The Candidate Key Protocol for Generating Secret Shared Keys from Similar Sensor Data Streams

  • Rene Mayrhofer
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4572)


Secure communication over wireless channels necessitates authentication of communication partners to prevent man-in-the-middle attacks. For spontaneous interaction between independent, mobile devices, no a priori information is available for authentication purposes. However, traditional approaches based on manual password input or verification of key fingerprints do not scale to tens to hundreds of interactions a day, as envisioned by future ubiquitous computing environments. One possibility to solve this problem is authentication based on similar sensor data: when two (or multiple) devices are in the same situation, and thus experience the same sensor readings, this constitutes shared, (weakly) secret information. This paper introduces the Candidate Key Protocol (CKP) to interactively generate secret shared keys from similar sensor data streams. It is suitable for two-party and multi-party authentication, and supports opportunistic authentication.


context authentication sensor data cryptographic hash 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Weiser, M.: The computer of the twenty-first century. Scientific American 1496, 94–100 (September 1991)CrossRefGoogle Scholar
  2. 2.
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. on Information Theory IT-22(6), 644–654 (1976)CrossRefMathSciNetGoogle Scholar
  3. 3.
    Maurer, U.M.: Perfect cryptographic security from partially independent channels. In: Proc. STOC 1991: 23rd ACM Symp. on Theory of Computing, May 1991, pp. 561–571. ACM Press, New York (1991)CrossRefGoogle Scholar
  4. 4.
    Juels, A., Wattenberg, M.: A fuzzy commitment scheme. In: Proc. 6th ACM Conf. on Computer and Communications Security, pp. 28–36. ACM Press, New York (1999)CrossRefGoogle Scholar
  5. 5.
    Juels, A., Sudan, M.: A fuzzy vault scheme. Cryptology ePrint Archive, Report 2002/093 (July 2002)Google Scholar
  6. 6.
    Dodis, Y., Smith, A.: Correcting errors without leaking partial information. In: Proc. STOC 2005: 37th ACM Symp. on Theory of Computing, May 2005, pp. 654–663. ACM Press, New York (2005)CrossRefGoogle Scholar
  7. 7.
    Maurer, U., Wolf, S.: Secret-key agreement over unauthenticated public channels — part i: Definitions and a completeness result. IEEE Trans. on Information Theory 49(4), 822–831 (2003)zbMATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Maurer, U., Wolf, S.: Secret-key agreement over unauthenticated public channels — part ii: The simulatability condition. IEEE Trans. on Information Theory 49(4), 832–838 (2003)zbMATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Maurer, U., Wolf, S.: Secret-key agreement over unauthenticated public channels — part iii: Privacy amplification. IEEE Trans. on Information Theory 49(4), 839–851 (2003)zbMATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Renner, R., Wolf, S.: Unconditional authenticity and privacy from an arbitrarily weak secret. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 78–95. Springer, Heidelberg (2003)Google Scholar
  11. 11.
    Boyko, V.M.P., Patel, S.: Provably secure password-authenticated key exchange using Diffie-Hellman. Cryptology ePrint Archive, Report 2000/044 (2000)Google Scholar
  12. 12.
    Rivest, R.L., Shamir, A.: How to expose an eavesdropper. Commununications of ACM 27(4), 393–394 (1984)CrossRefGoogle Scholar
  13. 13.
    Gehrmann, C., Mitchell, C.J., Nyberg, K.: Manual authentication for wireless devices. RSA Cryptobytes 7(1), 29–37 (2004)Google Scholar
  14. 14.
    Pasini, S., Vaudenay, S.: An optimal non-interactive message authentication protocol. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 280–294. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Stajano, F., Anderson, R.: The resurrecting duckling: Security issues for ad-hoc wireless networks. In: Proc. 7th Int. Workshop on Security Protocols, April 1999, pp. 172–194. Springer, Heidelberg (1999)Google Scholar
  16. 16.
    Hoepman, J.H.: The emphemeral pairing problem. In: Proc. 8th Int. Conf. Financial Cryptography, February 2004, pp. 212–226. Springer, Heidelberg (2004)Google Scholar
  17. 17.
    Hoepman, J.H.: Ephemeral pairing on anonymous networks. In: Hutter, D., Ullmann, M. (eds.) SPC 2005. LNCS, vol. 3450, pp. 101–116. Springer, Heidelberg (2005)Google Scholar
  18. 18.
    Vaudenay, S.: Secure communications over insecure channels based on short authenticated strings. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, Springer, Heidelberg (2005)Google Scholar
  19. 19.
    Creese, S., Goldsmith, M., Harrison, R., Roscoe, B., Whittaker, P., Zakiuddin, I.: Exploiting empirical engagement in authenticated protocol design. In: Hutter, D., Ullmann, M. (eds.) SPC 2005. LNCS, vol. 3450, pp. 119–133. Springer, Heidelberg (2005)Google Scholar
  20. 20.
    Čagalj, M., Čapkun, S., Hubaux, J.P.: Key agreement in peer-to-peer wireless networks. IEEE (Special Issue on Cryptography and Security) 94, 467–478 (2006)Google Scholar
  21. 21.
    TinyOS Alliance: TinyOS web page (2006),
  22. 22.
    Mayrhofer, R., Gellersen, H.: Shake well before use: Authentication based on accelerometer data. In: Proc. Pervasive 2007: 5th International Conference on Pervasive Computing, May 2007, Springer, Heidelberg (to appear, 2007)Google Scholar
  23. 23.
    Carter, L., Wegman, M.: Universal classes of hash functions. Journal of Computer and System Science 18, 143–154 (1979)zbMATHCrossRefMathSciNetGoogle Scholar
  24. 24.
    Bennett, C.H., Brassard, G., Crépeau, C., Maurer, U.: Generalized privacy amplification. IEEE Transaction on Information Theory 41(6), 1915–1923 (1995)zbMATHCrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Rene Mayrhofer
    • 1
  1. 1.Lancaster University, Computing Department, South Drive, Lancaster LA1 4WAUK

Personalised recommendations