Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content

FuzzyKey: Comparing Fuzzy Cryptographic Primitives on Resource-Constrained Devices

  • Conference paper
  • First Online:
Smart Card Research and Advanced Applications (CARDIS 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 13173))

Abstract

Implantable medical devices, sensors and wearables are widely deployed today. However, establishing a secure wireless communication channel to these devices is a major challenge, amongst others due to the constraints on energy consumption and the need to obtain immediate access in emergencies. To address this issue, researchers have proposed various key agreement protocols based on the measurement of physiological signals such as a person’s heart signal. At the core of such protocols are fuzzy cryptographic primitives that allow to agree on a shared secret based on several simultaneous, noisy measurements of the same signal. So far, although many fuzzy primitives have been proposed, there is no comprehensive evaluation and comparison yet of the overhead that such methods incur on resource-constrained embedded devices. In this paper, we study the feasibility of six types of fuzzy cryptographic primitives on embedded devices for 128-bit key agreement. We configure several variants for each fuzzy primitive under different parameter selections and mismatch rates of the physiological signal measurements on an MSP430 microcontroller, and then measure and compare their energy consumption and communication overhead. The most efficient constructions consume between 0.021 mJ and 0.198 mJ for the transmitter and between 0.029 mJ and 0.380 mJ for the receiver under different mismatch rates. Subsequently, we modify the best performing methods so that they run in constant time to protect against timing side-channel attacks, and observe that these changes only minimally affect resource consumption. Finally, we provide open-source implementations and energy consumption data of each fuzzy primitive as a reference for real-world designs.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Apart from being used in PS-based key exchange protocols, fuzzy schemes are also used in other areas such as biometrics and Physical Unclonable Functions (PUFs) [3, 5, 9, 10], where traditional cryptographic algorithms are not directly applicable.

  2. 2.

    However, this requirement can be alleviated with the combination of a Password Authenticated Key Exchange (PAKE), as shown in [18]. Note that fuzzy extractors can still be securely used even if the inputs are not uniformly distributed.

  3. 3.

    BLE is already being used in commercial IMDs e.g., Medtronic Azure pacemakers [1].

References

  1. Medtronic Azure pacing system. https://europe.medtronic.com/xd-en/healthcare-professionals/products/cardiac-rhythm/pacemakers/azure.html

  2. Simon Rockliff’s Reed-Solomon encoder/decoder. http://www.eccpage.com/rs.c

  3. Abidin, A., Argones Rúa, E., Peeters, R.: Uncoupling biometrics from templates for secure and privacy-preserving authentication. In: ACM SACMAT (2017)

    Google Scholar 

  4. Al Reshan, M., Liu, H., Hu, C., Yu, J.: MBPSKA: multi-biometric and physiological signal-based key agreement for body area networks. IEEE Access 7, 78484–78502 (2019)

    Article  Google Scholar 

  5. Billeb, S., Rathgeb, C., Reininger, H., Kasper, K., Busch, C.: Biometric template protection for speaker recognition based on universal background models. IET Biometrics 4(2), 116–126 (2015)

    Article  Google Scholar 

  6. Calleja, A., Peris-Lopez, P., Tapiador, J.E.: Electrical heart signals can be monitored from the moon: security implications for IPI-based protocols. In: WISTP, pp. 36–51 (2015)

    Google Scholar 

  7. Cherukuri, S., Venkatasubramanian, K.K., Gupta, S.K.S.: BioSec: a biometric based approach for securing communication in wireless networks of biosensors implanted in the human body. In: ICPP, pp. 432–439 (2003)

    Google Scholar 

  8. Crossbow Technology Inc.: TelosB Mote Platform datasheet, Rev. B, https://www.willow.co.uk/TelosB_Datasheet.pdf

  9. Delvaux, J., Gu, D., Schellekens, D., Verbauwhede, I.: Helper data algorithms for PUF-based key generation: overview and analysis. IEEE TCAD 34(6), 889–902 (2015)

