Drifting Keys: Impersonation detection for constrained devices
We introduce Drifting Keys (DKs), a simple new approach to detecting device impersonation. DKs enable detection of complete compromise by an attacker of the device and its secret state, e.g., cryptographic keys. A DK evolves within a device randomly over time. Thus an attacker will create DKs that r...
| Principais autores: | , , , |
|---|---|
| Outros Autores: | |
| Formato: | Artigo |
| Idioma: | en_US |
| Publicado em: |
Institute of Electrical and Electronics Engineers (IEEE)
2015
|
| Acesso em linha: | http://hdl.handle.net/1721.1/93880 https://orcid.org/0000-0002-7105-3690 |
| _version_ | 1826213084079849472 |
|---|---|
| author | Bowers, Kevin D. Juels, Ari Rivest, Ronald L. Shen, Emily H. |
| author2 | Lincoln Laboratory |
| author_facet | Lincoln Laboratory Bowers, Kevin D. Juels, Ari Rivest, Ronald L. Shen, Emily H. |
| author_sort | Bowers, Kevin D. |
| collection | MIT |
| description | We introduce Drifting Keys (DKs), a simple new approach to detecting device impersonation. DKs enable detection of complete compromise by an attacker of the device and its secret state, e.g., cryptographic keys. A DK evolves within a device randomly over time. Thus an attacker will create DKs that randomly diverge from those in the original, valid device over time, alerting a trusted verifier to the attack. DKs may be transmitted unidirectionally from a device, eliminating interaction between the device and verifier. Device emissions of DK values can be quite compact - even just a single bit - and DK evolution and emission require minimal computation. Thus DKs are well suited for highly constrained devices, such as sensors and hardware authentication tokens. We offer a formal adversarial model for DKs, and present a simple scheme that we prove essentially optimal (undominated) for a natural class of attack timelines. We explore application of this scheme to one-time passcode authentication tokens. Using the logs of a large enterprise, we experimentally study the effectiveness of DKs in detecting the compromise of such tokens. |
| first_indexed | 2024-09-23T15:43:05Z |
| format | Article |
| id | mit-1721.1/93880 |
| institution | Massachusetts Institute of Technology |
| language | en_US |
| last_indexed | 2024-09-23T15:43:05Z |
| publishDate | 2015 |
| publisher | Institute of Electrical and Electronics Engineers (IEEE) |
| record_format | dspace |
| spelling | mit-1721.1/938802022-10-02T03:35:41Z Drifting Keys: Impersonation detection for constrained devices Bowers, Kevin D. Juels, Ari Rivest, Ronald L. Shen, Emily H. Lincoln Laboratory Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science Rivest, Ronald L. Rivest, Ronald L. Shen, Emily H. We introduce Drifting Keys (DKs), a simple new approach to detecting device impersonation. DKs enable detection of complete compromise by an attacker of the device and its secret state, e.g., cryptographic keys. A DK evolves within a device randomly over time. Thus an attacker will create DKs that randomly diverge from those in the original, valid device over time, alerting a trusted verifier to the attack. DKs may be transmitted unidirectionally from a device, eliminating interaction between the device and verifier. Device emissions of DK values can be quite compact - even just a single bit - and DK evolution and emission require minimal computation. Thus DKs are well suited for highly constrained devices, such as sensors and hardware authentication tokens. We offer a formal adversarial model for DKs, and present a simple scheme that we prove essentially optimal (undominated) for a natural class of attack timelines. We explore application of this scheme to one-time passcode authentication tokens. Using the logs of a large enterprise, we experimentally study the effectiveness of DKs in detecting the compromise of such tokens. 2015-02-06T13:32:34Z 2015-02-06T13:32:34Z 2013-04 Article http://purl.org/eprint/type/ConferencePaper 978-1-4673-5946-7 978-1-4673-5944-3 978-1-4673-5945-0 0743-166X http://hdl.handle.net/1721.1/93880 Bowers, Kevin D., Ari Juels, Ronald L. Rivest, and Emily Shen. “Drifting Keys: Impersonation Detection for Constrained Devices.” 2013 Proceedings IEEE INFOCOM (April 2013). https://orcid.org/0000-0002-7105-3690 en_US http://dx.doi.org/10.1109/INFCOM.2013.6566892 Proceedings of the 2013 IEEE INFOCOM Creative Commons Attribution-Noncommercial-Share Alike http://creativecommons.org/licenses/by-nc-sa/4.0/ application/pdf Institute of Electrical and Electronics Engineers (IEEE) Prof. Rivest via Chris Sherratt |
| spellingShingle | Bowers, Kevin D. Juels, Ari Rivest, Ronald L. Shen, Emily H. Drifting Keys: Impersonation detection for constrained devices |
| title | Drifting Keys: Impersonation detection for constrained devices |
| title_full | Drifting Keys: Impersonation detection for constrained devices |
| title_fullStr | Drifting Keys: Impersonation detection for constrained devices |
| title_full_unstemmed | Drifting Keys: Impersonation detection for constrained devices |
| title_short | Drifting Keys: Impersonation detection for constrained devices |
| title_sort | drifting keys impersonation detection for constrained devices |
| url | http://hdl.handle.net/1721.1/93880 https://orcid.org/0000-0002-7105-3690 |
| work_keys_str_mv | AT bowerskevind driftingkeysimpersonationdetectionforconstraineddevices AT juelsari driftingkeysimpersonationdetectionforconstraineddevices AT rivestronaldl driftingkeysimpersonationdetectionforconstraineddevices AT shenemilyh driftingkeysimpersonationdetectionforconstraineddevices |