Nitesh Saxena

Secure device pairing based on a visual channel

Recently several researchers and practitioners have begun to address the problem of how to set up secure communication between two devices without the assistance of a trusted third party. McCune et al., (2005) proposed that one device displays the hash of its public key in the form of a barcode, and the other device reads it using a camera. Mutual authentication requires switching the roles of the devices and repeating the above process in the reverse direction. In this paper, we show how strong mutual authentication can be achieved even with a unidirectional visual channel, without having to switch device roles. By adopting recently proposed improved pairing protocols, we propose how visual channel authentication can be used even on devices that have very limited displaying capabilities

The pollution attack in P2P live video streaming: measurement results and defenses

P2P mesh-pull live video streaming applications ---such as Cool-Streaming, PPLive, and PPStream --- have become popular in the recent years. In this paper, we examine the stream pollution attack, for which the attacker mixes polluted chunks into the P2P distribution, degrading the quality of the rendered media at the receivers. Polluted chunks received by an unsuspecting peer not only effect that single peer, but since the peer also forwards chunks to other peers, and those peers in turn forward chunks to more peers, the polluted content can potentially spread through much of the P2P network. The contribution of this paper is twofold. First, by way of experimenting and measuring a popular P2P live video streaming system, we show that the pollution attack can be devastating. Second, we evaluate the applicability of four possible defenses to the pollution attack: blacklisting, traffic encryption, hash verification, and chunk signing. Among these, we conclude that the chunk signing solutions are most suitable.

Admission control in Peer-to-Peer: design and performance evaluation

Peer-to-Peer (P2P) applications and services are very common in todays computing. The popularity of the P2P paradigm prompts the need for specialized security services which makes P2P security an important and challenging research topic. Most prior work in P2P security focused on authentication, key management and secure communication. However, an important pre-requisite for many P2P security services is secure admission, or how one becomes a peer in a P2P setting. This issue has been heretofore largely untouched.This paper builds upon some recent work [11] which constructed a peer group admission control framework based on different policies and corresponding cryptographic techniques. Our central goal is to assess the practicality of these techniques. To this end, we construct and evaluate concrete P2P admission mechanisms based on various cryptographic techniques. Although our analysis focuses primarily on performance, we also consider other important features, such as: anonymity, unlinkability and accountability. Among other things, our experimental results demonstrate that, unfortunately, advanced cryptographic constructs (such as verifiable threshold signatures) are not yet ready for prime time.

Caveat eptor: A comparative study of secure device pairing methods

“Secure Device Pairing” is the process of bootstrapping a secure channel between two previously unassociated devices over a (usually wireless) human-imperceptible communication channel. Lack of prior security context and common trust infrastructure open the door for Man-in-the-Middle (also known as Evil Twin) attacks. Mitigation of these attacks requires user involvement in the device pairing process. Prior research yielded a number of interesting methods utilizing various auxiliary human-perceptible channels, e.g., visual, acoustic or tactile. These methods engage the user in authenticating information exchanged over human-imperceptible channels, thus mitigating MiTM attacks and forming the basis for secure pairing. We present the first comprehensive comparative evaluation of notable secure device pairing methods. Our results identify methods best-suited for a given combination of devices and human abilities. This work is both important and timely, since it sheds light on usability in one of the very few settings where a wide range of users (not just specialists) are confronted with security techniques.

A comparative study of secure device pairing methods

“Secure Device Pairing” is the process of bootstrapping a secure channel between two previously unassociated devices over a (usually wireless) human-imperceptible communication channel. Lack of prior security context and common trust infrastructure open the door for Man-in-the-Middle (also known as Evil Twin) attacks. Mitigation of these attacks requires user involvement in the device pairing process. Prior research yielded a number of interesting methods utilizing various auxiliary human-perceptible channels, e.g., visual, acoustic or tactile. These methods engage the user in authenticating information exchanged over human-imperceptible channels, thus mitigating MiTM attacks and forming the basis for secure pairing. We present the first comprehensive comparative evaluation of notable secure device pairing methods. Our results identify methods best-suited for a given combination of devices and human abilities. This work is both important and timely, since it sheds light on usability in one of the very few settings where a wide range of users (not just specialists) are confronted with security techniques.