    Google Scholar 

  10. Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38(1), 97–139 (2008)

    Article  MathSciNet  Google Scholar 

  11. Halperin, D., Heydt-Benjamin, T.S., Fu, K., Kohno, T., Maisel, W.H.: Security and privacy for implantable medical devices. IEEE Pervasive Comput. Spec. Issue Implantable Electron. 7, 30–39 (2008)

    Article  Google Scholar 

  12. Hinterwälder, G., Moradi, A., Hutter, M., Schwabe, P., Paar, C.: Full-size high-security ECC implementation on MSP430 microcontrollers. In: Aranha, D.F., Menezes, A. (eds.) LATINCRYPT 2014. LNCS, vol. 8895, pp. 31–47. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-16295-9_2

    Chapter  Google Scholar 

  13. Hirose, S.: Some plausible constructions of double-block-length hash functions. In: FSE, pp. 210–225 (2006)

    Google Scholar 

  14. Hu, C., Cheng, X., Zhang, F., Wu, D., Liao, X., Chen, D.: OPFKA: secure and efficient ordered-physiological-feature-based key agreement for wireless body area networks. In: INFOCOM (2013)

    Google Scholar 

  15. Juels, A., Sudan, M.: A fuzzy vault scheme. Des. Codes Crypt. 38(2), 237–257 (2006)

    Article  MathSciNet  Google Scholar 

  16. Juels, A., Wattenberg, M.: A fuzzy commitment scheme. In: ACM CCS (1999)

    Google Scholar 

  17. Kholmatov, A., Yanikoglu, B.: Realization of correlation attack against the fuzzy vault scheme. In: Security, Forensics, Steganography, and Watermarking of Multimedia Contents X, vol. 6819, p. 68190O. SPIE (2008)

    Google Scholar 

  18. Li, X., Zeng, Q., Luo, L., Luo, T.: T2Pair: secure and usable pairing for heterogeneous IoT devices. In: ACM CCS, pp. 309–323 (2020)

    Google Scholar 

  19. Lin, S., Costello, D.J.: Error Control Coding, vol. 2. Prentice Hall (2001)

    Google Scholar 

  20. Marin, E., Argones Rúa, E., Singelée, D., Preneel, B.: On the difficulty of using patient’s physiological signals in cryptographic protocols. In: ACM SACMAT, pp. 113–122 (2019)

    Google Scholar 

  21. Marin, E., Mustafa, M.A., Singelée, D., Preneel, B.: A privacy-preserving remote healthcare system offering end-to-end security. In: Mitton, N., Loscri, V., Mouradian, A. (eds.) ADHOC-NOW 2016. LNCS, vol. 9724, pp. 237–250. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-40509-4_17

    Chapter  Google Scholar 

  22. Marin, E., Singelée, D., Garcia, F.D., Chothia, T., Willems, R., Preneel, B.: On the (in)security of the latest generation implantable cardiac defibrillators and how to secure them. In: ACSAC, pp. 226–236 (2016)

    Google Scholar 

  23. Marin, E., Singelée, D., Yang, B., Verbauwhede, I., Preneel, B.: On the feasibility of cryptography for a wireless insulin pump system. In: CODASPY (2016)

    Google Scholar 

  24. Marin, E., et al.: Securing wireless neurostimulators. In: CODASPY, pp. 287–298 (2018)

    Google Scholar 

  25. de Meulenaer, G., Gosset, F., Standaert, F., Pereira, O.: On the energy cost of communication and cryptography in wireless sensors networks. In: IEEE WiMob, pp. 580–585 (2008)

    Google Scholar 

  26. Ortiz Martin, L., Picazo-Sanchez, P., Peris-Lopez, P., Tapiador, J.: Heartbeats do not make good pseudo-random number generators: an analysis of the randomness of inter-pulse intervals. Entropy 20, 94 (2018)

