This year the ISSNET workshop took place in Toronto (26-29 April). I presented a poster and gave a talk. The poster and slides are attached to the bottom of this post.
Using Wireless Channel Characterizations for Secure Secret Key Generation
Masoud Ghoreishi Madiseh, Stephen W. Neville, Micheal L. McGuire
Department of Electrical and Computer Engineering
University of Victoria
Victoria, B.C. V8W 3P6
Masoud Ghoreishi Madiseh, Stephen W. Neville, Micheal L. McGuire
Department of Electrical and Computer Engineering
University of Victoria
Victoria, B.C. V8W 3P6
Wireless key generation solutions have been widely proposed to address the need for secure communication in domains where existing solutions such as PKI can be problematic, (i.e., wireless keyboards, RFID tags, on the first contact to an access point, in wireless sensor networks, etc. ) [1], [2]. Several wireless channel characterization-based key generation solutions have been reported in the literature [3], [4]. The critical aspect of real-world security solutions based on these techniques not addressed in the existing literature is the quantification of the security that they produce. The existing works have only assessed the security of the generated secret key in the context of eavesdroppers located far from the transmitting antennas with poor knowledge of the propagation environment. This leads to the core problem that two parties, nominally Alice and Bob, may engage in wireless channelcharacterization-based key generation under the belief that their resulting key is secure, when in reality this key is partially or completely known to an eavesdropper, Eve. It should be noted that the intention of key generation is not to solve the authentication problem, instead, if properly constructed, it provides a mechanism by which Alice and Bob can engage in an authentication process over a secured channel which requires zero pre-shared secret information to construct, (i.e., once the secure channel is in place Alice and Bob can engage in a standard challenge-response process for authentication).
