Secure communication without secret keys

A practical scheme was proposed to securely communicate without eavesdropping with no need to share secret keys beforehand. The proposed scheme finds many applications where secure communications are especially important but in which sharing secret keys is hard or infeasible, e.g. e-passports and smart payments. As a use case, they developed a test system and demonstrated how to make e-passports secure from eavesdropping by using the proposed idea.

Article | Spring 2019

A team of Korean researchers made a seemingly contradictory claim that there is a practical way to securely communicate from eavesdropping even without sharing secret keys beforehand. Strange as it may sound, the idea was originally proposed in 1970s, and there have been lengthy efforts to put the idea to practical use since then. The idea can be summarized as follows. A message is represented by a set of sequences from which a sequence is randomly chosen to be transmitted.

Thus, a message will be represented by a different sequence each time even if the same message is repeatedly transmitted, which confuses the eavesdropper. Recently, the research team proposed an interesting scheme that enables one to implement the original idea in a practical way and quantitatively evaluate how secure the designed scheme is. More importantly, the proposed scheme is especially suitable for low-complexity and low-energy consuming devices, e.g. passive radio-frequency identifications (RFIDs), which are often not affordable for employing classical security mechanisms based on pre-shared secret keys.

Professor Jeongseok Ha and his research team found that the protocol of the e-passport system is especially vulnerable to eavesdropping, which was also demonstrated by Transportation Security Administration (TSA). While e-passports contain sensitive biometric data such as fingerprints, due to political issues, a conventional security mechanism based on the secret key sharing cannot be adopted to prevent the potential eavesdropping. The research team claimed that their proposed scheme finds an ideal application in the e-passport system. They developed a test system shown in Figure 1 and demonstrated that the proposed scheme effectively resolves the security issue associated with e-passports.

 

The researchers implemented the security protocol and wireless transmission scheme using the software defined radio (SDR) and overheard the communication between an e-passport and reader with/without the proposed scheme. The experiment clearly revealed the potential risk in the e-passport, i.e. the vulnerability of eavesdropping and demonstrated that the proposed scheme drastically strengthens the security of e-passports without resorting to the troublesome secret key sharing.

Professor Ha said, “Future wireless communication networks will be full of small wireless devices gathering sensitive personal information. There must be innovative ways to make the low-complexity devices secure enough from ever-growing security threats. I hope that the proposed scheme will be a small but meaningful step towards securing future wireless networks.”