LUP Student Papers

Out-of-band transfer with Android to configure pre-shared secrets into sensor nodes

• Mark

Abstract

Applications based on Wireless Sensor Networks are making their way into all kinds of industries. Today, they can do anything from off-loading hospitals by monitoring patients in their homes to regulating production lines in factories. More often than not, they perform some kind of surveillance and tracking. Thus, in most cases the information they carry is sensitive, rendering good encryption schemes suited for performance-constrained sensor nodes a valuable commodity.

As traditional encryption is not well suited for performance constrained environments, there are many new "lightweight" encryption schemes emerging. However, many of the popular up and coming schemes make the assumption of already having a pre-shared secret available in... (More)

Applications based on Wireless Sensor Networks are making their way into all kinds of industries. Today, they can do anything from off-loading hospitals by monitoring patients in their homes to regulating production lines in factories. More often than not, they perform some kind of surveillance and tracking. Thus, in most cases the information they carry is sensitive, rendering good encryption schemes suited for performance-constrained sensor nodes a valuable commodity.

As traditional encryption is not well suited for performance constrained environments, there are many new "lightweight" encryption schemes emerging. However, many of the popular up and coming schemes make the assumption of already having a pre-shared secret available in the sensor node beforehand which can act as the base for their encryption key. The procedure of configuring this pre-shared secret into the sensor node is crucial and has the potential of breaking any scheme based on that assumption.

Therefore, we have looked at different procedures of configuring this pre-shared secret into a sensor node securely, using nothing more than a smartphone to configure the sensor node. This would eventually eliminate the assumption of how the pre-shared secret got into the sensor node in the first place. We used an Arduino Uno R3 running an Atmega328p MCU as a simulation of a potential sensor node. Moreover, using a smartphone as the configuration device, we chose to base the communication on two types of OOB based side-channels; Namely, a visual-based using the flashlight and screen as well as audio-based, using the loudspeaker.

We concluded that using a smartphone as configuration device has its difficulties, although, in this specific environment it is still a viable choice. The solution can decrease the previous knowledge required by the user performing the configuration while simultaneously upholding a high security level.

The findings of this thesis highlight the fact that: technology has evolved to a point where the smartphones of today can outperform the specialized devices of yesterday. In other words, solutions previously requiring specialized hardware can today be achieved with much less "specialized" equipment. This is desirable because with less specialized equipment, it becomes easier to further develop and improve a system like this, increasing its viability. (Less)

Popular Abstract

Have you ever wondered what would happen if somebody could access your refrigerator? Might seem silly, but how about your front door's lock? With the ever increasing connected society, you might have to think about these questions sooner rather than later. The establishment of our connected society is heavily dependent on sensor nodes. There is currently no rigid way of loading the necessary cryptographic keys into these sensor nodes. Now, to enable these sensor nodes to communicate securely, we have studied alternative ways of using your smartphone to transmit these keys to the sensor nodes.

In this thesis, we have shown alternative ways of using a smartphone to transmit cryptographic keys into sensor nodes. These alternative ways were... (More)

Have you ever wondered what would happen if somebody could access your refrigerator? Might seem silly, but how about your front door's lock? With the ever increasing connected society, you might have to think about these questions sooner rather than later. The establishment of our connected society is heavily dependent on sensor nodes. There is currently no rigid way of loading the necessary cryptographic keys into these sensor nodes. Now, to enable these sensor nodes to communicate securely, we have studied alternative ways of using your smartphone to transmit these keys to the sensor nodes.

In this thesis, we have shown alternative ways of using a smartphone to transmit cryptographic keys into sensor nodes. These alternative ways were achieved by using components not otherwise thought to be used for communication. For instance, we built prototypes that used the flashlight; the screen and the loudspeaker to successfully transmit the keys. Doing this we were able to make the transmission easy to use while at the same time upholding a high level of security.

Currently, the sensor nodes have many protocols available to use for secure communications. However, these protocols often lack information about how one should load the sensor nodes with the keys, to begin with. In essence, they provide you with the car but not the key to start it. This is a problem that needs a concrete solution.

The result of this thesis can be used as a guideline for further development of this type of solution. Our prototypes indicate that this type of solution is not only viable but can be secure as well. Using nothing more than a smartphone and small additions to the sensor nodes hardware.

Briefly, the prototypes are built using an Android-powered smartphone as "key-transmitting device" while the receiving "sensor node" is equipped with a microphone or a photo-transistor. The additions to the receiver enable detection of both light and sound waves sent from the smartphone. Then, using the smartphone, the user is able to transmit data by blinking with the flashlight or screen; or sending tones with the loudspeaker, which the receiver interprets. (Less)