IEEE Paper Presentation

Transcript

1. Time-based One-Time Password for Wi-Fi Authentication and Security ▸ Chandramohan

   Sudar ([email protected]) ▸ Arjun S.K. ([email protected]) ▸ Deepthi L.R. ([email protected]) ▸ Authors Amrita Vishwa Vidyapeetham

2. >RANDOM FACTS & FIGURES • 67% of Internet Users Haven’t

   Changed Passwords After Heartbleed • Business insiders forecast there will be 34 billion devices connected to the internet by 2020, up from 10 billion in 2015. IoT devices will account for 24 billion. • With a whopping 71% of mobile communications flowing over wireless internet, Wi-Fi is now the biggest transmitter of communications around the world. • These five user passwords accounted for 3.2 million of the 130 million accounts that were stolen in the Adobe hack of 2013: “123456,” “12345678,” “Password,” “Adobe123” and “12345678.”(Lazy)

3. >PROBLEM STATEMENT ▸ Add a new layer of security to

   future WiFi Devices

4. >BACKGROUND

5. >EXISTING SOLUTION ▸ Manually update password periodically ▸ Tedious task

   of passing the new password ▸ Update Password in all the previously connected devices ▸ Keep a very tough password ( something like : &W#$!@ ) ▸ We become dependent on some plugins ▸ Write down somewhere

6. >PROPOSED SOLUTION ▸ Automate the process of changing password in

   Server ▸ Dynamically update password in the Client ▸ Maintain a sync in password, among the connected devices ▸ Black-Box the process of connecting to WiFi Network

7. >CURRENT WIFI SECURITY MECHANISM’S ▸ Password based : ▸ Session

   based : ▸ WEP ▸ WPA ▸ WPA2 ▸ Captive portal

8. >QUOTE “ Password is by far the weakest link in

   cyber security today ”

9. >CONS : PASSWORD BASED ▸ Common Attacks ▸ Brute Forcing

   ▸ Dictionary Attack

10. >CONS : PASSWORD BASED Cont. ▸ Rainbow Attack ▸ Phishing

11. >SESSION BASED ▸ Captive Portals

12. >CONS : SESSION BASED ▸ Issues ▸ Requires a browser

    to login. ( Not suitable for IOT devices. ) ▸ Prone to network sniffing ▸ Breach of Privacy

13. >PROPOSED SOLUTION - FLOW DIAGRAM

14. >ALGO ▸ A shared secret (a sequence of bytes) ▸

    An input derived from the current time ▸ A signing function Ingredients

15. >ALGO - FLOW CHART

16. >RESULT ▸ Password syncs among all the connected devices.

17. >CURRENT ISSUES In almost all the WiFi Hotspot devices, updating

    credentials involves: 1. Flashing the credential to EEPROM. 2. Rebooting the device with current settings. Rebooting time is unavoidable and it is the main cause of latency.

18. >FUTURE SCOPE ▸New WiFi standard ▸Security in IOT connectivity

19. >FINAL WORDS ▸This Project can be targeted to upcoming IOT

    world, where device connectivity as well as security is a major priority. ▸Since this is a offline security protocol, there should be a syncing parameter to get a consistent output. And also because IOT devices connectivity is handled locally, time is chosen to be this parameter.

20. >REFERENCES [1] D. MRaihi, S. Machani, M. Pei & J.

    Rydell, TOTP: Time-Based One- Time Password Algorithm, Internet Engineering Task Force, May 2011. https://tools.ietf.org/html/rfc6238 [2] Eric Grosse & Mayank Upadhyay, Authentication at Scale, IEEE Security & Privacy, Volume 11, issue 1, pages 15-22, Jan.-Feb. 2013 [3] Changhua He, Analysis of Security Protocols for Wireless Networks, Department of Electrical Engineering, Stanford University, December 2005. http://theory.stanford.edu/˜changhua/thesis full.pdf [4] Gowtham, R. & Krishnamurthi I. A comprehensive and efficacious architecture for detecting phishing webpages, Computers and Security, Volume 40, Pages 23-37, February 2014 [5] Srivastava S. & Sivasankar M., On the generation of alphanumeric one time passwords, Proceedings of the International Conference on Inventive Computation Technologies, ICICT 2016, Volume 1, January 2017

21. >EXIT0 THANK YOU :)

22. >TOTP PSUEDO CODE original_secret = xxxx xxxx xxxx xxxx xxxx

    xxxx xxxx xxxx secret = BASE32_DECODE(TO_UPPERCASE(REMOVE_SPACES(original_secret))) input = CURRENT_UNIX_TIME() / 30 hmac = SHA1(secret + SHA1(secret + input)) offset = hmac[len(hmac)-1] & 0x0F //Last nibble four_bytes = hmac[offset : offset+4] large_integer = INT(four_bytes) small_integer = large_integer % 100000000

23. >CURRENT ISSUES ▸ Implementing it on Arduino.

24. >CURRENT ISSUES ▸ Implementing it on Modem via PC. We

    can create scripts to change the password of WiFi hotspot. But still it requires modem rebooting, creating latency for periodic update.

25. >CURRENT ISSUES ▸ Implementing it on Android OS as System

    App. Negligible increase in performance when compared to our user app.