    Article  Google Scholar 

  27. Rathgeb, C., Uhl, A.: Statistical attack against fuzzy commitment scheme. IET Biometrics 1(2), 94–104 (2012)

    Article  Google Scholar 

  28. Reparaz, O., Balasch, J., Verbauwhede, I.: Dude, is my code constant time? In: DATE, pp. 1697–1702. IEEE (2017)

    Google Scholar 

  29. Reverberi, L., Oswald, D.: Breaking (and fixing) a widely used continuous glucose monitoring system. In: USENIX WOOT (2017)

    Google Scholar 

  30. Rostami, M., Juels, A., Koushanfar, F.: Heart-to-Heart (H2H): authentication for implanted medical devices. In: ACM CCS, pp. 1099–1112 (2013)

    Google Scholar 

  31. Seepers, R.M., Strydis, C., Peris-Lopez, P., Sourdis, I., Zeeuw, C.I.D.: Peak misdetection in heart-beat-based security: characterization and tolerance. In: EMBC, pp. 5401–5405 (2014)

    Google Scholar 

  32. Seepers, R.M., Wang, W., de Haan, G., Sourdis, I., Strydis, C.: Attacks on heartbeat-based security using remote photoplethysmography. IEEE J-BHI 22(3), 714–721 (2018)

    Google Scholar 

  33. Singelée, D., Seys, S., Batina, L., Verbauwhede, I.: The energy budget for wireless security: extended version. IACR Cryptol. ePrint Arch. 2015, 1029 (2015)

    Google Scholar 

  34. TI: AN092: Measuring Bluetooth Low Energy Power Consumption (2012)

    Google Scholar 

  35. TI: MSP430FR596x, MSP430FR594x Mixed-Signal Microcontrollers datasheet (2012). rev. G. https://www.ti.com/lit/gpn/msp430fr5969

  36. TI: MSP430FR599x, MSP430FR596x Mixed-Signal Microcontrollers datasheet (2016). rev. C. https://www.ti.com/lit/gpn/msp430fr5994

  37. Venkatasubramanian, K.K., Banerjee, A., Gupta, S.: Plethysmogram-based secure inter-sensor communication in body area networks. In: IEEE MILCOM (2008)

    Google Scholar 

  38. Venkatasubramanian, K.K., Banerjee, A., Gupta, S.K.S.: PSKA: usable and secure key agreement scheme for body area networks. IEEE T-ITB 14(1), 60–68 (2010)

    Google Scholar 

  39. Venkatasubramanian, K.K., Gupta, S.K.S.: Physiological value-based efficient usable security solutions for body sensor networks. ACM TOSN 6(4), 1–36 (2010)

    Article  Google Scholar 

  40. Xu, F., Qin, Z., Tan, C.C., Wang, B., Li, Q.: IMDGuard: securing implantable medical devices with the external wearable guardian. In: IEEE INFOCOM (2011)

    Google Scholar 

Download references

Acknowledgements

This work is funded in part by the European Union’s Horizon 2020 Research and innovation program under grant agreement No. 826284 (ProTego), the FWO-SBO project SPITE, and by the Engineering and Physical Sciences Research Council (EPSRC) under grant EP/R012598/1. Mo Zhang is funded by the Priestley PhD Scholarship programme. The ECC decoding methods were based in part on the source code of Simon Rockliff [2].

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Mo Zhang .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zhang, M., Marin, E., Oswald, D., Singelée, D. (2022). FuzzyKey: Comparing Fuzzy Cryptographic Primitives on Resource-Constrained Devices. In: Grosso, V., Pöppelmann, T. (eds) Smart Card Research and Advanced Applications. CARDIS 2021. Lecture Notes in Computer Science(), vol 13173. Springer, Cham. https://doi.org/10.1007/978-3-030-97348-3_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-97348-3_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-97347-6

  • Online ISBN: 978-3-030-97348-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics