Yogendra C. Shah

Information-Theoretically Secret Key Generation for Fading Wireless Channels

The multipath-rich wireless environment associated with typical wireless usage scenarios is characterized by a fading channel response that is time-varying, location-sensitive, and uniquely shared by a given transmitter-receiver pair. The complexity associated with a richly scattering environment implies that the short-term fading process is inherently hard to predict and best modeled stochastically, with rapid decorrelation properties in space, time, and frequency. In this paper, we demonstrate how the channel state between a wireless transmitter and receiver can be used as the basis for building practical secret key generation protocols between two entities. We begin by presenting a scheme based on level crossings of the fading process, which is well-suited for the Rayleigh and Rician fading models associated with a richly scattering environment. Our level crossing algorithm is simple, and incorporates a self-authenticating mechanism to prevent adversarial manipulation of message exchanges during the protocol. Since the level crossing algorithm is best suited for fading processes that exhibit symmetry in their underlying distribution, we present a second and more powerful approach that is suited for more general channel state distributions. This second approach is motivated by observations from quantizing jointly Gaussian processes, but exploits empirical measurements to set quantization boundaries and a heuristic log likelihood ratio estimate to achieve an improved secret key generation rate. We validate both proposed protocols through experimentations using a customized 802.11a platform, and show for the typical WiFi channel that reliable secret key establishment can be accomplished at rates on the order of 10 b/s.

Extracting Secrecy from Jointly Gaussian Random Variables

We present a method for secrecy extraction from jointly Gaussian random sources. The approach is motivated by and has applications in enhancing security for wireless communications. The problem is also found to be closely related to some well known lossy source coding problems

Trust in M2M communication

Machine-to-machine (M2M) communication is viewed as one of the next frontiers in wireless communications. M2M communication applications and scenarios are growing and lead the way to new business cases. Because of the nature of M2M scenarios, involving unguarded, distributed devices, new security threats emerge. The use case scenarios for M2M communication also address the new requirement on flexibility, because of deployment scenarios of the M2ME in the field. We believe that these new requirements require a paradigm shift. One important pillar of such a shift will be a new, more balanced mix of device-centric trust and traditional enforcement of security properties.

On the Secrecy Capabilities of ITU Channels

We consider the secrecy inherent in the reciprocal nature of multipath fading channels and present a technique to generate a shared perfectly secret key by two terminals observing a multipath fading channel. Using this technique we quantify the secrecy that can be generated from ITU cellular channels for the 2 GHz frequency range.

Smart OpenID: A Smart Card Based OpenID Protocol

OpenID is a lightweight, easy to implement and deploy approach to Single Sign-On (SSO) and Identity Management (IdM), and has great potential for large scale user adoption especially for mobile applications. At the same time, Mobile Network Operators are increasingly interested in leveraging their existing infrastructure and assets for SSO and IdM. In this paper, we present the concept of Smart OpenID, an enhancement to OpenID which moves part of the OpenID authentication server functionality to the smart card of the user’s device. This seamless, OpenID-conformant protocol allows for scaling security properties, and generally improves the security of OpenID by avoiding the need to send user credentials over the Internet and thus avoid phishing attacks. We also describe our implementation of the Smart OpenID protocol based on an Android phone, which interacts with OpenID-enabled web services.

Security Aspects of Smart Cards vs. Embedded Security in Machine-to-Machine (M2M) Advanced Mobile Network Applications

The Third Generation Partnership Project (3GPP) standardisation group currently discusses advanced applications of mobile networks such as Machine-to-Machine (M2M) communication. Several security issues arise in these contexts which warrant a fresh look at mobile networks’ security foundations, resting on smart cards. This paper contributes a security/efficiency analysis to this discussion and highlights the role of trusted platform technology to approach these issues.

Multi-factor Authentication as a Service

An architecture for providing multi-factor authentication as a service is proposed, resting on the principle of a loose coupling and separation of duties between network entities and end user devices. The multi-factor authentication architecture leverages Identity Federation and Single-Sign-On technologies, such as the OpenID framework, in order to provide for a modular integration of various factors of authentication. The architecture is robust and scalable enabling service providers to define risk-based authentication policies by way of assurance level requirements, which map to concrete authentication factor capabilities on user devices.

Trusted computing enhanced user authentication with OpenID and trustworthy user interface

Trusted computing, used as a security technology, can establish trust between multiple parties. One implementation of trusted computing technology standardised by the Trusted Computing Group is the trusted platform module (TPM). We build on the security provided by the TPM to create a trusted variant of identity management systems based on the popular OpenID protocol. We show that it is feasible to bind OpenID identities to the trustworthiness of the device. Our concept and implementation builds on previous work which showed that trusted computing can be used to create tickets. In this work, we use such tickets as a building block to establish trust in the OpenID protocol between the identity provider and the device. Furthermore, we investigate how mutual trust can be established in the communication between device and user during authentication. The concept of trust visualisation via a trusted environment and binding to user authentication are presented.

Network slice selection, assignment and routing within 5G Networks

5G Networks are anticipated to provide a diverse set of services over Network Slices (NS) using Network Function Virtualization (NFV) technologies. We propose solutions to enable NS selection and routing of traffic routing through a NS. A framework for enabling negotiation, selection and assignment of NSs for requesting applications in 5G networks is presented. A definition for service description has been developed, which is then leveraged for negotiation between an application/user equipment and the serving network. Virtualized networks or slices of virtualized networks are selected and assigned based on QCI and security requirements associated with a requested service. We also describe static and dynamic mechanisms for packet routing within NSs.

Seamless authentication and mobility across heterogeneous networks using federated identity systems

With the increasing demand for mobile data services and increased availability of multimode devices with multiple wireless interfaces, seamless mobility and service continuity across heterogeneous networks has become a differentiating service for Operators to offer users an enhanced mobile experience. In recent years, the Federated Identity Management (IdM) standards and technologies have rapidly evolved to address security, user experience, and privacy needs from an application layer perspective or as seen from the end user. As a result of these Federated IdM activities, a Single Sign-On (SSO) concept has been created in which a user may use a single set of authentication credentials to gain access to multiple independent Application Services. This paper provides an overview of the various layers of security in a communications protocol stack and then presents an approach to achieve seamless mobility across heterogeneous networks based on Federated Identity systems. By leveraging a pre-established application layer security association, access layer authentication and setup of a secure channel in an on-demand, automated and seamless manner may be carried out whilst roaming across disparate networks.