Littérature scientifique sur le sujet « Secure device pairing »

A secure device pairing mechanism is used to establish a trusted communication channel between unassociated wireless devices. The broadcast nature of wireless communication opens the door for man-in-the-middle (MITM) attacks, and even other subtle forms of masquerader and misfeasor attacks. This paper introduces a simple device pairing approach to tackle such attacks seamlessly. The algorithm is compatible with a multitude of devices, whereas a majority of existing algorithms are based on two devices exclusively. This approach utilizes a human visual channel as an Out-Of-Band (OOB) channel to authenticate the public keys exchanged between the devices. The interactive nature of this approach forces user attention, hence improving the reliability and consistency of the device pairing process. To do so, we introduce the concept of ‘peepholes,’ and mathematically define it before demonstrating the algorithm’s methodology. Subsequent sections also demonstrate its robustness against attacks via misfeasors, masqueraders, and men-in-the-middle.

Due to the rapid growth of small and smart hand-held devices, mobile ad hoc networks (MANets) are becoming very common nowadays. MANets may consist of a number of small hand-held devices having limited resources in terms of memory, battery and processing power. In order to provide services to the users, these devices are capable of communicating with each other through some radio technology, such as WiFi, Bluetooth or Infrared. Since radio channels are inherently vulnerable to various security threats, it requires that devices in MANets must establish a secure association amongst themselves before exchanging any sensitive information or data. The process of establishing a secure channel between two devices is referred to as device pairing or device association. Device pairing do not rely on traditional mechanisms for security due to the impulsive and ad hoc interactions among the devices. Due to this, researchers have proposed many schemes/protocols to deal with this issue; however, the issue of group pairing (i.e. secure association of more than two devices) is less addressed issue in the literature yet. There could be many scenarios (such as confidential office meetings, paring of group of home appliances in smart-homes, etc) of MANets, where secure group communications is desired. Consequently, this research focuses on this issue and proposes a QR (quick response) code based scheme to establish a secure channel between a numbers of devices. The proposed system is implemented and tested on modern hand-held devices and a usability study of the implemented system is also carried out.

In traditional device-to-device (D2D) communication based on wireless channel, identity authentication and spontaneous secure connections between smart devices are essential requirements. In this paper, we propose an imitation-resistant secure pairing framework including authentication and key generation for smart devices, by shaking these devices together. Based on the data collected by multiple sensors of smart devices, these devices can authenticate each other and generate a unique and consistent symmetric key only when they are shaken together. We have conducted comprehensive experimental study on shaking various devices. Based on this study, we have listed several novel observations and extracted important clues for key generation. We propose a series of innovative technologies to generate highly unique and completely randomized symmetric keys among these devices, and the generation process is robust to noise and protects privacy. Our experimental results show that our system can accurately and efficiently generate keys and authenticate each other.

Numerous secure device pairing (SDP) protocols have been proposed to establish a secure communication between unidentified IoT devices that have no preshared security parameters due to the scalability requirements imposed by the ubiquitous nature of the IoT devices. In order to provide the most user-friendly IoT services, the usability assessment has become the main requirement. Thus, the complete security analysis has been replaced by a sketch of a proof to partially validate the robustness of the proposal. The few existing formal or computational security verifications on the SDP schemes have been conducted based on the assessment of a wide variety of uniquely defined security properties. Therefore, the security comparison between these protocols is not feasible and there is a lack of a unified security analysis framework to assess these pairing techniques. In this paper, we survey a selection of secure device pairing proposals that have been formally or computationally verified. We present a systematic description of the protocol assumptions, the adopted verification model, and an assessment of the verification results. In addition, we normalize the used taxonomy in order to enhance the understanding of these security validations. Furthermore, we refine the adversary capabilities on the out-of-band channel by redefining the replay capability and by introducing a new notion of delay that is dependent on the protocol structure that is more adequate for the ad hoc pairing context. Also, we propose a classification of a number of out-of-band channels based on their security properties and under our refined adversary model. Our work motivates the future SDP protocol designer to conduct a formal or a computational security assessment to allow the comparability between these pairing techniques. Furthermore, it provides a realistic abstraction of the adversary capabilities on the out-of-band channel which improves the modeling of their security characteristics in the protocol verification tools.

