Nitesh Saxena (University of Alabama) is going to present his current research work
Speaker: Nitesh Saxena
- Date: January 27th, 2012 (Friday)
- Room: CIT 368
- Host: Shriram Krishnamurthi
- Title: "Acoustic Eavesdropping Attacks on Constrained Wireless Device Pairing"
In this talk, we will focus on one of our projects entailing a fundamental problem of secure association of wireless devices ("pairing"). Pairing of devices based on auxiliary or out-of-band (OOB) -- audio, visual or tactile -- communication is a well-established research direction. Lack of good quality interfaces on, or physical access to, certain constrained devices (e.g., headsets, access points or medical implants) makes pairing a challenging problem in practice. Prior work shows that pairing of constrained devices based on authenticated OOB (A-OOB) channels can be prone to human errors that eventually translate into man-in-the-middle attacks. An alternative and more usable solution is to employ OOB channel that are authenticated as well as secret (AS-OOB). Our higher level goal is to analyze the security of AS-OOB pairing. More specifically, we take a closer look at three notable prior AS-OOB pairing proposals and challenge the direct or indirect assumption upon which the security of these proposals relies, i.e., the secrecy of underlying or associated audio channels. The first proposal uses a low frequency audio channel to pair an implanted medical device with an external reader. The second proposal uses an automated vibrational channel to pair a mobile phone with a personal RFID tag. The third proposal uses vibration (or blinking) on one device and manually synchronized button pressing on the other device. In particular, we demonstrate the feasibility of eavesdropping over acoustic emanations associated with these methods. Based on our results, we conclude that all three methods provide a weaker level of security than what was originally assumed for these methods or is desired for the pairing operation.
Nitesh Saxena is an Assistant Professor in the Department of Computer and Information Sciences at the University of Alabama, Birmingham (UAB). He works in the broad areas of computer and network security, and applied cryptography, and has a strong interest in the emerging field of usable security. Nitesh obtained his Ph.D. in Information and Computer Science from UC Irvine, an M.S. in Computer Science from UC Santa Barbara, and a Bachelor’s degree in Mathematics and Computing from the Indian Institute of Technology, Kharagpur, India. Before joining UAB, he was an Assistant Professor in the Department of Computer Science and Engineering at the Polytechnic Institute of New York University (NYU-Poly). He has also previously worked at Nokia Research Center, Finland and at INRIA Rhone-Alpes, France. Nitesh’s Ph.D. dissertation entitled “Decentralized Security Services” has been nominated for the ACM Dissertation Award, 2006. He is the recipient of the Best Student Paper Award at the Applied Cryptography and Network Security (ACNS) conference, 2006. Nitesh’s current research is externally supported by NSF, Google, Intel, Nokia and Research in Motion. On the educational front, Nitesh was the principal architect and a co-director of NYU-Poly’s M.S. Program in Cyber-Security. More information can be found on Nitesh’s web page: http://cis.uab.edu/saxena/.