Jesse Walker

Overview of IEEE 802.16 security

When creating the new wireless communication standard IEEE 802.16, designers attempted to reuse a security scheme designed for wired media. The authors review the standard, enumerate its flaws, and outline changes that could defend it against threats.

Security flaws in 802.11 data link protocols

Understanding the difficulties in security protocol design and attempting to relocate the struggle between hacker and defender to a different protocol layer.

Low-cost manufacturing, usability, and security: an analysis of bluetooth simple pairing and Wi-Fi protected setup

Bluetooth Simple Pairing and Wi-Fi Protected Setup specify mechanisms for exchanging authentication credentials in wireless networks. Both Simple Pairing and Protected Setup support multiple setup mechanisms, which increases security risks and hurts the user experience. To improve the security and usability of these specifications, we suggest defining a common baseline for hardware features and a consistent, interoperable user experience across devices.

SEAR: a secure efficient ad hoc on demand routing protocol for wireless networks

Multi-hop routing is essential to the operation of wireless ad hoc networks. Unfortunately, it is very easy for an adversary to forge or modify routing messages to inflict severe damage on the underlying routing protocol. In this paper, we present SEAR, a Secure Efficient Ad hoc Routing protocol for ad hoc networks that is mainly based on efficient symmetric cryptography, with asymmetric cryptography used only for the distribution of initial key commitments. We show, through both theoretical examination and simulations, that SEAR provides better security with significantly less overhead than other existing secure AODV protocols.

SHA-512/256

With the emergence of pervasive 64 bit computing we observe that it is more cost effective to compute a SHA-512 than it is to compute a SHA-256 over a given size of data. We propose a standard way to use SHA-512 and truncate its output to 256 bits. For 64 bit architectures, this would yield a more efficient 256 bit hashing algorithm, than the current SHA-256. We call this method SHA-512/256. We also provide a method for reducing the size of the SHA-512 constants table that an implementation will need to store.

Security challenges for the intelligent transportation system

There has been considerable work addressing security in vehicular network systems for Intelligent Transportation System (ITS) usages. We examine the risks and proposed security solutions in this space. Our analysis leads to several key observations. The current security work misses many practical ITS usage and security requirements, since it fails to consider practical economic models and critical ITS functional requirements as a control system. Consequently, the standardized ITS communication message authenticity solutions have little utility relative to addressing the real threats. Furthermore, we discovered that fundamental re-thinking of the public key infrastructure support for secure vehicular communication is essential, because of the multi-stakeholder and cross-domain nature of many ITS usages. Based on our analysis, we call for future research directions in analyzing practical problems and designing solutions to secure vehicular communication in order to achieve its full potential.

Key exchange with anonymous authentication using DAA-SIGMA protocol

Anonymous digital signatures such as Direct Anonymous Attestation (DAA) and group signatures are a fundamental building block for anonymous authentication. In this paper, we show how to incorporate DAA schemes into a key exchange protocol between two entities to achieve anonymous authentication and to derive a shared key between them. We modify the SIGMA key exchange protocol used in the Internet Key Exchange (IKE) standards to support anonymous authentication using DAA. Our key exchange protocol also extends to support group signature schemes instead of DAA. We present a secure model for key exchange with anonymous authentication derived from the Canetti-Krawczyk key-exchange security model. We prove that our DAA-SIGMA protocol is secure under our security model.

SEAR: A secure efficient ad hoc on demand routing protocol for wireless networks

Multi-hop routing is essential to the operation of wireless ad hoc networks. Unfortunately, it is very easy for an adversary to forge or modify routing messages to inflict severe damage on the underlying routing protocol. In this paper, we present SEAR, a secure efficient ad hoc routing (SEAR) protocol for ad hoc networks that is mainly based on efficient symmetric cryptography, with asymmetric cryptography used only for the distribution of initial key commitments. SEAR uses one-way hash functions to protect the propagation of the routing messages. Intermediate nodes verify the routing messages by applying one-way functions, while malicious nodes cannot construct beneficial false routing messages when forwarding them. Route error (RERR) messages are protected through a variation of the TESLA broadcast authentication scheme. The SEAR protocol does not require any additional routing packet formats, and thus follows the same basic design as ad hoc on-demand distance vector (AODV). We show, through both theoretical examination and simulations, that SEAR provides better security with significantly less overhead than other existing secure AODV (SAODV) protocols. Copyright

Designing an evaluation method for security user interfaces: lessons from studying secure wireless network configuration

: / 28 Ten or 20 years ago, evaluating security products was not as much of a problem as it is today. Systems were managed by people able—and willing—to master the complexities. However, with the proliferation of personal computing devices and network connectivity in the home, systems are now regularly managed by nonexperts. Each system needs to be secured by each user in each home. Therefore designing effective, unbiased evaluation methods for consumer products is one of the first steps in improving both users’ experiences and their security practices. Evaluating the usability of security is a challenge. A common question evaluators face is: “How do I test whether users will configure and use a product securely?” In this article, we outline problems we encountered in evaluating secure wireless network configuration and examine the assumptions many user study methods make, but which may not hold for security.

Designing user studies for security applications: a case study with wireless network configuration

Spontaneous interactions between end users and devices are generally secured by human actions. Evaluating whether end users are able to perform these actions correctly can be challenging. Basic, textbook-style user study methods make assumptions that may not hold for security applications. In this piece, we outline five major user study assumptions. Using 802.11 network configuration as a case study, we also show how to adapt existing user study methods for evaluating security applications. We model how security experts might approach the configuration of their own home networks. Next, we combine several methods to design a study that pinpoints where end users encounter difficulties during configuration. Finally, we discuss the findings from our user study.