Exploiting Mobility for Key Establishment

Author

Nicholson, Anthony J. ; Han, Junghee ; Watson, David ; Noble, Brian D.

Author_Institution

Michigan Univ., Ann Arbor, MI

fYear

2005

fDate

1-1 Aug. 2005

Firstpage

61

Lastpage

68

Abstract

Despite years of research on security and cryptography, the vast majority of Internet communications are still unencrypted. We argue the blame lies not with users but with the tools they have available to them. Securing a communication channel with encryption is easy - the hard part is distributing keys in the first place. Current solutions rely ultimately on user actions -verification of encryption keys by inspecting either fingerprints or certificates. Instead, we present a model in which keys are established insecurely and automatically confirmed by exchanging cryptographic hashes of the key. To thwart an active attacker, hashes must travel over some path the attacker does not control. To do so, we exploit users´ everyday mobility, plus the capabilities of an overlay network, to resend hashes from diverse access points. Initial simulation and field results support our claim that this generates routes sufficiently diverse to foil all but the most powerful attackers, without requiring explicit action on the part of users

Keywords

Internet; cryptography; telecommunication security; Internet communications; communication channel security; cryptographic hashes; encryption key verification; key distribution; overlay network; Automatic control; Communication channels; Data security; Fingerprint recognition; Internet; Power generation; Protocols; Public key; Public key cryptography; Usability;

fLanguage

English

Publisher

ieee

Conference_Titel

Mobile Computing Systems and Applications, 2006. WMCSA '06. Proceedings. 7th IEEE Workshop on

Conference_Location

Orcas Island, WA

ISSN

1550-6193

Print_ISBN

0-7695-2439-7

Type

conf

DOI

10.1109/WMCSA.2006.9

Filename

1691715