Secure In-Band Bootstrapping for Wireless Personal Area Networks

摘要

Wireless personal area network (WPAN) is small-ranged network centered at an individual for interconnecting personal devices. For such a network, the bootstrapping mechanism with which the devices establish a secure group key is of critical importance. Most existing bootstrapping mechanisms require out-of-band channels and involve human interactions for authentication. In this paper, we aim to develop a fully automated bootstrapping mechanism with only in-band channels with approvable security. Toward this end, we designed an integrity-guaranteed message (IGM) structure, a self-authenticated key agreement protocol, and a prescheduling mechanism in allusion to the IEEE 802.15.4 standard for WPANs. The IGM structure guarantees that an adversary cannot modify the IGM message without being detected, thus protects the message integrity without the requirement of shared secrets between the sender and the receiver devices. The proposed self-authenticated key agreement protocol utilizes the IGM's integrity guaranteed property, works together with the prescheduling mechanism to achieve message self-authentication, thus protecting the secure bootstrapping process from the node impersonation attack and the man-in-the-middle attack without leveraging any out-of-band channels. We analyze the security performance of the proposed schemes, and show that they can be seamless interoperative with the existing IEEE 802.15.4 standard.