Design Challenges and Practical Solutions for Securing Wireless Body Area Networks

Transcription

1 Design Challenges and Practical olutions for ecuring Wireless Body Area Networks Dr. Ming Li 10/16/2013 Assistant Professor, Dept. of Computer cience, Utah tate University

2 Outline Background on Body Area Networks (BAN) Main Design Challenges BANA: Body Area Network Authentication Exploiting Channel Characteristics AK-BAN: Authenticated ecret Key Extraction for BANs Conclusion and Future Work 2

3 Background Wireless Body Area Network (BAN) 3 [ource:

4 ecurity Issues in BAN Medical devices can also have actuators 4 Who has to die before ecurity is Increased in Wireless Enabled Medical Devices?

5 ecurity Issues in BAN (cont d) ystem and device-level security (authentication & integrity) Data must come from legitimate devices, and should not be modified. Affect safety! Invasion of privacy (data confidentiality) Why should we care? Availability (robustness) Against inadvertent or malicious Denial-of-ervice 5 Wearable ECG monitors Pulse Oximeter Glucose Monitors Cardiac Defibrillators

6 ecure Trust Initialization Bootstrap secure communication within a BAN Establish authenticated secret keys to protect BAN from attacks ecuring both one-to-one and group communication Attack model Can eavesdrop, modify, insert, delete information from the wireless channel May compromise devices afterwards General assumption 6 Devices share no secret information a priori

7 BAN ecurity Challenges Resource-constraint Battery power; Hardware (memory, speed, interfaces) etc. - lightweight ecurity & safety dilemma trict security is needed in normal cases But how about in an emergency? - fail safe Usability requirement Your grandma should be able to use it! - intuitive 7

8 Key pre-distribution Existing Approaches Requires physical contact or extra hardware Not easy to update keys E.g.: Resurrecting duckling [Andersen, 1999]; (wire, UB) Message-in-a-bottle, [enys 07], KALwEN (faraday cage). Biometrical measurements Extract keys from shared biometric signs; plug-and-play Require specialized sensing hardware E.g.: [Poon et al., IEEE Communication Magazine 2006; Venkatasubramanian et al., IEEE Transaction 2010; Venkatasubramanian et al., TON 2010; Xu et al., INFOCOM 2011] 8

9 Physical-layer ecurity Approaches Basic idea Non-cryptographic, use the characteristics of wireless channel Advantage: against key compromise, etc. Related work ecret key extraction from wireless channel [Mathur et. al. Mobicom 2008; Jana et. al. Mobicom 2009; Lai et. al. Allerton 2011] Vulnerable to Man-in-the-Middle (MitM) attack! Physical-layer authentication/proximity-based access control [Cai et al., ND 2011; Mathur et al., Mobiys 2011; Patwari et al., MobiCom 2007; Rasmussen et al., CC 2009; Zeng et al., Wireless Commun. 2010] Need advanced hardware: not compatible 9

10 Outline Background on Body Area Networks (BAN) Main Design Challenges BANA: Body Area Network Authentication Exploiting Channel Characteristics AK-BAN: Authenticated ecret Key Extraction for BANs Conclusion and Future Work 10

11 Problem tatement Can we achieve BAN device authentication without out-of-band channels and human interaction? (merely using wireless) Lu hi*, Ming Li #, hucheng Yu *, Jiawei Yuan, * ACM Wiec, Tucson, AZ,

12 Goal: Models and Assumptions CU differentiates on-body sensors from off-body sensors On-body sensors authenticate CU. Assumption Honest sensor nodes are on-body CU is on-body or near-body, relatively static to the body whether static or in motion during authentication. 12

13 Models and Assumptions (cont d) ystem Model Multiple COT sensors and one CU. CU is not compromised. No additional hardware or out-of-band channel. Attack Model One or more attackers, physically away from body. Eavesdropping, message injection, changing transmission power. Jamming or Do attacks are not considered. 13

14 Exploit Unique Channel Characteristics Observation 1: RI variations for on-body channels are greatly different from RI variations between off-body channels, under artificially introduced motions or channel disturbance. RI variations can be used as an indicator of channel stability. 14

15 15 Experiment Evidence

16 Theoretical Explanation On-body Channel: effect of human body is negligible for onbody devices which are very close and relative static to each other; direct path effect is the dominant factor. Off-body Channel: motions introduce Doppler shift; multipath effect is the dominant factor. 16

17 BANA Protocol The metric to differentiate between on-body sensors and off-body sensors? Average RI variations (ARV) ARV i = um i /NT, while um i = Σ RI k -RI K-1 How to deal with ARVs for final decision? Classification: [ accept ], [ reject ] 17

18 18 BANA Protocol

19 ensor deployment: Experiment etup 7 on-body; chest, arm, waist, thigh. 6 off-body. Experiment locations: (WxLxH, m) mall room: 2.8x3.3x2.7 Medium room: 4.5x5.5x2.7 Corridor: 4.5x40x2.7 19

