The Internet of Things (IoT) harbors a large number of resource-limited devices (e.g., sensors) that continuously
generate and offload sensitive information (e.g., financial, health, personal). It is imperative the ensure the trustworthiness of this data with efficient cryptographic mechanisms. Digital signatures can offer scalable authentication with public verifiability and nonrepudiation. However, the state-of-the-art digital signatures do not offer the desired efficiency and are not scalable for the connected resource-limited IoT devices. This is without considering long term security features such as post-quantum security and forward security. In this paper, we summarize the main challenges to an energy-aware and efficient signature scheme. Then, we propose
new scheme design improvements that uniquely embed different emerging technologies such as Mutli-Party Computation (MPC) and secure enclaves (e.g., Intel SGX) in order to secret-share confidential keys of low-end IoT devices across multiple cloud servers. We also envision building signature schemes with Fully Homomorphic Encryption (FHE) to enable verifiers to compute expensive commitments under encryption. We provide evaluation metrics that showcase the feasibility and efficiency of our designs for potential deployment on embedded devices in IoT.
more »
« less
Evaluation of Physical Layer Secret Key Generation for IoT Devices
As aspects of our daily lives become more interconnected with the emergence of the Internet of Things (IoT), it is imperative that our devices are reliable and secure from threats. Vulnerabilities of Wi-Fi Protected Access (WPA/WPA2) have been exposed in the past, motivating the use of multiple security techniques, even with the release of WPA3. Physical layer security leverages existing components of communication systems to enable methods of protecting devices that are well-suited for IoT applications. In this work, we provide a low-complexity technique for generating secret keys at the Physical layer to enable improved IoT security. We leverage the existing carrier frequency offset (CFO) and channel estimation components of Orthogonal Frequency Division Multiplexing (OFDM) receivers for an efficient approach. The key generation algorithm we propose focuses on the unique CFO and channel experienced between a pair of desired nodes, and to the best of our understanding, the combination of the features has not been examined previously for the purpose of secret key generation. Our techniques are appropriate for IoT devices, as they do not require extensive processing capabilities and are based on second order statistics. We obtain experimental results using USRP N210 software defined radios and analyze the performance of our methods in post-processing. Our techniques improve the capability of desired nodes to establish matching secret keys, while hindering the threat of an eavesdropper, and are useful for protecting future IoT devices.
more »
« less
- NSF-PAR ID:
- 10118765
- Date Published:
- Journal Name:
- 2019 IEEE 20th Wireless and Microwave Technology Conference (WAMICON)
- Page Range / eLocation ID:
- 1 to 6
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
more » « less
Abstract Quantum key distribution (QKD) has established itself as a groundbreaking technology, showcasing inherent security features that are fundamentally proven. Qubit-based QKD protocols that rely on binary encoding encounter an inherent constraint related to the secret key capacity. This limitation restricts the maximum secret key capacity to one bit per photon. On the other hand, qudit-based QKD protocols have their advantages in scenarios where photons are scarce and noise is present, as they enable the transmission of more than one secret bit per photon. While proof-of-principle entangled-based qudit QKD systems have been successfully demonstrated over the years, the current limitation lies in the maximum distribution distance, which remains at 20 km fiber distance. Moreover, in these entangled high-dimensional QKD systems, the witness and distribution of quantum steering have not been shown before. Here we present a high-dimensional time-bin QKD protocol based on energy-time entanglement that generates a secure finite-length key capacity of 2.39 bit/coincidences and secure cryptographic finite-length keys at 0.24 Mbits s−1in a 50 km optical fiber link. Our system is built entirely using readily available commercial off-the-shelf components, and secured by nonlocal dispersion cancellation technique against collective Gaussian attacks. Furthermore, we set new records for witnessing both energy-time entanglement and quantum steering over different fiber distances. When operating with a quantum channel loss of 39 dB, our system retains its inherent characteristic of utilizing large-alphabet. This enables us to achieve a secure key rate of 0.30 kbits s−1and a secure key capacity of 1.10 bit/coincidences, considering finite-key effects. Our experimental results closely match the theoretical upper bound limit of secure cryptographic keys in high-dimensional time-bin QKD protocols (Mower
