Secret Key Agreement Protocol for IEEE 802.15.8 PAC

may 2015 project ieee p802 15 working group n.w
1 / 23
Embed
Share

Explore a secret key agreement protocol for IEEE 802.15.8 PAC focusing on physical layer aspects. This protocol enables legitimate users to share secret keys remotely without the need for extensive key management infrastructure, ensuring security in wireless personal area networks.

  • IEEE
  • Wireless Networks
  • Security Protocol
  • Key Agreement
  • WPAN
rayaanacharya
kera671 Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. May 2015 Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) doc.: IEEE 802.15-15-0340-00-0008 Submission Title: Secret key agreement protocol for IEEE 802.15.8 PAC Date Submitted: May 2015 Source: [Byung-Jae Kwak, Gyung-Chul Sihn, Moon-Sik Lee]1, [Sangseok Yun, Sanghun Im, Jeongseok Ha]2 Company [ETRI, Daejeon, Korea]1, [KAIST]2 Address [218 Gajeong-ro, Yuseong-gu, Daejeon, Korea]1, [291 Daehak-ro, Yuseong-gu, Daejeon, Korea]2 Voice: [+82-42-860-6618]1, [+82-42-350-7524]2 E-Mail: [bjkwak@etri.re.kr]1, [ssyun@kaist.ac.kr]2 Re: P802.15.8 Draft D0.10.0 Abstract: Discussion of the secret key agreement protocol for IEEE 802.15.8 PAC from physical layer point of view. Purpose: Discussion Notice: discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor acknowledges and accepts that this contribution becomes the property of IEEE and may be made publicly available by P802.15. This document has been prepared to assist the IEEE P802.15. It is offered as a basis for Submission Slide 1 Byung-Jae Kwak et al., ETRI

  2. May 2015 doc.: IEEE 802.15-15-0340-00-0008 Secret key agreement protocol for IEEE 802.15.8 PAC May 2015 Submission Slide 2 Byung-Jae Kwak et al., ETRI

  3. May 2015 doc.: IEEE 802.15-15-0340-00-0008 Introduction This document presents a secret key agreement protocol using physical layer features This document proposes a secret key distribution protocol using channel impulse responses By taking advantage of channel reciprocity and sequential key distillation, a pair of legitimate users can remotely share a secret key without resorting to a key management infrastructure We have verified feasibility of the proposed protocol with hardware-based experiments Submission Slide 3 Byung-Jae Kwak et al., ETRI

  4. May 2015 doc.: IEEE 802.15-15-0340-00-0008 Introduction Fundamental problems in cryptography Sharing a secret key between two legitimate parties, Alice and Bob, in the presence of an adversary Eve This problem can be solved by applying public key cryptography Key management infrastructure is required Assume that Eve s computing power is limited Existing public key cryptography-based secret key distribution protocols are not applicable to fully distributed PAC Submission Slide 4 Byung-Jae Kwak et al., ETRI

  5. May 2015 doc.: IEEE 802.15-15-0340-00-0008 General Secret Key Agreement Protocol Maurer[1] proposed a new approach to generate a random sequence achieving the perfect security The process of generating a shared secret key consists of 3 phases Information Reconciliation Randomness Sharing Privacy Amplification Share the common randomness between Alice and Bob Alice & Bob agree on an identical random sequence Hash function provides the perfect secrecy Channel response between Alice & Bob can be seen as the common randomness Submission Slide 5 Byung-Jae Kwak et al., ETRI

  6. May 2015 doc.: IEEE 802.15-15-0340-00-0008 Randomness Sharing The reciprocity of the propagation channel [2] Used as a source of common randomness Spatial de-correlation assumption The channel response is location-specific Secret key is extracted by exploiting random fluctuation of the wireless channel Submission Slide 6 Byung-Jae Kwak et al., ETRI

  7. Snapshot of channel path gains 0.7 Channel path gains 0.6 May 2015 doc.: IEEE 802.15-15-0340-00-0008 0.5 0.4 Randomness Sharing 0.3 Path gain 0.2 0.1 0 Channel impulse response In time domain, the channel gains for the dominant paths can be utilized as shared randomness -0.1 -0.2 -0.3 0 0.2 0.4 0.6 0.8 1 1.2 -6 Time in sec x 10 Snapshot of time domain estimated CIR 0.7 Channel path gains Estimated Channel path gains 0.6 0.5 0.4 0.3 Path gain 0.2 0.1 0 -0.1 -0.2 -0.3 0 10 20 30 40 50 60 70 IFFT Point Submission Slide 7 Byung-Jae Kwak et al., ETRI

