Rong Jin

MagPairing: Pairing Smartphones in Close Proximity Using Magnetometers

With the prevalence of mobile computing, lots of wireless devices need to establish secure communication on the fly without pre-shared secrets. Device pairing is critical for bootstrapping secure communication between two previously unassociated devices over the wireless channel. Using auxiliary out-of-band channels involving visual, acoustic, tactile, or vibrational sensors has been proposed as a feasible option to facilitate device pairing. However, these methods usually require users to perform additional tasks, such as copying, comparing, and shaking. It is preferable to have a natural and intuitive pairing method with minimal user tasks. In this paper, we introduce a new method, called MagPairing, for pairing smartphones in close proximity by exploiting correlated magnetometer readings. In MagPairing, users only need to naturally tap the smartphones together for a few seconds without performing any additional operations in authentication and key establishment. Our method exploits the fact that smartphones are equipped with tiny magnets. Highly correlated magnetic field patterns are produced when two smartphones are close to each other. We design MagPairing protocol and implement it on Android smartphones. We conduct extensive simulations and real-world experiments to evaluate MagPairing. Experiments verify that the captured sensor data on which MagPairing is based has high entropy and sufficient length, and is nondisclosure to attackers more than few centimeters away. Usability tests on various kinds of smartphones by totally untrained users show that the whole pairing process needs only 4.5 s on average with more than 90% success rate.

Physical layer key agreement under signal injection attacks

Physical layer key agreement techniques derive a symmetric cryptographic key from the wireless fading channel between two wireless devices by exploiting channel randomness and reciprocity. Existing works mainly focus on the security analysis and protocol design of the techniques under passive attacks. The study on physical layer key agreement techniques under active attacks is largely open. In this paper, we present a new form of high threatening active attack, named signal injection attack. By injecting the similar signals to both keying devices, the attacker aims at manipulating the channel measurements and compromising a portion of the key. We further propose a countermeasure to the signal injection attack, PHY-UIR (PHYsical layer key agreement with User Introduced Randomness). In PHY-UIR, both keying devices independently introduce randomness into the channel probing frames, and compose common random series by combining the randomness in the fading channel and the ones introduced by users together. With this solution, the composed series and injected signals become uncorrelated. Thus, the final key will automatically exclude the contaminated portion related to injected signal while persisting the other portion related to random fading channel. Moreover, the contaminated composed series at two keying devices become decorrelated, which help detect the attack. We analyze the security strength of PHY-UIR and conduct extensive simulations to evaluate it Both theoretical analysis and simulations demonstrate the effectiveness of PHY-UIR. We also perform proof-of-concept experiments by using software defined radios in a real-world environment. We show that signal injection attack is feasible in practice and leads to a strong correlation (0.75) between the injected signal and channel measurements at legitimate users for existing key generation methods. PHY-UIR is immune to the signal injection attack and results in low correlation (0.15) between the injected signal and the composed random signals at legitimate users.

SecNFC: Securing inductively-coupled Near Field Communication at physical layer

Near Field Communication (NFC) is widely used today in many useful applications, such as contactless payment, identification, and file exchange. Due to the limitations on computation, power, and cost of NFC devices, NFC systems are often lack of encryption or weakly encrypted, leaving them exposed to security attacks. One solution for this problem is to install strong cryptographic protocols on NFC devices. However, it involves upgrading and revoking deployed NFC devices, which is costly and impractical. Moreover, encryption algorithms are usually considered expensive for resource constrained NFC devices in terms of computation overhead and energy consumption. In this paper, aiming at securing NFC from eavesdropping at physical layer, we propose SecNFC, a solution that changes the signals on the initiators to hide the communications, but does not require any changes to the targets. In this work, for the first time, we address a practical problem of synchronization offset between two NFC terminals, which can be exploited by an eavesdropper to compromise the transmitted bits. SecNFC takes into consideration the synchronization offset and solves the challenge by introducing blocking signals around the transition point when the target switches load between on and off. With this solution, even with the existence of synchronization offset, eavesdroppers cannot extract any bit information from eavesdropping. We conduct extensive simulations to evaluate the performance of SecNFC. We also build a testbed based on USRP software defined radio and off-the-shelf NFC tags to evaluate SecNFC in a real-world environment. Both simulation and experimental results show that SecNFC can efficiently prevent NFC from eavesdropping with a slight and tolerable decoding performance degradation at the initiator.