et al 2013Phys. Rev. A87 062322; Zhanget al 2014Phys. Rev. Lett. 112 120506), and outperform recent state-of-the-art qubit-based QKD protocols in terms of secure key throughput using commercial single-photon detectors (Wengerowskyet al 2019Proc. Natl Acad. Sci. 116 6684; Wengerowskyet al 2020npj Quantum Inf. 6 5; Zhanget al 2014Phys. Rev. Lett. 112 120506; Zhanget al 2019Nat. Photon. 13 839; Liuet al 2019Phys. Rev. Lett. 122 160501; Zhanget al 2020Phys. Rev. Lett. 125 010502; Weiet al 2020Phys. Rev. X10 031030). The simple and robust entanglement-based high-dimensional time-bin protocol presented here provides potential for practical long-distance quantum steering and QKD with multiple secure bits-per-coincidence, and higher secure cryptographic keys compared to mature qubit-based QKD protocols. -
null (Ed.)Post-quantum schemes are expected to replace existing public-key schemes within a decade in billions of devices. To facilitate the transition, the US National Institute for Standards and Technology (NIST) is running a standardization process. Multivariate signatures is one of the main categories in NIST's post-quantum cryptography competition. Among the four candidates in this category, the LUOV and Rainbow schemes are based on the Oil and Vinegar scheme, first introduced in 1997 which has withstood over two decades of cryptanalysis. Beyond mathematical security and efficiency, security against side-channel attacks is a major concern in the competition. The current sentiment is that post-quantum schemes may be more resistant to fault-injection attacks due to their large key sizes and the lack of algebraic structure. We show that this is not true. We introduce a novel hybrid attack, QuantumHammer, and demonstrate it on the constant-time implementation of LUOV currently in Round 2 of the NIST post-quantum competition. The QuantumHammer attack is a combination of two attacks, a bit-tracing attack enabled via Rowhammer fault injection and a divide and conquer attack that uses bit-tracing as an oracle. Using bit-tracing, an attacker with access to faulty signatures collected using Rowhammer attack, can recover secret key bits albeit slowly. We employ a divide and conquer attack which exploits the structure in the key generation part of LUOV and solves the system of equations for the secret key more efficiently with few key bits recovered via bit-tracing. We have demonstrated the first successful in-the-wild attack on LUOV recovering all 11K key bits with less than 4 hours of an active Rowhammer attack. The post-processing part is highly parallel and thus can be trivially sped up using modest resources. QuantumHammer does not make any unrealistic assumptions, only requires software co-location (no physical access), and therefore can be used to target shared cloud servers or in other sandboxed environments.more » « less
-
Our everyday lives are impacted by the widespread adoption of wireless communication systems integral to residential, industrial, and commercial settings. Devices must be secure and reliable to support the emergence of large scale heterogeneous networks. Higher layer encryption techniques such as Wi-Fi Protected Access (WPA/WPA2) are vulnerable to threats, including even the latest WPA3 release. Physical layer security leverages existing components of the physical or PHY layer to provide a low-complexity solution appropriate for wireless devices. This work presents a PHY layer encryption technique based on frequency induction for Orthogonal Frequency Division Multiplexing (OFDM) signals to increase security against eavesdroppers. The secure transceiver consists of a key to frequency shift mapper, encryption module, and modified synchronizer for decryption. The system has been implemented on a Virtex-7 FPGA. The additional hardware overhead incurred on the Virtex-7 for both the transmitter and the receiver is low. Both simulation and hardware evaluation results demonstrate that the proposed system is capable of providing secure communication from an eavesdropper with no decrease in performance as compared with the baseline case of a standard OFDM transceiver. The techniques developed in this paper provide greater security to OFDM-based wireless communication systems.more » « less
-
A secret key generation scheme is proposed for generating keys to be used for one-time pad encryption. This type of encryption is suitable for e.g., short packet communication in distributed inference in IoT. The scheme exploits the phase of the channel fading coefficient in a Rayleigh fading channel to extract highly correlated key bits at two legitimate parties. Compared to other existing methods, the proposed scheme trades off higher bit error probabilities in the keys for lower error correction communication requirements. The bit error of generated keys is characterized via an approximate upper bound, which is shown to be fairly tight for reasonable signal-to-noise ratios.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Conference Paper:
- https://doi.org/10.1109/WAMICON.2019.8765465
