Y. (2012). Collaborative secret key extraction leveraging received signal strength in mobile wireless networks. In INFOCOM, 2012 Proceedings IEEE (pp. 927–935). IEEE.Google Scholar
  13. 13.
    Zan, B., Gruteser, M., & Hu, F. (2012). Improving robustness of key extraction from wireless channels with differential techniques. In 2012 International Conference on Computing, Networking and Communications (ICNC) (pp. 980–984). IEEE.Google Scholar
  14. 14.
    Liu, H., Wang, Y., Yang, J., & Chen, Y. (2013). Fast and practical secret key extraction by exploiting channel response. In INFOCOM, 2013 Proceedings IEEE (pp. 3048–3056). IEEE.Google Scholar
  15. 15.
    Xi, W., Li, X. Y., Qian, C., Han, J., Tang, S., Zhao, J., et al. (2014). Keep: Fast secret key extraction protocol for D2D communication. In 2014 IEEE 22nd International Symposium of Quality of Service (IWQoS) (pp. 350–359). IEEE.Google Scholar
  16. 16.
    Liu, Y., Draper, S. C., & Sayeed, A. M. (2012). Exploiting channel diversity in secret key generation from multipath fading randomness. IEEE Transactions on Information Forensics and Security, 7(5), 1484–1497.CrossRefGoogle Scholar
  17. 17.
    Perahia, E., & Stacey, R. (2013). Next generation wireless LANS: 802.11 n and 802.11 ac. Cambridge: Cambridge University Press.CrossRefGoogle Scholar
  18. 18.
    Renner, R., & Wolf, S. (2005). Simple and tight bounds for information reconciliation and privacy amplification. In International Conference on the Theory and Application of Cryptology and Information Security (pp. 199–216). Springer.Google Scholar
  19. 19.
    Cachin, C., & Maurer, U. M. (1997). Linking information reconciliation and privacy amplification. Journal of Cryptology, 10(2), 97–110.CrossRefzbMATHGoogle Scholar
  20. 20.
    Brassard, G., & Salvail, L. (1993). Secret-key reconciliation by public discussion. In Workshop on the Theory and Application of of Cryptographic Techniques (pp. 410–423). Springer.Google Scholar
  21. 21.
    Arain, Q., Zhongliang, D., Memon, I., et al. (2016). Privacy preserving dynamic pseudonym-based multiple mix-zones authentication protocol over road networks. Wireless Personal Communications, 95, 1–17.Google Scholar
  22. 22.
    Memon, I., Arain, Q. A., Memon, H., et al. (2017). Efficient user based authentication protocol for location based services discovery over road networks. Wireless Personal Communications, 95, 1–20.CrossRefGoogle Scholar
  23. 23.
    Memon, I., Mohammed, M. R., Akhtar, R., et al. (2014). Design and implementation to authentication over a GSM System using certificate-less public key cryptography (CL-PKC). Wireless Personal Communications, 79, 661–686.CrossRefGoogle Scholar
  24. 24.
    Memon, I., Hussain, I., Akhtar, R., et al. (2015). Enhanced privacy and authentication: An efficient and secure anonymous communication for location based service using asymmetric cryptography scheme. Wireless Personal Communications, 84, 1487C–1508.CrossRefGoogle Scholar
  25. 25.
    Kamenyi, D. M., Wang, Y., Zhang, F., Memon, I., & Gustav, Y. H. (2013). Authenticated privacy preserving for continuous query in location based services. Journal of Computational Information Systems, 9(24), 9857–9864.Google Scholar
  26. 26.
    Gustav, Y. H., Wang, Y., Domenic, M. K., Zhang, F., & Memon, I. (2013). Velocity similarity anonymization for continuous query location based services. In Computational Problem-solving (ICCP), 2013 International Conference on (pp. 433–436). IEEE.Google Scholar
  27. 27.
    Memon, I., & Arain, Q. A. (2016). Dynamic path privacy protection framework for continuous query service over road networks. World Wide Web, 20(4), 639–672.CrossRefGoogle Scholar
