What are the contributions of the paper?
Introduces the problem of key agreement where the parameters may be
modified in transmission. Assumes that an adversary can change the
plaintext components of the diffiehellmen parameters over RF, and that
no prior data has been exchanged between the wireless
devices. Presents three solutions to verify the public parameters
after they have been transmitted: manual verification, distance
estimiation, and power integrity.
What is the quality of the presentation?
figures of diffie hellmen protocol exchanges could be better
illustrated. Commitment was not explained well. It was good that it
went over the basics of diffie hellmen, and put footnotes for other
things such as preimage resistance which are assumed known but still
good to explain. Figure 3 (integrity region) is very good illustration
of the distance bounding problem. Mathematical notation is clear and
well defined.
What are the strengths of the paper?
The second example of using distances is a neat idea. This means that
devices need only monitor the turnaround time to find a rough estimate
of the distance. Such a system is readily implementable and two very
paranoid people could run together to ensure that their distance is
fixed against an adversary that cannot keep up The third example of
using an integrity code based on the rich study of error correcting
codes, then monitoring power transmissions is a very good idea. Such a
system would not require manual verification and prohibit attackers
from modifying the transmission en route.
What are the weaknesses of the paper?
Examples of means to implement such systems where round trip time was
measured, or power transmission monitored, was not satisfactorily
done. It assumes that an attacker cannot perfectly negate a signal,
which may be valid, but also assumes there will be no noise on the
channel, which may not be valid.
No indication of how to ensure that an attack is not within a distance
was provided. If they are on the street and an attacker is underneath
them, or just sitting in a car, theres no real way of knowing they are
there. Moreover a building may have devices in all the walls that
could easily break communication for their own purposes. It was not
revealed how to detect the presense of a device. It also assumed
internal computation time was negligible, which may not be the case
when devices communicate at the speed of light.
What is some possible future work?
A few ideas occured to me while reading this. For verification, it
would be interesting to use a randomly constructed sentence. Suppose
we had a built in vocabulary of 2^10 nouns, verbs, adjectives, and
adverbs. Then a sentense of the form: The [adjective] [adjective]
[noun] was [adverb] [adverb] [verb]. would be able to convey 2^60
bits of information, and while not making much sense semantically, it
would likely be able to make grammitical sense and be very quick for
two individuals to convey. Forinstance, one would just read the
sentenes and the other would confirm it produced the same one.
Another way could be music. If two devices emitted tones, say 2^5
different tones, that a series of 12 tones would convery 2^60 bits of
information. If the two devices are placed adjacently then its trivial
to check that the tones are the same, however it relies on the
auditory faculties of the participants.
Another idea was that a random value could be agreed upon by the
users, such that messages must be preceeded by this nounce, along
with, for instance, the current date. Then an adversary must find out
this nounce (which is plaintext), but then find a collision where the
beginning of the message is the nounce, and the date to help against a
precomputation attack, which is clearly not avoidable. However, such a
system could be designed so that the attacker cannot find a collision
on a, say, 16 bit hash function, in the same time that it takes for
the two parties to just send their message. Then they can verify the
16 bit hash result which is trivial.
============================================================================
Wireless devices have the capability to travel anywhere, however a
limited communication range restricts them. If the users of these
devices wish to communicate securely then they must have a secure
method of generating a key without reliance on a trusted third
party. This problem is made more difficult by the fact that portable
wireless devices are usually computationally constrained, and thus
unable to efficiently implement many of the existing key exchange
protocols. This paper provides three protocols based on the
Diffie-Hellman key agreement protocol to address these issues; the
first based on string comparison, the second on distance bounding, and
the third using integrity codes.
The paper is well organized. The introduction provides clear
motivation for the work and summarizes the existing work already done
in the field. Assumptions made by the authors are clearly stated, and
a working threat model is provided. Along with a text description,
each protocol is given with precise notation, making understanding the
sequence of messages much easier. The weakness of the protocols lies
in their reliance on specialized hardware. Current devices lack the
hardware to implement distance bounding or integrity codes, thus
restricting their implementation to added hardware or new devices. In
one particular example the authors suggest that 30cm should be
sufficiently close for distance bounding to be secure, however this
defeats the purpose of wireless communication. If devices must be
placed so close together for security, then using a physical
connection is no longer impractical and can provide a medium for more
secure communication.
Further research in this area will likely focus on the hardware
implementations for distance bounding and integrity codes, as these
are the factors that will limit implementation on current
devices. There is also the possibility of new protocols that do not
rely on specialized hardware or that can extend the range in which
secure communication can be expected.
============================================================================
What are the contributions of the paper?
The first contribution of this paper is that it presents three
provable secure protocols based on Diffie-Hellman Key agreement, which
can prevent against man-in-the-middle attack. Further more, with these
protocols, the users do not need to enter passwords, nor do they need
the physical connectivity between their devices. The second
contribution is that the paper gives a way to design a re-usable
message transfer authenticators by analyzing and designing the
protocols based on Diffie-Hellan key agreement protocols. The third
one is that the approach of DH-SC allows users to compare very short
string context instead of the long one.
What is the quality of the presentation?
The author presents this paper with a good quality. He gave a protocol
flow chart for each method, so each figure clearly presents the
direction and requirement of the protocol. The author presented the
encryption mechanism with commitment schemes, so it easily and clearly
expresses the meaning of the protocol flow chart. The organization of
this paper is good. After specifying the problem to be addressed in
this paper and the assumption that the paper is based on, the author
proposed three techniques. Following these, security analysis and a
proof of theorem was presented.
What are the strengths of the paper?
The author proposed three techniques to prevent from man-in-middle
attack at one time. It is good because it proposes so many approaches
in one paper. In addition, the author presented a strong proof of
Theorem 1 in part 4, which effectively specifies the security of the
proposed protocols. One protocol, called DH-SC, allows users to
compare very short string context instead of long ones. Another
protocol, called DH-IC which is given in the point of the hardware
implementation, makes a positive attacker impossible to modify
messages
What are its weaknesses?
In the Part 3, when the author presents the DH-SC protocol, the author
doesn’t say how for the user to compare the short message, that is why
ia=ib?
Another weakness is that the author does not discuss how to combine
this approach to the practical problems in wireless communication
world.
What is some possible future work?
We would consider applying this method to authentications of other
scenarios. We can also think out a specific application scenario in
wireless communication field which can make use of this approach, like
in the secure ad hoc network routing problems.
============================================================================
* What are the contributions of the paper? This paper addresses
* the issue of key agreement protocol in Peer-Peer wireless
* network. It presents enhancements for Diffie-Hellman Key
* Exchange based on visual string comparison, distance bounding
* and integrity-codes. It also proves the security of it in The
* Modular Approach introduced by Bellare, Canetti, and Krawczyk.
* What is the quality of the presentation? Presentation of the
* paper is quite informative, giving most of the information in
* precise manner.
* What are the strengths of the paper? The paper provides three
* protocols for Key Agreement in Peer-Peer wireless network
* without any physical and Infrared connectivity between the
* devices. It uses the radio frequency signal and ultra sound
* signal for that purpose. User also proves the protocols in one
* of the established approaches.
* What are its weaknesses? The protocol proving does not use
* reductionist approach to prove the security. The comparison
* between 3 protocols based on various parameters like security,
* computation time, human intervention should have been included.
* What is some possible future work? - Other Key agreement
* protocols like ephemeral Diffie-Hellman, RSA based key agreement
* needs to be considered in the setting defined by authors. -
* Comparison with other key agreement protocols based IR based
* techniques or those involving physical connection between devices
* also needs to be carried out.
============================================================================