  8. May 2015 doc.: IEEE 802.15-15-0340-00-0008 Secret Key Agreement Protocol Channel Probing Alice (PD1) Bob (PD2) Randomness Sharing Protocol Channel Estimation Channel Estimation Quantizer Quantizer ?-bits ?-bits Syndrome Reconciliation Reconciliation Agree/Disagree Post Processing Protocol For Key Extraction ?-bits ?-bits Privacy Amplification Privacy Amplification Secret key, ?? Secret key, ?? Randomness Test Submission Slide 8 Byung-Jae Kwak et al., ETRI

  9. May 2015 doc.: IEEE 802.15-15-0340-00-0008 Randomness Sharing Protocol Mode 1 Use case : a legitimate terminal proceeds secure communication after enough time has passed since it joins a network Extracting randomness from channel estimation results while exchanging data for insecure communication Saving latest ? random bits and continuously renew them If gathered random bits are not enough < ? , switch to mode 2 Before secure communication, proceed secret key extraction through information reconciliation and privacy amplification Submission Slide 9 Byung-Jae Kwak et al., ETRI

  10. May 2015 doc.: IEEE 802.15-15-0340-00-0008 Randomness Sharing Protocol Alice Bob Mode 1 process process Channel estimation ??,1, ??,2, , ??,? Channel estimation ??,1, ??,2, , ??,? Extract distinctive feature (freq. time domain) ?,1, ?,2, , ?,? Quantization ?1,?2, ,??? Extract distinctive feature (freq. time domain) ?,1, ?,2, , ?,? Quantization ?1,?2, ,??? process process ?1,?2, ,??? ?1,?2, ,??? Pass the latest ? quantized bits Post Pass the latest ? quantized bits processing ?0,?1, ,?? : secret key Submission Slide 10 Byung-Jae Kwak et al., ETRI

  11. May 2015 doc.: IEEE 802.15-15-0340-00-0008 Randomness Sharing Protocol Mode 2 Use case : a legitimate terminal proceeds secure communication immediately to join network Continuously exchange only probe requests/responses for randomness sharing If enough random bits are gathered, perform secret key extraction through the post processing, i.e. information reconciliation and privacy amplification Submission Slide 11 Byung-Jae Kwak et al., ETRI

  12. May 2015 doc.: IEEE 802.15-15-0340-00-0008 Randomness Sharing Protocol Mode 2 Alice Bob process ??= ?1,?2, ,??1 process ?1= ?1,?2, ,??1 process process ??= ?1,?2, ,??? ??= ?1,?2, ,??? ? Stop probing if ? ?=1 ?? Gathering Enough ?-bits ?1, ,?? Gathering Enough ?-bits ?1, ,?? Post processing ?0,?1, ,?? : secret key Submission Slide 12 Byung-Jae Kwak et al., ETRI

  13. May 2015 doc.: IEEE 802.15-15-0340-00-0008 Secret Key Agreement Protocol Channel Probing Alice (PD1) Bob (PD1) Randomness Sharing Protocol Channel Estimation Channel Estimation Quantizer Quantizer ?-bits ?-bits Syndrome Reconciliation Reconciliation Agree/Disagree Post Processing Protocol For Key Extraction ?-bits ?-bits Privacy Amplification Privacy Amplification Secret key, ?? Secret key, ?? Randomness Test Submission Slide 13 Byung-Jae Kwak et al., ETRI

  14. May 2015 doc.: IEEE 802.15-15-0340-00-0008 Common Key Extraction Protocol Information reconciliation Random bit sequence for extracting secret key is obtained from channel impulse responses with quantization In the quantization process, the random bit sequences at legitimate parities may have discrepancy Such discrepancy can be removed by performing the information reconciliation [3, 4] Submission Slide 14 Byung-Jae Kwak et al., ETRI