Secure Proximity Detection for NFC Devices Based on Ambient Sensor Data

In certain applications, it is important for a remote server to securely determine whether or not two mobile devices are in close physical proximity. In particular, in the context of an NFC transaction, the bank server can validate the transaction if both the NFC phone and reader are precisely at the same location thereby preventing a form of a devastating relay attack against such systems.

Efficient node admission for short-lived mobile ad hoc networks

Admission control is an essential and fundamental security service in mobile ad hoc networks (MANETs). It is needed to securely cope with dynamic membership and topology and to bootstrap other important security primitives (such as key management) and services (such as secure routing) without the assistance of any centralized trusted authority. An ideal admission protocol must involve minimal interaction among the MANET nodes, since connectivity can be unstable. Also, since MANETs are often composed of weak or resource-limited devices, admission control must be efficient in terms of computation and communication. Most previously proposed admission control protocols are prohibitively expensive and require a lot of interaction among MANET nodes in order to securely reach limited consensus regarding admission and cope with potentially powerful adversaries. While the expense may be justified for long-lived group settings, short-lived MANETs can benefit from much less expensive techniques without sacrificing any security. In this paper, we consider short-lived MANETs and present a secure, efficient and a fully non-interactive admission control protocol for such networks. More specifically, our work is focused on novel applications of non-interactive secret sharing techniques based on bi-variate polynomials, but, unlike other results, the associated costs are very low

Identity-Based access control for ad hoc groups

The proliferation of group-centric computing and communication motivates the need for mechanisms to provide group access control. Group access control includes mechanisms for admission as well as revocation/eviction of group members. Particularly in ad hoc groups, such as peer-to-peer (P2P) systems and mobile ad hoc networks (MANETs), secure group admission is needed to bootstrap other group security services. In addition, secure membership revocation is required to evict misbehaving or malicious members. Unlike centralized (e.g., multicast) groups, ad hoc groups operate in a decentralized manner and accommodate dynamic membership which make access control both interesting and challenging. Although some recent work made initial progress as far as the admission problem, the membership revocation problem has not been addressed. In this paper, we develop an identity-based group admission control technique which avoids certain drawbacks of previous (certificate-based) approaches. We also propose a companion membership revocation mechanism. Our solutions are robust, fully distributed, scalable and, at the same time, reasonably efficient, as demonstrated by the experimental results.

Threshold cryptography in P2P and MANETs: The case of access control

Ad hoc groups, such as peer-to-peer (P2P) systems and mobile ad hoc networks (MANETs) represent recent technological advancements. They support low-cost, scalable and fault-tolerant computing and communication. Since such groups do not require any pre-deployed infrastructure or any trusted centralized authority they have many valuable applications in military and commercial as well as in emergency and rescue operations. However, due to lack of centralized control, ad hoc groups are inherently insecure and vulnerable to attacks from both within and outside the group. Decentralized access control is the fundamental security service for ad hoc groups. It is needed not only to prevent unauthorized nodes from becoming members but also to bootstrap other security services such as key management and secure routing. In this paper, we construct several distributed access control mechanisms for ad hoc groups. We investigate, in particular, the applicability and the utility of threshold cryptography (more specifically, various flavors of existing threshold signatures) towards this goal.

Location-Aware and Safer Cards: Enhancing RFID Security and Privacy via Location Sensing

In this paper, we report on a new approach for enhancing security and privacy in certain RFID applications whereby location or location-related information (such as speed) can serve as a legitimate access context. Examples of these applications include access cards, toll cards, credit cards, and other payment tokens. We show that location awareness can be used by both tags and back-end servers for defending against unauthorized reading and relay attacks on RFID systems. On the tag side, we design a location-aware selective unlocking mechanism using which tags can selectively respond to reader interrogations rather than doing so promiscuously. On the server side, we design a location-aware secure transaction verification scheme that allows a bank server to decide whether to approve or deny a payment transaction and detect a specific type of relay attack involving malicious readers. The premise of our work is a current technological advancement that can enable RFID tags with low-cost location (GPS) sensing capabilities. Unlike prior research on this subject, our defenses do not rely on auxiliary devices or require any explicit user involvement.