RSA Laboratories

Drifting Keys: Impersonation Detection for Constrained Devices

Citation: K. Bowers and A. Juels and R. Rivest and E. Shen. Drifting Keys: Impersonation Detection for Constrained Devices. INFOCOM, 2013. To appear.

Abstract: We introduce Drifting Keys (DKs), a simple new approach to detecting device impersonation. DKs enable detection of complete compromise by an attacker of the device and its secret state, e.g., cryptographic keys. A DK evolves within a device randomly over time. Thus a clone device created by the attacker will emit DKs that randomly diverge from those in the original, valid device over time, alerting a trusted verifier to the attack.

DKs may be transmitted unidirectionally from a device, eliminating interaction between the device and verifier. Device emissions of DK values can be quite compact—even just a single bit—and DK evolution and emission require minimal computation. Thus DKs are well suited for highly constrained devices, such as sensors and hardware authentication tokens.

We offer a formal adversarial model for DKs, and present a simple scheme that we prove essentially optimal (undominated) for a natural class of attack timelines. We explore application of this scheme to one-time passcode authentication tokens. Using the logs of a large enterprise, we experimentally study the effectiveness of DKs in detecting the cloning of such tokens.

Click here for paper

Full Publication List