  28. 28.
    Maurer, U. M. (1993). Secret key agreement by public discussion from common information. IEEE Transactions on Information Theory, 39(3), 733–742.MathSciNetCrossRefzbMATHGoogle Scholar
  29. 29.
    Ahlswede, R., & Csiszar, I. (1998). Common randomness in information theory and cryptography. II. CR capacity. IEEE Transactions on Information Theory, 44(1), 225–240.MathSciNetCrossRefzbMATHGoogle Scholar
  30. 30.
    Sayeed, A., & Perrig, A. (2008). Secure wireless communications: Secret keys through multipath. In 2008 IEEE International Conference on Acoustics, Speech and Signal Processing (pp. 3013–3016).Google Scholar
  31. 31.
    Wilson, R., Tse, D., & Scholtz, R. A. (2007). Channel identification: Secret sharing using reciprocity in ultrawideband channels. IEEE Transactions on Information Forensics and Security, 2(3), 364–375.CrossRefGoogle Scholar
  32. 32.
    Wang, Q., Su, H., Ren, K., & Kim, K. (2011). Fast and scalable secret key generation exploiting channel phase randomness in wireless networks. In INFOCOM, 2011 Proceedings IEEE (pp. 1422–1430).Google Scholar
  33. 33.
    Tope, M. A., & McEachen, J. C. (2001). Unconditionally secure communications over fading channels. In Military Communications Conference, 2001. MILCOM 2001. Communications for Network-Centric Operations: Creating the Information Force (Vol. 1, pp. 54–58). IEEE.Google Scholar
  34. 34.
    Mathur, S., Trappe, W., Mandayam, N., Ye, C., & Reznik, A. (2008). Radio-telepathy: Extracting a secret key from an unauthenticated wireless channel. In Proceedings of the 14th ACM International Conference on Mobile Computing and Networking (pp. 128–139). ACM.Google Scholar
  35. 35.
    Chou, T. H., Draper, S. C., & Sayeed, A. M. (2010). Impact of channel sparsity and correlated eavesdropping on secret key generation from multipath channel randomness. In 2010 IEEE International Symposium on Information Theory (pp. 2518–2522).Google Scholar
  36. 36.
    Halperin, D., Hu, W., Sheth, A., & Wetherall, D. (2011). Tool release: Gathering 802.11 n traces with channel state information. ACM SIGCOMM Computer Communication Review, 41(1), 53.CrossRefGoogle Scholar
  37. 37.
    Okamoto, T., & Uchiyama, S. (1998). A new public-key cryptosystem as secure as factoring. In International Conference on the Theory and Applications of Cryptographic Techniques (pp. 308–318). Springer.Google Scholar
  38. 38.
    Naccache, D., & Stern, J. (1998). A new public key cryptosystem based on higher residues. In Proceedings of the 5th ACM Conference on Computer and Communications Security (pp. 59–66). ACM.Google Scholar
  39. 39.
    Paillier, P. (1999). Public-key cryptosystems based on composite degree residuosity classes. In International Conference on the Theory and Applications of Cryptographic Techniques (pp. 223–238). Springer.Google Scholar
  40. 40.
    Freedman, M. J., Nissim, K., & Pinkas, B. (2004). Efficient private matching and set intersection. In International Conference on the Theory and Applications of Cryptographic Techniques (pp. 1–19). Springer.Google Scholar
  41. 41.
    Li, R., & Wu, C. (2007). An unconditionally secure protocol for multi-party set intersection. In Applied Cryptography and Network Security (pp. 226–236). Springer.Google Scholar
  42. 42.
    GitHub Inc. (2016). A library for partially homomorphic encryption in Python. https://github.com/NICTA/python-paillier. Accessed.

Copyright information

© Springer Science+Business Media, LLC 2017

Authors and Affiliations

  1. 1.School of Computer Science and EngineeringNorthwestern Polytechnical UniversityXi’anPeople’s Republic of China

Personalised recommendations