La demande de services qui se basent sur l'Internet des objets (IoT) augmente de manière exponentielle, ce qui entraîne le déploiement d'un grand nombre de dispositifs. Cependant, ces dispositifs peuvent représenter une menace pour la sécurité du réseau de déploiement et un point d'entrée potentiel pour des adversaires. Il existe donc un besoin imminent de réaliser une approche d'association sécurisée des objets connectés avant qu'ils ne soient rendus opérationnels sur le réseau de l'utilisateur. Cette procédure, appelée "amorçage de la sécurité", garantit en premier lieu la confidentialité et l'intégrité des échanges de données entre l'utilisateur et les dispositifs. Ensuite, ce processus fournit une assurance sur l'identité et l'origine de ces objets. La première phase d'appairage assure l'établissement d'un canal de communication sécurisé entre l'utilisation et l'objet. La phase d'appairage utilise un protocole d'accord de clé symétrique qui est adapté à la nature de ces dispositifs à ressources limitées. L'utilisation de canaux auxiliaires a été proposée comme moyen d'authentifier l'échange de clés, mais elle nécessite un temps relativement long et une participation importante de l'utilisateur pour transférer les bits d'authentification. Cependant, les systèmes basés sur le contexte utilisent l'environnement ambiant pour extraire un secret commun sans intervention importante de l'utilisateur, à condition d'avoir un périmètre sécurisé pendant la phase d'extraction, ce qui est considéré comme une hypothèse de sécurité forte. La deuxième phase du processus d'amorçage est appelée "enrôlement sécurisé" et vise à éviter l'association d'un objet IoT malveillant en authentifiant son identité et son origine. L'utilisation d'éléments de sécurité matériels, tels que les fonctions physiques non clonables (PUF), a été présentée comme une solution prometteuse adaptée à la nature limitée des ressources de ces dispositifs. Un nombre croissant d'architectures PUF ont été démontrées mathématiquement clonables grâce à des techniques de modélisation par apprentissage automatique. L'utilisation de modèles de PUF a été récemment proposée pour authentifier les objets IoT. Néanmoins, le scénario de fuite du modèle PUF vers un adversaire en raison d'une menace interne au sein de l'organisation n'est pas pris en charge par les solutions existantes. Par conséquent, la sécurité de ces propositions d'inscription basées sur le modèle PUF peut être compromise. Dans cette thèse, nous étudions le processus d'amorçage de la sécurité des dispositifs à ressources limitées et nous introduisons deux protocole: - Un protocole hybride d'appairage, appelé COOB, qui combine d'une manière efficace un schéma d'appairage contextuel avec l'utilisation d'un canal auxiliaire. Ce protocole exploite une technique d'exponentiation spécifique des clés publiques Diffie-Hellman en utilisant des nonces pour atteindre l'objectif de secret temporaire nécessaire à l'accord de clé. Notre méthode assure la sécurité même contre un attaquant qui peut contrôler la zone de sécurité (un environnement hostile), ce qui n'est pas pris en charge par les schémas contextuels existants. Cette amélioration de la sécurité a été formellement validée dans le modèle symbolique en utilisant l'outil de vérification formelle TAMARIN. - Une solution d'enrôlement qui exploite un modèle de PUF dans le processus d'authentification, appelé Water-PUF. Notre protocole est basé sur une technique de tatouage numérique spécialement conçue pour les modèles PUF. Cette procédure empêche un adversaire de s'appuyer sur le modèle tatoué ou sur un autre modèle dérivé pour contourner l'authentification. Par conséquent, toute fuite du modèle PUF filigrané utilisé pour l'enrôlement n'affecte pas l'exactitude du protocole. La conception du Water-PUF est validée par un certain nombre de simulations contre de nombreuses attaques de suppression de tatouage numérique afin d'évaluer la robustesse de notre proposition
The demand for internet of Things (IoT) services is increasing exponentially, and a large number of devices are being deployed. However, these devices can represent a serious threat to the security of the deployment network and a potential entry-point when exploited by the adversaries. Thus, there is an imminent need to perform a secure association approach of the IoT objects before being rendered operational on the network of the user. This procedure is referred to as secure bootstrapping, and it primarily guarantees the confidentiality and the integrity of the data exchanges between the user and the devices. Secondly, this process provides an assurance on the identity and the origin of these objects.Due to scalability limitations, the first phase of the bootstrapping process cannot be efficiently conducted using pre-shared security knowledge such as digital certificates. This step is referred to as secure device pairing, and it ensures the establishment of a secure communication channel between the use and the object. The pairing phase uses a symmetric key agreement protocol that is suitable to the resource-constrained nature of these devices. The use of auxiliary channels has been proposed as a way to authenticate the key exchange, but they require a relatively long time and an extensive user involvement to transfer the authentication bits. However, the context-based schemes use the ambient environment to extract a common secret without an extensive user intervention under the requirement of having a secure perimeter during the extraction phase, which is considered a strong security assumption. The second phase of the bootstrapping process is referred to as secure device enrollment, and it aims at avoiding the associating of a malicious IoT object by authenticating its identity. The use of hardware security elements, such as the Physical Unclonable Function (PUF), has been introduced as a promising solution that is suitable for the resource-constraint nature of these devices. A growing number of PUF architectures has been demonstrated mathematically clonable through Machine Learning (ML) modeling techniques. The use of PUF ML models has been recently proposed to authenticate the IoT objects. Nonetheless, the leakage scenario of the PUF model to an adversary due to an insider threat within the organization is not supported by the existing solutions. Hence, the security of these PUF model-based enrollment proposals can be compromised.In this thesis, we study the secure bootstrapping process of resource-constrained devices and we introduce two security schemes:- A hybrid ad-hoc pairing protocol, called COOB, that efficiently combines a state-of-the-art fast context-based scheme with the use of an auxiliary channel. This protocol exploits a nonce exponentiation of the Diffie-Hellman public keys to achieve the temporary secrecy goal needed for the key agreement. Our method provides security even against an attacker that can violate the safe zone requirement, which is not supported by the existing contextual schemes. This security improvement has been formally validated in the symbolic model using the TAMARIN prover.- An enrollment solution that exploits a ML PUF model in the authentication process, called Water-PUF. Our enrollment scheme is based on a specifically designed black-box watermarking technique for PUF models with a binary output response. This procedure prevents an adversary from relying on the watermarked model in question or another derivative model to bypass the authentication. Therefore, any leakage of the watermarked PUF model that is used for the enrollment does not affect the correctness of the protocol. The Water-PUF design is validated by a number of simulations against numerous watermark suppression attacks to assess the robustness of our proposal

Mobile devices have advanced tremendously during the last ten years and have changed our daily life in various ways. Secure pairing of mobile devices has become a significant issue considering the huge quantity of active mobile device connections and mobile traffic. However, current commonly used file sharing mobile applications rely on servers completely that are always targeted by attackers. In this thesis work, an innovative mechanism is proposed to generate symmetric keys on both mobile devices independently from a shared movement in arbitrary pattern, which means no server needs to be involved and no data exchange needed. A secret wireless-communication channel can then be established with a particular network strategy.