• Aucun résultat trouvé

Introducing a Verified Authenticated Key Exchange Protocol over Voice Channels for Secure Voice Communications

N/A
N/A
Info
Télécharger
Protected

Academic year: 2021

Partager "Introducing a Verified Authenticated Key Exchange Protocol over Voice Channels for Secure Voice Communications"

Copied!
2
0
0

Chargement.... (Voir le texte intégral maintenant)

Texte intégral

(1)

HAL Id: hal-03059639

https://hal.archives-ouvertes.fr/hal-03059639v2

Submitted on 7 Jan 2021

HAL is a multi-disciplinary open access

archive for the deposit and dissemination of sci-entific research documents, whether they are pub-lished or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers.

L’archive ouverte pluridisciplinaire HAL, est destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d’enseignement et de recherche français ou étrangers, des laboratoires publics ou privés.

Introducing a Verified Authenticated Key Exchange Protocol over Voice Channels for Secure Voice

Communications

Piotr Krasnowski, J. Lebrun, B. Martin

To cite this version:

Piotr Krasnowski, J. Lebrun, B. Martin. Introducing a Verified Authenticated Key Exchange Protocol over Voice Channels for Secure Voice Communications. 6th International Conference on Information Systems Security and Privacy, Feb 2020, Valetta, Malta. �hal-03059639v2�

(2)

Introducing a Verified Authenticated Key Exchange Protocol

over Voice Channels for Secure Voice Communications

P. Krasnowski, J. Lebrun, B. Martin

krasnowski@i3s.unice.fr

Université Côte d'Azur • I3S-CNRS

The VE device provides real-time secure voice communications over 2G-4G networks and VoIP (Skype, WhatsApp, Signal...).

Voice Encryption (VE) device

Sending data over voice channel

Protocol design challenges

• low bandwidth (~ 2kbps)

• signal distortion (~ 5-10% BER)

• flexible authentication (no shared secret by default)

Short Authentication String (SAS)

speech voice channel

secured voice domain

(VoIP, cellular)

speech

audio-like

data audio-likedata

Received signal can be decoded and decrypted only by a paired VE device sharing the cryptographic key.

Recorded speech is encrypted into audio signal, adapted to transmis-sion over voice channels with Voice Activity Detection.

The Session Key is freshly generated for each secure call, requiring a de-dicated authenticated KE protocol.

Figure: The VE device visualization

Figure: Secure voice communication scheme

Voice compression, filtering and quantization introduced by digital voice channels significantly distort the signal. Data over Voice (DoV) technique encodes binary data into a waveform with voice-like properties. The DoV signal is robust against blockage by voice detection algorithms and withstands voice compression by popular voice coders like AMR or Silk.

time

frequency frequency

time

Short string of digits or words displayed on two VE devices after each key exchange. SAS is cooperatively compared vocally by speakers in order to verify the equality of strings.

• Speaker's voice recognition • Session Key validation

• detecting a MITM adversary

Figures: Spectrum of two different DoV techniques.

Figure: The VE device in encryption mode.

• long round-trip time (~ 2s) • no Public Key Infrastructure

Encrypted call

SAS: 412847

The proposed ECDHE key exchange protocol is highly adapted to the constraints of real-world voice-channels and is based on well-established and easily implementable primitives.

The security of the protocol relies on a scrupulous and cooperative authentication of speakers. Careless signature distribution or vocal verification are the biggest security threats.

New advances in artificial speech synthesis pose risk to security of vocal verification. Level of authentication can be improved by introducing contextual questions.

This work is supported by grant DGA Cifre-Defense program No 01D17022178 DGA/DS/MRIS.

Conclusions

Formal Verification with Tamarin Prover

ECDHE Authenticated Key Exchange

Références

Télécharger maintenant ( PDF - 2 Page - 3.34 MB )

Documents relatifs

A Secure and Authenticated Key Management Protocol (SA-KMP) for Vehicular Networks

DoS Attack – By the proposed SA-KMP scheme, DoS attacks are mitigated because the vehicle has to verify the signature pair of the RSU to extract the commitment value for

PROVABLE SECURITY ANALYSIS FOR THE PASSWORD AUTHENTICATED KEY EXCHANGE

• D A “simulates” the challenger in the FS-IND-RoR experiment and initializes A on random tape rt A. Additionally, when a bad event occurs, e.g. Now we investigate the reverse,

Authenticated Key Exchange (AKE) in Delay Tolerant Networks

The key agreement protocols we selected for comparison are the Key Ex- change Algorithm (KEA) [20], the one-pass version (KEA1) and the version with key confirmation (KEAA), the

Design and Implementation of a Voice Feedback Device for Voice Loudness Control

The system switches to amplification level 2 when the user wants to increase speaking voice loudness in a loud environment by decreasing heard voice loudness. If the user wants to

Voice over IEEE 802.11b Capacity

G711 allows up to 5 simultaneous calls, GSM-EFR up to 12, and G723.1 up to 18 for a voice quality greater than and a network delay of ms..

Universally Composable Relaxed Password Authenticated Key Exchange

(The ideal PAKE functionality then allows the simulator, and hence the real-world adversary, to control the session key output by this instance if the provided password guess

Human Computing for Handling Strong Corruptions in Authenticated Key Exchange

Our Confirmed HAKE is designed to rely on such HC functions (whose security can tolerate very few adaptive queries): after the PAKE completion using the first response, the human

Multi-Factor Authenticated Key Exchange

This can be seen as a strong limitation, but it is not in practice: if the password and the secret keys are compromised, an adversary can easily play the role of the server, since