  15. May 2015 doc.: IEEE 802.15-15-0340-00-0008 Common Key Extraction Protocol Privacy amplification Since the public discussions in the information reconciliation are also open to the eavesdropper, there must be an additional procedure aiming to extract secret key of which the eavesdropper is totally ignorant Privacy amplification using hash functions removes revealed information about the shared randomness during the information reconciliation and produces a secret key [5, 6] Submission Slide 15 Byung-Jae Kwak et al., ETRI

  16. May 2015 doc.: IEEE 802.15-15-0340-00-0008 Common Key Extraction Protocol Randomness test It is necessary to check whether a secret key follows almost pure random distribution for verifying suitability to use secret key Such test can be carried out by following a procedure proposed by U.S. Bureau of Standards [7] Submission Slide 16 Byung-Jae Kwak et al., ETRI

  17. May 2015 doc.: IEEE 802.15-15-0340-00-0008 Feasibility of the Proposed Protocol Experimental results based on off-the-shelf hardware devices Submission Slide 17 Byung-Jae Kwak et al., ETRI

  18. May 2015 doc.: IEEE 802.15-15-0340-00-0008 Experimental Environment Experiment setup 802.11a ad-hoc mode Atheros wireless module Antenna gain : 1 Transmit signal strength : 14 dBm Frequency range Carrier frequency : 5.2 GHz Signal bandwidth : 20 MHz Measuring RSSI for randomness sharing Alice-Bob, Alice-Eve, Bob-Eve Submission Slide 18 Byung-Jae Kwak et al., ETRI

  19. May 2015 doc.: IEEE 802.15-15-0340-00-0008 Experimental Layout Experimental Layout 1 Bob and Eve were stationary while Alice moved along fixed trajectory with speed of 3.6km/h Experimental Layout 2 All Stations were stationary NLOS channel between Alice and the other stations due to partition Table Table Table Partition Refrigerator Table Partition Refrigerator Partition Table Partition Table Partition Alice s route Partition Book shelf Cabinet Alice Book shelf Cabinet Alice Partition Partition Partition Partition 1m Partition Partition Partition Partition 1m Bob Partition Partition Partition Partition Bob Partition Partition Eve Partition Partition Eve Submission Slide 19 Byung-Jae Kwak et al., ETRI

  20. May 2015 doc.: IEEE 802.15-15-0340-00-0008 Feasibility of proposed protocol Secret key extraction rate Mobile case Duration of experiments 2225 sec Quantization level 3-bits Probability of key mismatch 0 Secret key rate 1.64 bits/sec Static case Duration of experiments 2861 sec Quantization level 1-bits Probability of key mismatch 0 Secret key rate 0.65 bits/sec Submission Slide 20 Byung-Jae Kwak et al., ETRI

  21. May 2015 doc.: IEEE 802.15-15-0340-00-0008 Other works for the proof of concepts WINLAB [Mathur08] It uses the amplitude of the maximum peak of the CIR (channel impulse response) recorded over time in a 802.11a LAN environment Level crossing algorithm is used for key generation Achieve about 1 bit/s in a real, indoor environments Submission Slide 21 Byung-Jae Kwak et al., ETRI

  22. May 2015 doc.: IEEE 802.15-15-0340-00-0008 Conclusion It is possible for legitimate terminals to share a secret key in fully distributed network by exploiting the channel reciprocity and the post processing Using off-the-shelf 802.11a network interface cards, we show th at the secret key using RSSI can be successfully generated at r ates of 1.64 bits/sec and 0.65 bits/sec in mobile and static envir onments. It is expected that secret key extraction rate can be further significantly increased when we exploit channel impulse response (CIR) as a source of secret key Submission Slide 22 Byung-Jae Kwak et al., ETRI