20 Experiment Testing Plans Involve 2 males and 1 female as patients. Patient movements: walking, sitting & rotating, sitting & rolling. Attacker Placement: inside, next door, far away. Attacker movements: static, following. Each experiment duration: 2 min. 20

21 ARV measurements in 5 Test Plans ARVs of 34/35 on-body sensors are less than 4dB. ARVs of on-body sensors are relatively small. Utilize K-means clustering to partition ARVs into two groups. 21

22 Effectiveness False positive rates and false negative rates are calculated based on 15 sets of data under different settings. 22

23 ecurity Against trategic Attackers Attacker strategy 1: deploy a large number of attacker nodes to deviate classification result. expensive & easily detected. 23

24 ecurity Against trategic Attackers Attacker strategy 2: statistically predict the communication channel between on-body sensors and CU. Predict the channel and change transmission power or refer to historical measurements Channel is dynamic with short coherence time Both CU and on-body sensors are more than half wavelength away from off-body attackers. Beam-Forming Attacks Raise suspicion due to large size. Difficult to perform in NLO scenarios. 24

25 Efficiency Authentication time is up to 12 second. Computation and communication cost is negligible for sensor nodes. 25

26 ummary Discovered a new type of channel characteristics in BAN environment. Proposed BANA: lightweight, commercial off-the-shelf, non-cryptographic without prior-trust, fail-safe. Experiments show effectiveness and efficiency of BANA. 26

27 Outline Background on Body Area Networks (BAN) Main Design Challenges BANA: Body Area Network Authentication Exploiting Channel Characteristics AK-BAN: Authenticated ecret Key Extraction for BANs Conclusion and Future Work 27

28 Problem tatement Can we achieve authenticated secret key extraction in BAN using merely wireless communication? Lu hi*, Jiawei Yuan *, hucheng Yu *, Ming Li #, ACM Wiec, Budapest, Hungary, April

29 The Challenge: A Dilemma Rate is the critical issue for key generation Higher key generation rate requires dynamic channel. Device authentication via BANA requires the opposite Utilizes stability of on-body channel How to solve this tension? 30

30 Unique Channel Characteristics Observation II: On-Body channels exhibit obviously different RI variations Channels between Line-of-sight on-body devices tend to be much more stable than devices in Non-line-of-sight locations (e.g. front-to-back). Can deploy auxiliary sensor to create both channels 31 Wiec 2013

31 R (dbm) R (dbm) Experimental Evidence Channels between CU and 1 to 5 Front View Back View CU amples (per 200 ms) 0 1 Channels between 5 4 and 1, 2, 3, On-body ensors (a) (b) amples (per 200 ms)

32 Theoretical Explanation Line-of-sight channels: the direct path effect is the dominant factor between closely placed devices. table fading if relatively static. Non-line-of-sight channels: affected by the device placement, body movements, human tissue and body surface. Unpredictable fading. 33 Wiec 2013

33 Basic Idea Use stable channels for authentication How to authenticate on-body devices with unstable NLO channels? Exploit multi-hop authentication and transitive trust! Use dynamic channels for key generation How to achieve high key generation rate for LO devices? Exploit node cooperation (multi-hop relay) modeled as a max-flow problem! Needs to achieve key authenticity and secrecy simultaneously 34

34 1. Pairwise Key Generation AK-BAN Protocol k k 1CU k 2CU k 15 k 14 C U k 13 k 25 k 24 k 3CU k 4CU k 5CU 5 k 35 k 45 4 For each node i and CU: Adopt Adaptive ecret Bit Generation (ABG) to build initial shared secret key from R measurements. Generate (n + 1) 2 pairwise keys among n + 1 nodes including CU. 35 k 23 k 34 3

35 2. Initial Authentication AK-BAN Protocol After 1 mm 27 x After + t r1 t /1000 ms sec After 2 x After + t r2 2t /1000 sec ms 36 M m 16 mm 38 C U 3 CU All the broadcasts nodes, including a hello CU, M m 510 message: measure channels. M = (x, t 0, t) tr: a random number M 5 x: a t r1 random < t r2 < number < t m r5 49 After After 5t t 0 : total response time x ms + t t: time interval of each r5 /1000 response Response sec message broadcasting message repeats every t ms, After 4 lasts for t x + t r4 /1000 sec 0 sec. After 4t ms After 3t x ms + t r3 /1000 sec

36 AK-BAN Protocol 2. Initial Authentication 1 ARV cu, ARV 2, ARV 3, ARV 4, ARV 5 C U ARV 1, ARV 2, ARV 3, ARV 4, ARV 5 5 ARV cu, ARV 1, ARV 2, ARV 3, ARV 4 For each node i and CU: Calculates ARV by ARV = um of [R k - R k+1 ] Classifies ARV values into two groups ARV cu, ARV 1, ARV 3, ARV 4, ARV 5 3 ARV cu, ARV 1, ARV 2, ARV 4, ARV 5 4 Accepts nodes whose ARV belongs to the small value group, records as ( j, T). Otherwise, rejects and records as ( j, F). Constructs a trust table.

