ABSTRACT
User authentication is the critical first step to detect identity-based attacks and prevent subsequent malicious attacks. However, the increasingly dynamic mobile environments make it harder to always apply the cryptographic-based methods for user authentication due to their infrastructural and key management overhead. Exploiting non-cryptographic based techniques grounded on physical layer properties to perform user authentication appears promising. In this work, we explore to use channel state information (CSI), which is available from off-the-shelf WiFi devices, to conduct fine-grained user authentication. We propose an user-authentication framework that has the capability to build the user profile resilient to the presence of the spoofer. Our machine learning based user-authentication techniques can distinguish two users even when they possess similar signal fingerprints and detect the existence of the spoofer. Our experiments in both office building and apartment environments show that our framework can filter out the signal outliers and achieve higher authentication accuracy compared with existing approaches using received signal strength (RSS).
- IEEE Std. 802.11n-2009: Enhancements for higher throughput, 2009. Available at http://www.ieee802.org.Google Scholar
- B. Azimi-Sadjadi, A. Kiayias, A. Mercado, and B. Yener. Robust key generation from signal envelopes in wireless networks. In Proceedings of the 14th ACM conference on Computer and communications security, pages 401--410, 2007. Google ScholarDigital Library
- V. Brik, S. Banerjee, M. Gruteser, and S. Oh. Wireless device identification with radiometric signatures. In Proceedings of the 14th ACM international conference on Mobile computing and networking, pages 116--127, 2008. Google ScholarDigital Library
- G. Chandrasekaran, M.A. Ergin, M. Gruteser, R.P. Martin, J. Yang, and Y. Chen. Decode: Exploiting shadow fading to detect comoving wireless devices. IEEE Transactions on Mobile Computing, 8(12):1663--1675, 2009. Google ScholarDigital Library
- O. Cheikhrouhou, A. Koubaa, M. Boujelben, and M. Abid. A lightweight user authentication scheme for wireless sensor networks. InIEEE/ACS International Conference on Computer Systems and Applications (AICCSA), pages 1--7, 2010. Google ScholarDigital Library
- Y. Chen, J. Yang, W. Trappe, and R. P. Martin. Detecting and localizing identity-based attacks in wireless and sensor networks.IEEE Transactions on Vehicular Technology, 59(5):2418--2434, 2010.Google ScholarCross Ref
- O. Delgado-Mohatar, A. Fazster-Sabater, and J. M. Sierra. A light-weight authentication scheme for wireless sensor networks.Ad Hoc Networks, 9(5):727--735, 2011. Google ScholarDigital Library
- S. Govindarajan, P. Gasti, and K. S. Balagani. Secure privacy-preserving protocols for outsourcing continuous authentication of smartphone users with touch data.IEEE Transactions on Information Forensics and Security, 8(1):136--148, 2013.Google Scholar
- F. Guo and T.-c. Chiueh. Sequence number-based mac address spoof detection. InRecent Advances in Intrusion Detection, pages 309--329, 2006. Google ScholarDigital Library
- D. Halperin, W. Hu, A. Sheth, and D. Wetherall. Predictable 802.11 packet delivery from wireless channel measurements. InACM SIGCOMM Computer Communication Review, volume 40, pages 159--170, 2010. Google ScholarDigital Library
- D. Halperin, W. Hu, A. Sheth, and D. Wetherall. Predictable 802.11 packet delivery from wireless channel measurements. InACM SIGCOMM Computer Communication Review, volume 40, pages 159--170, 2010. Google ScholarDigital Library
- T. Hastie, R. Tibshirani, and J. Friedman. The Elements of Statistical Learning, Data Mining Inference, and Prediction. Springer, 2001.Google Scholar
- S. Jana and S. K. Kasera. On fast and accurate detection of unauthorized wireless access points using clock skews.IEEE Transactions on Mobile Computing, 9(3):449--462, 2010. Google ScholarDigital Library
- Z. Jiang, J. Zhao, X.-Y. Li, J. Han, and W. Xi. Rejecting the attack: Source authentication for wi-fi management frames using csi information. In Proceedings of the IEEE International Conference on Computer Communications (INFOCOM), May 2013.Google ScholarCross Ref
- A. Kalamandeen, A. Scannell, E. de Lara, A. Sheth, and A. LaMarca. Ensemble: cooperative proximity-based authentication. InProceedings of the 8th international conference on Mobile systems, applications, and services, pages 331--344, 2010. Google ScholarDigital Library
- T. Karygiannis and L. Owens. Wireless network security.NIST special publication, 800:48, 2002.Google Scholar
