Sea of Lights: Practical Device-to-Device Security Bootstrapping in the Dark

TL;DR

Sea of Lights (SoL) is a lightweight, device-to-device security bootstrapping scheme designed for operation in the absence of centralized services, enhancing security and trust in mobile networks during disasters or censorship.

Contribution

We introduce SoL, a practical scheme enabling secure device-to-device bootstrapping without centralized services, supporting cross-application trust and hardware security modules.

Findings

Successfully implemented SoL on Android devices.

Demonstrated feasibility through real device testing.

Evaluated performance via simulation showing efficiency.

Abstract

Practical solutions to bootstrap security in today's information and communication systems critically depend on centralized services for authentication as well as key and trust management. This is particularly true for mobile users. Identity providers such as Google or Facebook have active user bases of two billion each, and the subscriber number of mobile operators exceeds five billion unique users as of early 2018. If these centralized services go completely `dark' due to natural or man made disasters, large scale blackouts, or country-wide censorship, the users are left without practical solutions to bootstrap security on their mobile devices. Existing distributed solutions, for instance, the so-called web-of-trust are not sufficiently lightweight. Furthermore, they support neither cross-application on mobile devices nor strong protection of key material using hardware security modules. We propose Sea of Lights(SoL), a practical lightweight scheme for bootstrapping device-to-device security wirelessly, thus, enabling secure distributed self-organized networks. It is tailored to operate `in the dark' and provides strong protection of key material as well as an intuitive means to build a lightweight web-of-trust. SoL is particularly well suited for local or urban operation in scenarios such as the coordination of emergency response, where it helps containing/limiting the spreading of misinformation. As a proof of concept, we implement SoL in the Android platform and hence test its feasibility on real mobile devices. We further evaluate its key performance aspects using simulation.