Dominik Schürmann

Secure smartphone-based registration and key deployment for vehicle-to-cloud communications

Intelligent Transportation Systems that rely on Vehicle-to-Cloud communications are emerging. Of particular interest to us is the question how drivers can securely register their vehicle with cloud services and deploy keys for securing vehicular communications. We therefore present a secure smartphone-based registration and key deployment process for these applications. We combine an adapted OAuth flow for Smartphone-to-Cloud communications with a novel key deployment mechanism for Public Key Infrastructures in vehicular networks. The primary contributions of the proposed key deployment process are a high degree of independence from central authorities and feasible security audits due to an open protocol design. As an instance of future Intelligent Transportation System applications that facilitate Vehicle-to-Cloud communications, we utilize the V-Charge project as a running example to discuss potential attack scenarios and their mitigations.

Trustworthy Parking Communities: Helping Your Neighbor to Find a Space

Cooperation between vehicles facilitates traffic management, road safety and infotainment applications. Cooperation, however, requires trust in the validity of the received information. In this paper, we tackle the challenge of securely exchanging parking spot availability information. Trust is crucial in order to support the decision of whether the querying vehicle should rely on the received information about free parking spots close to its destination and thus ignore other potentially free spots on the way. Therefore, we propose Parking Communities, which provide a distributed and dynamic means to establish trusted groups of vehicles helping each other to securely find parking in their respective community area. Our approach is based on high-performance state-of-the-art encryption and signature algorithms as well as a well-understood mathematical trust rating model. This approach allows end-to-end encrypted request-response communications in combination with geocast and can be used as an overlay to existing vehicular networking technologies. We provide a comprehensive comparison with other security architectures and simulation results showing the feasibility of our approach.

Demo of BANDANA - Body Area Network Device-to-device Authentication using Natural gAit

Secure spontaneous authentication between devices worn at arbitrary locations on the same body is a challenging, yet unsolved problem. We propose BANDANA, the first-ever implicit secure device-to-device authentication scheme for devices worn on the same body. Our approach leverages instantaneous variations in acceleration patterns from the users gait to extract always-fresh secure secrets. It enables secure spontaneous pairing of devices worn on the same body or interacted with. The method is robust against noise in sensor readings and active attackers.

Cooperative Charging in Residential Areas

Electric vehicles (EVs) require a well-developed charging infrastructure. Particularly when used for the daily commute, most EV drivers will rely on a nightly charge in their garage, for instance. In typical European urban residential areas, however, private parking and charging resources are severely limited. Therefore, public on-street charging often is the only option. However, it faces several limitations that lead to an inefficient and unfair utilization of charging stations, or EV supply equipment (EVSE). For instance, EVSEs are often blocked by fully charged vehicles. We thus propose and evaluate a cooperative protocol for EVs that facilitates coordinated handovers of EVSEs. We integrate this protocol with the ISO 15118 standard and provide a detailed security analysis. In the evaluation, we show that coordinated handovers significantly improve both EVSE utilization (helping to amortize the expensive operating costs) and provide benefits for EV owners by providing sufficient charging resources. This reduces range anxiety and saves them from cruising for charging.

Authenticated resource management in delay-tolerant networks using proxy signatures

In Delay-Tolerant Networks (DTN), individual nodes with much higher rates of sending new bundles than average can degrade the delivery rate of other nodes substantially. They have a much higher impact on the overall network fairness than in traditional networks because of DTN - specific properties, such as decentralized design and the store-and-forward approach. Authenticated resource management schemes were proposed to guarantee minimum delivery rates in the presence of nodes with high resource utilization as well as in the presence of malicious nodes performing Denial-of-Service (DoS) attacks. They partition the buffer adaptively based on the source node identifier of incoming bundles, which is cryptographically authenticated by the network. We extend such approaches by using a cryptographic primitive named proxy signature. Our method allows treating a bundle not only based on its source node. Instead, a combined affiliation of the source node together with the requesting node can be used which allows for better support of important communication patterns such as request-response. Our method can improve the overall fairness and is similar to a reverse charge call in telephone networks, as the requesting node “pays” for the response by allowing it to also use buffer space normally assigned to itself. We evaluate our approach using simulations in different scenarios.

