The essence of information assurance resides in the ability of the legitimate communication parties to establish and maintain an advantage over their adversary. Most often, such an advantage is in the form of a secret key. The high costs associated with standard key establishment protocols motivate the recent surge of less conventional protocols, which derive the legitimate parties' advantage from physical features (the adversary may have a worse channel than the legitimate receiver) or from correlated sources of randomness (accelerometer readings when two devices are shaken together). The main drawback is that the devices will usually not be aware of their physical location relative to each-other. Therefore, human intervention (generally recognized as the weakest link in security protocols) is required to inform them that a secure environment has been realized. Even if the devices automatically measure their relative distance, they cannot know whether they're at home, or in a crowded bus. Moreover, whether automatic or human-initiated, such key exchanges rely on the security of an underlying authentication protocol. The goal of this project is to explore an entirely overlooked resource for key establishment: Time. The project investigates how the long and uninterrupted time intervals spent in secure environments can be used to create or complement secure key-establishment protocols for low-cost wireless consumer electronics. The derived protocols have to (1) stand alone (not rely on the security of other protocols, like authentication) and (2) be automatic (not require human intervention). The proposed research will be applicable to a broad spectrum of information-assurance applications, and has the potential to inspire an abundance of related research, and create opportunities for both undergraduate and graduate students (in particular minority and female) to participate in the cutting-edge research.
To avoid the reliance on human interaction or authentication mechanisms, one research direction is to implement a counter-intuitive paradigm: one of the legitimate parties creates a puzzle and outputs time-throttled clues, while the other legitimate parties gather clues until they are able to solve the puzzle and process its solution into a secret key. The idea is based around ciphers that leak information at an exponential rate over time. Therefore, metrics for key-information leakage are needed to quantify both the availability at the legitimate parties, and the security from an adversary. The project consists of three major simultaneous tasks: (a) the construction of a formal mathematical framework for evaluating the security of time-based key-establishment protocols, under the puzzle-based paradigm, and the investigation of new paradigms fit for time-based security; (b) the design and evaluation of such protocols for low-cost wireless devices (that may have neither an objective notion of time, nor the computational resources to engage in advantage distillation, information reconciliation or privacy amplification); (c) implementation of the resulted solutions on a physical wireless testbed.