- K. Kleisouris, B. Firner, R. Howard, Y. Zhang, and R. P. Martin. Detecting intra-room mobility with signal strength descriptors. InThe ACM International Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc), pages 71--80, 2010. Google ScholarDigital Library
- T. Kohno, A. Broido, and K. C. Claffy. Remote physical device fingerprinting.IEEE Transactions on Dependable and Secure Computing, 2(2):93--108, 2005. Google ScholarDigital Library
- J. Krumm and E. Horvitz. Locadio: Inferring motion and location from wi-fi signal strengths. In MobiQuitous, pages 4--13, 2004.Google Scholar
- L. Li, X. Zhao, and G. Xue. Unobservable re-authentication for smartphones. In Proceedings of the Network and Distributed System Security Symposium (NDSS), February 2013.Google Scholar
- S. Mathur, R. Miller, A. Varshavsky, W. Trappe, and N. Mandayam. Proximate: proximity-based secure pairing using ambient wireless signals. InProceedings of the 9th international conference on Mobile systems, applications, and services, pages 211--224, 2011. Google ScholarDigital Library
- S. Mathur, W. Trappe, N. Mandayam, C. Ye, and A. Reznik. Radio-telepathy: extracting a secret key from an unauthenticated wireless channel. In Proceedings of the 14th ACM international conference on Mobile computing and networking, pages 128--139, 2008. Google ScholarDigital Library
- N. T. Nguyen, G. Zheng, Z. Han, and R. Zheng. Device fingerprinting to enhance wireless security using nonparametric bayesian method. In Proceedings of the IEEE International Conference on Computer Communications (INFOCOM), pages 1404--1412, 2011.Google ScholarCross Ref
- L. O'Gorman. Comparing passwords, tokens, and biometrics for user authentication. Proceedings of the IEEE, 91(12):2021--2040, 2003.Google ScholarCross Ref
- J. Pang, B. Greenstein, R. Gummadi, S. Seshan, and D. Wetherall. 802.11 user fingerprinting. In Proceedings of the 13th annual ACM international conference on Mobile computing and networking, pages 99--110, 2007. Google ScholarDigital Library
- D. Shan, K. Zeng, W. Xiang, P. Richardson, and Y. Dong. Phy-cram: Physical layer challenge-response authentication mechanism for wireless networks.IEEE Journal on Selected Areas in Communications, 31(9):1817--1827, 2013.Google ScholarCross Ref
- A. Wool. Lightweight key management for ieee 802.11 wireless lans with key refresh and host revocation. ACM/Springer Wireless Networks, 11(6):677--686, 2005. Google ScholarDigital Library
- B. Wu, J. Wu, E. Fernandez, and S. Magliveras. Secure and efficient key management in mobile ad hoc networks. InProceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS), 2005. Google ScholarDigital Library
- J. Yang, Y. Chen, and W. Trappe. Detecting spoofing attacks in mobile wireless environments. In6th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks, pages 1--9, 2009. Google ScholarDigital Library
- J. Yang, Y. Chen, W. Trappe, and J. Cheng. Detection and localization of multiple spoofing attackers in wireless networks.IEEE Transactions on Parallel and Distributed Systems, 24(1):44--58, 2013. Google ScholarDigital Library
- K. Zeng, K. Govindan, and P. Mohapatra. Non-cryptographic authentication and identification in wireless networks.Wireless Communications, 17(5):56--62, 2010. Google ScholarDigital Library
- K. Zeng, K. Govindan, D. Wu, and P. Mohapatra. Identity-based attack detection in mobile wireless networks. InProceedings of the IEEE International Conference on Computer Communications.Google Scholar
Index Terms
- Practical user authentication leveraging channel state information (CSI)
Recommendations
Enhancing Packet-Level Wi-Fi Device Authentication Protocol Leveraging Channel State Information
Wi-Fi device authentication is crucial for defending against impersonation attacks and information forgery attacks. Most of the existing authentication technologies rely on complex cryptographic algorithms. However, they cannot be supported well on the ...
A Secure User Anonymity-Preserving Three-Factor Remote User Authentication Scheme for the Telecare Medicine Information Systems
Recent advanced technology enables the telecare medicine information system (TMIS) for the patients to gain the health monitoring facility at home and also to access medical services over the Internet of mobile networks. Several remote user ...
Practical Anonymous Password Authentication and TLS with Anonymous Client Authentication
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications SecurityAnonymous authentication allows one to authenticate herself without revealing her identity, and becomes an important technique for constructing privacy-preserving Internet connections. Anonymous password authentication is highly desirable as it enables ...
Comments