Wiretapping End-to-End Encrypted VoIP Calls: Real-World Attacks on ZRTP

Abstract Voice calls are still one of the most common use cases for smartphones. Often, sensitive personal information but also confidential business information is shared. End-to-end security is required to protect against wiretapping of voice calls. For such real-time communication, the ZRTP key-agreement protocol has been proposed. By verbally comparing a small number of on-screen characters or words, called Short Authentication Strings, the participants can be sure that no one is wiretapping the call. Since 2011, ZRTP is an IETF standard implemented in several VoIP clients. In this paper, we analyzed attacks on real-world VoIP systems, in particular those implementing the ZRTP standard. We evaluate the protocol compliance, error handling, and user interfaces of the most common ZRTP-capable VoIP clients. Our extensive analysis uncovered a critical vulnerability that allows wiretapping even though Short Authentication Strings are compared correctly. We discuss shortcomings in the clients’ error handling and design of security indicators potentially leading to insecure connections.

RAIM: Redundant array of independent motes

Wireless Sensor Networks in real world context are per se error-prone; motes can be lost, destroyed, corrupted, or stolen. Some scenarios demand a high level of confidentiality and integrity so that an attacker cannot access or alter the secret data. Other setups may require a high level of redundancy so that data from many motes can be recovered by only collecting a few. In this paper we show how both can be achieved at the same time by designing a protocol based on Shamirs Secret Sharing, symmetric ciphers, and Message Authentication Codes to distribute, encrypt, and authenticate the data. Our implementation RAIM supports the whole bandwidth from full redundancy to full confidentiality. RAIM is the first security implementation for Contiki OS, which uses secret sharing techniques. It has been deployed on physical motes, where its real world energy consumption and throughput has been measured. In addition to real world experiments, we provide a simulation to evaluate all possible configurations.

OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android

While many Android apps provide end-to-end encryption, the cryptographic keys are still stored on the device itself and can thus be stolen by exploiting vulnerabilities. External cryptographic hardware solves this issue, but is currently only used for two-factor authentication and not for communication encryption. In this paper, we design, implement, and evaluate an architecture for NFC-based cryptography on Android. Our high-level API provides cryptographic operations without requiring knowledge of public-key cryptography. By developing OpenKeychain, we were able to roll out this architecture for more than 100,000 users. It provides encryption for emails, messaging, and a password manager. We provide a threat model, NFC performance measurements, and discuss their impact on our architecture design. As an alternative form factor to smart cards, we created the prototype of an NFC signet ring. To evaluate the UI components and form factors, a lab study with 40 participants at a large company has been conducted. We measured the time required by the participants to set up the system and reply to encrypted emails. These measurements and a subsequent interview indicate that our NFC-based solutions are more user friendly in comparison to traditional password-protected keys.

Moves like Jagger: Exploiting variations in instantaneous gait for spontaneous device pairing

Abstract Seamless device pairing conditioned on the context of use fosters novel application domains and ease of use. Examples are automatic device pairings with objects interacted with, such as instrumented shopping baskets, electronic tourist guides (e.g. tablets), fitness trackers or other fitness equipment. We propose a cryptographically secure spontaneous authentication scheme, BANDANA, that exploits correlation in acceleration sequences from devices worn or carried together by the same person to extract always-fresh secure secrets. On two real world datasets with 15 and 482 subjects, BANDANA generated fingerprints achieved intra- (50%) and inter-body ( > 75 % ) similarity sufficient for secure key generation via fuzzy cryptography. Using BCH codes, best results are achieved with 48 bit fingerprints from 12 gait cycles generating 16 bit long keys. Statistical bias of the generated fingerprints has been evaluated as well as vulnerabilities towards relevant attack scenarios.

μDTNSec: a security layer with lightweight certificates for Disruption-Tolerant Networks on microcontrollers

In Delay/Disruption-Tolerant Networks, man-in-the-middle attacks are easy: due to the store-carry-forward principle, an attacker can simply place itself on the route between source and destination to eavesdrop or alter bundles. This weakness is aggravated in networks, where devices are energy-constrained but the attacker is not. To protect against these attacks, we design and implement μDTNSec, a security layer for Delay/Disruption-Tolerant Networks on microcontrollers. Our design establishes a public key infrastructure with lightweight certificates as an extension to the Bundle Protocol. It has been fully implemented as an addition to μDTN on Contiki OS and uses elliptic curve cryptography and hardware-backed symmetric encryption. In this enhanced version of μDTNSec, public key identity bindings are validated by exchanging certificates using neighbor discovery. μDTNSec provides a signature mode for authenticity and a sign-then-encrypt mode for added confidentiality. Our performance evaluation shows that the choice of the curve dominates the influence of the payload size. We also provide energy measurements for all operations to show the feasibility of our security layer on energy-constrained devices. Because a high quality source of randomness is required, we evaluated the random number generators by the AT86RF231 radio, its successor AT86RF233, and one based on the noise of the A/D converter. We found that only AT86RF233 provides the required quality.