Sea of Lights: Practical Device-to-Device Security Bootstrapping in the Dark

by   Flor Álvarez, et al.

Practical solutions to bootstrap security in today's information and communication systems critically depend on centralized services for authentication as well as key and trust management. This is particularly true for mobile users. Identity providers such as Google or Facebook have active user bases of two billion each, and the subscriber number of mobile operators exceeds five billion unique users as of early 2018. If these centralized services go completely `dark' due to natural or man made disasters, large scale blackouts, or country-wide censorship, the users are left without practical solutions to bootstrap security on their mobile devices. Existing distributed solutions, for instance, the so-called web-of-trust are not sufficiently lightweight. Furthermore, they support neither cross-application on mobile devices nor strong protection of key material using hardware security modules. We propose Sea of Lights(SoL), a practical lightweight scheme for bootstrapping device-to-device security wirelessly, thus, enabling secure distributed self-organized networks. It is tailored to operate `in the dark' and provides strong protection of key material as well as an intuitive means to build a lightweight web-of-trust. SoL is particularly well suited for local or urban operation in scenarios such as the coordination of emergency response, where it helps containing/limiting the spreading of misinformation. As a proof of concept, we implement SoL in the Android platform and hence test its feasibility on real mobile devices. We further evaluate its key performance aspects using simulation.



There are no comments yet.


page 4

page 5


SafetyPin: Encrypted Backups with Human-Memorable Secrets

We present the design and implementation of SafetyPin, a system for encr...

The Untold Secrets of Operational Wi-Fi Calling Services: Vulnerabilities, Attacks, and Countermeasures

Since 2016, all of four major U.S. operators have rolled out nationwide ...

ZKSENSE: a Privacy-Preserving Mechanism for Bot Detection in Mobile Devices

CAPTCHA systems have been widely deployed to identify and block fraudule...

Decentralized Identifiers and Self-sovereign Identity in 6G

One of the key challenges for mobile network operators in the future wil...

DCert: Find the Leak in Your Pocket

Static data-flow analysis has proven its effectiveness in assessing secu...

On the Insecurities of Mobile D2D File Sharing Applications

With more than 1.3 Billion in the cumulative number of downloads reporte...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.