Secure Device Trust Bootstrapping Against Collaborative Signal Modification Attacks

Abstract

Bootstrapping security among wireless devices without prior-shared secrets is frequently demanded in emerging wireless and mobile applications. One promising approach for this problem is to utilize in-band physical-layer radio-frequency (RF) signals for authenticated key establishment because of the efficiency and high usability. However, existing in-band authenticated key agreement (AKA) protocols are mostly vulnerable to Man-in-the-Middle (MitM) attacks, which can be launched by modifying the transmitted wireless signals over the air. By annihilating legitimate signals and injecting malicious signals, signal modification attackers are able to completely control the communication channels and spoof victim wireless devices. State-of-the-art (SOTA) techniques addressing such attacks require additional auxiliary hardware or are limited to single attackers. This paper proposes a novel in-band security bootstrapping technique that can thwart colluding signal modification attackers. Different from SOTA solutions, our design is compatible with commodity devices without requiring additional hardware. We achieve this based on the internal randomness of each device that is unpredictable to attackers. Any modification to RF signals will be detected with high probabilities. Extensive security analysis and experimentation on the USRP platform demonstrate the effectiveness of our design under various attack strategies.