37 AK-BAN Protocol 3. Authenticated ecret Capacity Broadcast tores M 31 Measures TG={ 2, R CU} 1 tores M 32 Measures R 2 TG={ 1, CU} M 31 M 32 C tores TG={ For each node i and CU: 1 M, 3CU 2, U Measures 3 } R TG={ Broadcasts a secret 4 } capacity message: M 5 ij = (ID i, ID j, T/F, C ij ) M 3CU tores M 35 Computes ARVs and performs Measures R classification on ARVs. Adds M 35 valid j and trusted neighbors of j into Trust Group. 4 Constructs a security M 34 TG={ tores 3, M 34 capacity topology Measures 5 } R 3 TG={CU, 4 } 38

38 4. Deciding Maximum Entropy AK-BAN Protocol C U For i : Based on the capacity topology, runs the max-flow algorithm to find the path(s) to CU that can transmit maximized entropy of key information. 39 3

39 AK-BAN Protocol 5. Key Aggregation Broadcast Between i and CU: K 23 k Broadcasts k 23 k 25 C U 3 max-flow paths between 3 and CU: CU, 3 5 CU. k 23 k 5CU k 5cu k 23 Broadcas ts k 5CU k K 5C U k 25 Each j on the max-flow path broadcasts the XORed value of keys between it and its two neighbors respectively. i and CU obtain each other s pairwise key shared with neighbor along the max-flow path, pick one as the final key between i and CU. Multiple max-flow paths: Concatenation of the keys from individual max-flow paths.

40 5. Key Aggregation Broadcast AK-BAN Protocol Max-flow multi-path merging/splitting: No overlapped bits are used in the XORed value sent from the same node. The broadcast message includes the bit segment starting position of each key used by the XOR operation. 1 CU 5 K25' K35' 5 K5cu' 2 4 K5cu 3 K25' K35' 41 (a) (b)

41 Node Authentication ecurity Analysis Legitimate nodes: successful authentication probability increases Attacker: does not get more chances to be authenticated Man-In-The-Middle attacks are prevented ecrecy of the Extracted Key Attacker channels are uncorrelated to on-body channels. Attackers cannot derive secret key bits generated by on-body nodes. 42

42 ensor deployment Experiment etup 8 on-body: chest, arm, waist, thigh, back. 1 CU. 1 off-body. Room locations unchanged ubjects: 2 males, 1 female. Body movements: itting-and-rotating itting-and-rolling Walking Test plans: Different combinations of sensor deployment, location, subject, and body movement. 43

43 Effectiveness: Authentication False negative rate under different on-body to off-body node ratios remains 0. False positive rate comparison AK-BAN BANA mall 2.38% 38.10% Medium 2.70% 37.84% Corridor 0.00% 37.14% itting-and-rotating 0.00% 34.29% itting-and-rolling 0.00% 37.14% Walking 4.55% 40.91% ubject % 31.25% ubject % 40.91% ubject % 39.47% Overall 1.75% 37.72% 44

44 Key Genration Rate (bps) Efficiency: Key Generation Rate 10 t = 6 ms, mall Room Direct Generation One hop Relay AK BAN t = 6 ms, Corridor t = 5 ms, mall Room ensors

45 Conclusions and Future Work Body area network introduce big challenges in security & privacy research We proposed two trust initialization schemes exploiting channel characteristics that are low-cost, usable, and fail-safe Ongoing and future work Authenticated key extraction. Against other attacks. Robustness against interference and jamming. More 46

46 47 Related Publications Ming Li, Wenjing Lou, Kui Ren, Data ecurity and Privacy for Wireless Body Area Networks, IEEE Wireless Communications Magazine, Feb (citation: ~100) Ming Li, hucheng Yu, Joshua. D. Guttman, Kui Ren, Wenjing Lou, ACM Transactions on ensor Networks (TON), May Lu hi, Ming Li, hucheng Yu and Jiawei Yuan, "BANA: Body Area Network Authentication Exploiting Channel Characteristics'', IEEE Journal of elected Areas on Communications (JAC), ept Ming Li, hucheng Yu, Kui Ren, Wenjing Lou, "Group Device Pairing based ecure ensor Association and Key Management for Body Area Networks, IEEE INFOCOM, an Diego, CA, Mar Lu hi*, Ming Li #, hucheng Yu *, Jiawei Yuan, * "BANA: Body Area Network Authentication Exploiting Channel Characteristics'', ACM Wiec, Tucson, AZ, Apr Yantian Hou, Ming Li, and Joshua. D. Guttman, "Chorus: calable In-band Trust Establishment for Multiple Constrained Devices over the Insecure Wireless Channel'', ACM Wiec, Budapest, Hungary, April 17-19, Lu hi, Jiawei Yuan, hucheng Yu, and Ming Li, "AK-BAN: Authenticated ecret Key Extraction Utilizing Channel Characteristics for Body Area Networks", ACM Wiec, Budapest, Hungary, April 17-19, 2013.

47 Thanks for your attention! Q & A [ 48