Integrity Regions: Authentication Through Presence in Wireless Networks

Srdjan Capkun and Mario Cagalj

ACM Workshop on Wireless Security (WiSe 2006)


The basic security primitive introduced in this paper is an integrity
region, which is a small, physical region of space that the user of a
device can verify to be secure.  The authors of this paper suggest
that this verification be done visually.  Integrity regions can be
different shapes based on their environment and antennas, but usually
are about 0.3 meters to 1 meter in diameter.

For integrity regions to be useful, a distance measuring technique
must be used.  For the protocols explained in this paper,
the authors use ultrasonic ranging.  By using ranging techniques,
Alice can verify that she is within a certain distance of Bob.
Furthermore, she can visually verify that no other device is within
her integrity region.  This will allow Bob to authenticate himself to
Alice.

After the concept of an integrity region and primitives such as
commitment are introduced, the authors describe a basic protocol for
Bob to authenticate a message that he sends to Alice.  First Bob
commits the message that he wants to send to Alice, and then sends the
commitment.  Upon receiving the commitment, Alice issues a challenge
and sends it to Bob.  The response to this challenge is a simple
function of the challenge and the decommitment.  This response is sent
over the ultrasonic channel.  Alice then measures the time it
took for Bob to respond to the challenge and is able to directly
compute Bob's physical distance to Alice.  Finally, Alice checks to see
if Bob is within her integrity region and if he is the only device
within the integrity region.  If this is the case, then Alice can be
sure that the message came from Bob.  Furthermore, now that she has
the decommitment, she can read the authentic message.

The authors then describe their proof-of-concept implementation of the
ultrasonic ranging technique.

Next, the authors describe how the basic protocol can be used to
authenticate public keys for Diffie-Hellman key agreement.  The main
concept is to perform the basic protocol twice, once to authenticate
each of the public keys.  The problem here is that, as public keys
grow larger, there is more data being sent over the ultrasonic
channel, and the reliability of this channel quickly deteriorates with
large messages.  In response to this, the authors created an optimized
version of the key agreement where the amount of data sent over the
ultrasonic channel was constant.

The paper was then concluded by citing some related work and
summarizing the concept of authentication through presence.


Pros:
  - Good push towards "perimeter-based" security
  - Simple and fast solution for less-strict security requirements
  - Could apply to wireless mouse/keyboard authentication
  - Allows a secret to be established, which can generate future keys
    from further distances
  - Human intervention is minimal
  - No password or key required by user

Cons:
  - Not appropriate for high-security applications
  - Visual verification may not be possible in certain environments
  - Small devices (e.g., smartdust) may be visually undetectable
  - Integrity regions may be too small for practical use
  - Applications are very limited
  - May not be able to remove all devices from the integrity region


Discussion Questions:

1) Is the general concept of an integrity region feasible?
   This depends on both the environment and the application.  Due to
   inherent inaccuracies with visual verification, integrity region
   schemes should NOT be used for high-security (e.g., military)
   applications.  If the secret being shared (say, class notes) is not
   valuable enough for an attacker to covertly compromise integrity
   regions (e.g., embed devices in a table), then one can assume they
   are secure.

2) Is the hardware required to implement ranging feasible?
   In general, yes.  Ultrasonic ranging equipment is relatively cheap.

3) What specific network scenarios would integrity region schemes be
   useful for?
   Low security scenarios.  For instance, if your laptop periodically
   backed up class notes onto your PDA, integrity region schemes would
   provide good authentication.  Another possible application could be
   wireless devices (such as a keyboard and mouse) connecting to a
   local computer.

4) Is there a reasonable way, other than visually, to detect the
   presence of a device in the integrity region?
   The authors clearly believe visual verification is the way to go.
   Perhaps collision monitoring at one or both ends of the
   communicating devices would allow detection.

5) What attacks could be made on ideas presented in the paper?
   The most clear-cut attack would be to jam ultrasonic channels.
   This denial-of-service attack would prevent any verification from
   occurring.

6) Without trusted third parties, does there exist a practical
   authentication alternative to integrity regions?
   Yes, but applications are limited for each alternative.  Digital
   cameras and video devices can be used to authenticate, to a human,
   physical location.  Furthermore, physical exchange of smart cards
   could allow for fast and easy authentication.  Bar code readers
   would be able to scan items such as posted public keys.  The
   advantage to integrity regions is that it requires little human
   intervention and provides reasonable security.

7) If integrity regions must be small, why not just use existing
   techniques that require physical wire touching?
   Most of these techniques are vulnerable to the same set of attacks
   as integrity region schemes.  The integrity region can be
   considered a more general construct, since physical device touching
   is a subset (with an integrity region of nearly 0).


Voting Results:

  - Strong accept: 0
  - Weak accept: 10
  - Weak reject: 4
  - Strong reject: 0