3rd International Conference on Mobile Systems, Applications, and Services Abstract
Pp. 5164 of the Proceedings
Shake Them Up! A Movement-based Pairing Protocol for CPU-constrained Devices
Claude Castelluccia, INRIA, France, and University of California, Irvine; Pars Mutaf, INRIA, France
Abstract
This paper presents a new pairing protocol that allows two
CPU-constrained wireless devices Alice and Bob to establish a shared
secret at a very low cost. To our knowledge, this is the first
software pairing scheme that does not rely on expensive public-key
cryptography, out-of-band channels (such as a keyboard or a display)
or specific hardware, making it inexpensive and suitable for
CPU-constrained devices such as sensors.
In the described protocol, Alice can send the secret bit 1
to Bob by broadcasting an (empty) packet with the source field set to Alice.
Similarly, Alice can send the secret bit 0
to Bob by broadcasting an (empty) packet with the source field set to Bob.
Only Bob can identify the real source of the packet (since it did not send it, the
source is Alice), and can recover the secret bit (1 if the source is set to Alice or 0
otherwise). An eavesdropper cannot retrieve the secret bit since it cannot figure out
whether the packet was actually sent by Alice or Bob.
By randomly generating n such packets Alice and Bob can agree on an n-bit
secret key.
Our scheme requires that the devices being paired, Alice and Bob, are shaken
during the key exchange protocol. This is to guarantee that an eavesdropper
cannot identify the packets sent by Alice from those sent by Bob using
data from the RSSI (Received Signal Strength Indicator) registers available
in commercial wireless cards. The proposed protocol
works with off-the-shelf 802.11 wireless cards and
is secure against eavesdropping attacks that use
power analysis. It requires, however, some firmware changes to protect against attacks
that attempt to identify the source of packets from their transmission frequency.
- Erratum: The protocol that is presented in Section 4.3.2 of the original paper is incorrect. New versions of the HTML and the PDF corrects this protocol.
View the original full text of this paper in HTML and PDF.
Until June 2006, you will need your USENIX membership identification in order to access the full papers. The Proceedings are published as a collective work, © 2005 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
|