MagPairing: Exploiting magnetometers for pairing smartphones in close proximity

With the prevalence of mobile computing, lots of wireless devices need to establish secure communication on the fly without pre-shared secrets. Device pairing is critical for bootstrapping secure communication between two previously unassociated devices over the wireless channel. Using auxiliary out-of-band channels involving visual, acoustic, tactile or vibrational sensors has been proposed as a feasible option to facilitate device pairing. However, these methods usually require users to perform additional tasks such as copying, comparing, and shaking. It is preferable to have a natural and intuitive pairing method with minimal user tasks. In this paper, we introduce a new method, called MagPairing, for pairing smartphones in close proximity by exploiting correlated magnetometer readings. In MagPairing, users only need to naturally tap the smartphones together for a few seconds without performing any additional operations in authentication and key establishment. Our method exploits the fact that smartphones are equipped with tiny magnets. Highly correlated magnetic field patterns are produced when two smartphones are close to each other. We design MagPairing protocol and implement it on Android smartphones. We conduct extensive simulation and experiments to evaluate MagPairing. Experimental results show that MagPairing can successfully pair two smartphones with 4.5 seconds on average. It is immune to man-in-the-middle attack even when the attacker is a few centimeters away from the pairing devices.

Practical secret key agreement for full-duplex near field communications

Near Field Communication (NFC) is a promising short distance radio communication technology for many useful applications. Although its communication range is short, NFC alone does not guarantee secure communication and is subject to security attacks, such as an eavesdropping attack. Generating a shared key and using symmetric key cryptography to secure the communication between NFC devices is a feasible solution to prevent various attacks. However, conventional Diffie-Hellman key agreement protocol is not preferable for resource constrained NFC devices due to its extensive computational overhead and energy consumption. In this paper, we propose a practical, fast and energy-efficient key agreement scheme, which uses random bits transmission with waveform shaking, for NFC devices by exploiting its off-the-shelf full-duplex capability. In the proposed method, two devices send random bits to each other simultaneously without strict synchronization or perfect match of amplitude and phase. On the contrary, the method randomly introduces synchronization offset and mismatch of amplitude and phase for each bit transmission in order to prevent a passive attacker from determining the generated key. A shared bit can be established when two devices send different bits. We conduct theoretical analysis on the correctness and security strength of the method, and extensive simulations to evaluate its effectiveness. We build a testbed based on USRP software defined radio and conduct proof-of-concept experiments to evaluate the method in a real-world environment. It shows that the proposed method achieves a high key generation rate of about 26 kbps and is immune to eavesdropping attack even when the attacker is within several centimeters from the legitimate devices. The proposed method is a practical, fast, energy-efficient, and secure key agreement scheme for resource-constrained NFC devices.

Delay analysis of physical layer key generation in multi-user dynamic wireless networks

Secret key generation by extracting the shared randomness in wireless fading channel is a promising way to ensure wireless communication security. Previous works only consider key generation in static networks, but real-world key establishments are usually dynamic. In this work, for the first time we investigate the pairwise key generation in dynamic wireless networks with a center node (eg. access point (AP)) and random arrival users. We establish the key generation model for this kind of networks. We propose a method based on discrete Markov chain to calculate the average time a user will spend on waiting and completing the key generation (average key generation delay, AKGD). Our method can tackle both serial and parallel key generation scheduling under various conditions. We conduct extensive simulations to show the effectiveness of our model and method. The analytical and simulation results match to each other.

Delay Analysis of Physical-Layer Key Generation in Dynamic Roadside-to-Vehicle Networks

Secret key generation by extracting the shared randomness in a wireless fading channel is a promising way to ensure wireless communication security. Previous studies only consider key generation in static networks, but real-world key establishments are usually dynamic. In this paper, for the first time, we investigate the pairwise key generation in dynamic wireless networks with a center node and random arrival users (e.g., roadside units (RSUs) with vehicles). We establish the key generation model for these kinds of networks. We propose a method based on discrete Markov chain to calculate the average time a user will spend on waiting and completing the key generation, called average key generation delay (AKGD). Our method can tackle both serial and parallel key generation scheduling under various conditions. We propose a novel scheduling method, which exploits wireless broadcast characteristic to reduce AKGD and probing energy. We conduct extensive simulations to show the effectiveness of our model and method. The analytical and simulation results match each other.