  23. May 2015 doc.: IEEE 802.15-15-0340-00-0008 References [1] U. Maurer, Secret key agreement by public discussion from common information, IEEE Tans. Information Theory, vol. 39, pp. 733-742, May 1993. [2] G. S. Smith, A direct derivation of a single-antenna reciprocity relation for the time-domain, IEEE Trans. Antennas Propagate., vol. 52, no. 6, pp. 1568-1577, Jun. 2004. [3] C. H. Bennett, E. Bessette, G. Brassard, L. Salvail and J. Smolin, Experimental quantum cryptography, Journal of Cryptography, vol. 5, no. 1, pp. 3-28, 1992. [4] G. Brassard and L. Savail, Secret-key reconciliation by public discussion, In Advances in cryptology EUROCRYPT 93, Lecture Notes in Computer Science, vol. 765, pp. 410-423, Springer-Verlag, New York, 1994. [5] G. H. Bennett, G. Brasard, C. Crrpeau and U. M. Maurer, Generalized privacy amplification, IEEE Trans. Information Theory, vol. 41, pp. 1915-1923, Nov. 1995. [6] C. H. Bennett, G. Brassard and J.-M. Robert, Privacy amplification by public discussion, SIAM Journal on Computing, vol. 17, pp. 201-229, April 1988. [7] A. Rukhin et al., A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications, NIST Special Publication 800-22, National Institute of Standards and Technology, Gaithersburg, MD, July 2000. Submission Slide 23 Byung-Jae Kwak et al., ETRI

Related


Proposed Approach for MAC Address Assignment in IEEE 802.11

Proposed Approach for MAC Address Assignment in IEEE 802.11

adlai
NABIP PAC: Political Action Committee Overview

NABIP PAC: Political Action Committee Overview

valery
IEEE 802.11-23/2092r2 AIML Report Summary

IEEE 802.11-23/2092r2 AIML Report Summary

eudora
IEEE 802.11-23-1689r1 Vice Chair Report - November 2023 Plenary Session

IEEE 802.11-23-1689r1 Vice Chair Report - November 2023 Plenary Session

tina
IEEE 802.11-20/0021-00 Priority Access Support for NS/EP Services Overview

IEEE 802.11-20/0021-00 Priority Access Support for NS/EP Services Overview

finlo
OSI Model and TCP/IP Protocol Suite in Computer Networking

OSI Model and TCP/IP Protocol Suite in Computer Networking

gwendolyn
IEEE 802.11-19-0202/r1 TGbd Agreed Terminology and Requirements

IEEE 802.11-19-0202/r1 TGbd Agreed Terminology and Requirements

valerio
Customize Your PAC Handbook for an Effective Parent Advisory Council

Customize Your PAC Handbook for an Effective Parent Advisory Council

sky
IEEE 802.11-20/1761r1 Ranging Protocol for 11bd

IEEE 802.11-20/1761r1 Ranging Protocol for 11bd

ted
Evolution of Standards: IEEE 802.11 and 802.1D Relationship

Evolution of Standards: IEEE 802.11 and 802.1D Relationship

amethyst
IEEE Std. 802.11-22/1017r0 Overview and Architecture Presentation

IEEE Std. 802.11-22/1017r0 Overview and Architecture Presentation

jewel
Brick PAC Donor List - October 17, 2023

Brick PAC Donor List - October 17, 2023

daph_73
IEEE-SA Fellowship Program at IEEE 802 Plenary March 2019 Schedule

IEEE-SA Fellowship Program at IEEE 802 Plenary March 2019 Schedule

jshah
IEEE-SA Fellowship Program at IEEE 802 Plenary March 2018

IEEE-SA Fellowship Program at IEEE 802 Plenary March 2018

wale
IEEE 802.11-17/0322r1 BRP Transmit Sector Sweep Protocol

IEEE 802.11-17/0322r1 BRP Transmit Sector Sweep Protocol

aseml
IEEE 802.1CQ: Address Assignment and Validation Protocols

IEEE 802.1CQ: Address Assignment and Validation Protocols

coia227
Local MAC Address Assignment Protocol (LAAP) and 802.1CQ

Local MAC Address Assignment Protocol (LAAP) and 802.1CQ

hill_z
Suitability of IEEE 802.11ah for LPWAN Applications Analysis

Suitability of IEEE 802.11ah for LPWAN Applications Analysis

milia
Updates on Pecan Industry: Legislation, Trade, and PAC Activities

Updates on Pecan Industry: Legislation, Trade, and PAC Activities

jory_549
IEEE 802 Viewpoints on WRC-23 Agenda Items

IEEE 802 Viewpoints on WRC-23 Agenda Items

chtz996
IEEE 802.11-IETF Liaison Report May 2024

IEEE 802.11-IETF Liaison Report May 2024

djai

More Related Content