Yuxiang Lin,Yi Gao,Bingji Li,Wei Dong

DOI: https://doi.org/10.1145/3536423

2022-01-01

ACM Transactions on Sensor Networks

Abstract:The broadcast nature of wireless media makes WLANs easily attacked by rogue Access Points (APs) . Rogue AP attacks can potentially cause severe privacy leakage and financial loss. Hardware fingerprinting is the state-of-the-art technology to detect rogue APs since an attacker would find it difficult to set up a rogue AP with specific hardware fingerprints. However, existing hardware fingerprints not only depend on the AP but also depend on the client, significantly limiting their application scenarios. In this work, we investigate two novel client-agnostic fingerprints, which can be extracted using commercial off-the-shelf WiFi devices, to detect rogue APs. One is the power amplifier non-linearity fingerprint and the other is the frame interval distribution fingerprint . These two fingerprints remain consistent over time and space for the same AP but vary across different APs even with the same brand, model, and firmware. We use the fingerprint similarity between the candidate AP and the authorized AP for device authentication in typical indoor environments. We have also proposed a threshold-improved authentication scheme to improve the robustness of our system in dynamic environments. Our schemes can be implemented without modifying the infrastructural APs and can work well with new clients without rebuilding the fingerprint database. We evaluate our scheme in both in-lab and field scenarios, by analyzing 18 million WiFi packets. Results show that our scheme achieves an overall 96.55% positive detection rate and a 4.31% false alarm rate. Moreover, the threshold-improved authentication scheme can further reduce the false alarm rate by 13.0%-44.8% for dynamic environments.

Yuxiang Lin,Yi Gao,Bingji Li,Wei Dong

DOI: https://doi.org/10.1109/percom45495.2020.9127375

2020-01-01

Abstract:The broadcast nature of wireless medium makes WLANs easily be attacked by rogue Access Points (APs). Rogue AP attacks can potentially cause severe privacy leakage and financial lost. Hardware fingerprinting is the state-of-the-art technology to detect rogue APs, since an attacker would find it difficult to set up a rogue AP with specific hardware fingerprints. However, existing hardware fingerprints not only depend on the AP, but also depend on the client, significantly limiting their applicable scenarios. In this work, we investigate two novel client-agnostic fingerprints, which can be extracted using commercial off-the-shelf WiFi devices, to detect rogue APs. One is the power amplifier non-linearity fingerprint and the other is the frame interval distribution fingerprint. These two fingerprints remain consistent over time and space for the same AP but vary across different APs even with the same brand, model and firmware. We use the fingerprint similarity between the candidate AP and the authorized AP for device authentication. Our scheme can be implemented without modifying the infrastructural APs and can work well with new clients without rebuilding the fingerprint database. We evaluate our scheme in both in-lab and field scenarios, by analyzing 12 million WiFi packets. Results shows that our scheme achieves an overall 96.55% positive detection rate and a 4.31% false alarm rate.

Ping Dong,Namin Hou,Yuting Tang,Yushi Cheng,Xiaoyu Ji

DOI: https://doi.org/10.1016/j.hcc.2024.100222

2024-01-01

High-Confidence Computing

Abstract:The development of wireless communication network technology has provided people with diversified and convenient services. However, with the expansion of network scale and the increase in the number of devices, malicious attacks on wireless communication are becoming increasingly prevalent, causing significant losses. Currently, wireless communication systems authenticate identities through certain data identifiers. However, this software-based data information can be forged or replicated. This article proposes the authentication of device identity using the hardware fingerprint of the terminal’s Radio Frequency (RF) components, which possesses properties of being genuine, unique, and stable, holding significant implications for wireless communication security. Through the collection and processing of raw data, extraction of various features including time-domain and frequency-domain features, and utilizing machine learning algorithms for training and constructing a legal fingerprint database, it is possible to achieve close to a 97% recognition accuracy for Fifth Generation (5G) terminals of the same model. This provides an additional and robust hardware-based security layer for 5G communication security, enhancing monitoring capability and reliability.

Namin Hou,Yushi Cheng,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ICCCS61882.2024.10603286

2024-01-01

Abstract:The advancement of Fifth-Generation (5G) technology has greatly enriched individuals' access to a broad array of convenient services, offering significant benefits in mobile communications, autonomous driving, smart homes, and the Internet of Things. However, with the increase in the number of network access devices, large and frequent data interactions have brought potential security risks to wireless networks, which are related to user privacy security, traffic safety, and even social security. Malicious intrusions targeting wireless communications have resulted in significant disruptions and incurred substantial losses. Presently, user identities in wireless communications rely on software-based data identifiers, which can be forged easily. This paper proposes a hardware-level device authentication mechanism that uses the intrinsic hardware characteristics of the transmitter (shown as impairments in the radio signal of the transmission link) for identity authentication. The resulting fingerprint is naturally distinctive and highly resistant to counterfeiting attempts. We use 5 devices across different models and 10 devices of the same model for experimental evaluation. Then we apply machine learning algorithms to construct a fingerprint database and device authentication, achieving an average of 82.4% precision, 89.9% recall, and 85.9% F1-score, which can help to safeguard the security of 5G communication.

Hongbo Liu,Yan Wang,Jian Liu,Jie Yang,Yingying Chen

DOI: https://doi.org/10.1145/2590296.2590321

2014-06-04

Abstract:User authentication is the critical first step to detect identity-based attacks and prevent subsequent malicious attacks. However, the increasingly dynamic mobile environments make it harder to always apply the cryptographic-based methods for user authentication due to their infrastructural and key management overhead. Exploiting non-cryptographic based techniques grounded on physical layer properties to perform user authentication appears promising. In this work, we explore to use channel state information (CSI), which is available from off-the-shelf WiFi devices, to conduct fine-grained user authentication. We propose an user-authentication framework that has the capability to build the user profile resilient to the presence of the spoofer. Our machine learning based user-authentication techniques can distinguish two users even when they possess similar signal fingerprints and detect the existence of the spoofer. Our experiments in both office building and apartment environments show that our framework can filter out the signal outliers and achieve higher authentication accuracy compared with existing approaches using received signal strength (RSS).

Yubo Song,Bing Chen,Tianqi Wu,Tianyu Zheng,Hongyuan Chen,Junbo Wang

DOI: https://doi.org/10.1155/2021/2993019

2021-11-17

Wireless Communications and Mobile Computing

Abstract:Wi-Fi device authentication is crucial for defending against impersonation attacks and information forgery attacks. Most of the existing authentication technologies rely on complex cryptographic algorithms. However, they cannot be supported well on the devices with limited hardware resources. A fine-grained device authentication technology based on channel state information (CSI) provides a noncryptographic method, which uses the CSI fingerprints for authentication since CSI can uniquely identify the devices. But long-term authentication based on CSI fingerprints is a challenging work. First, the CSI fingerprints are environment-sensitive, which means that the local authenticator should be updated to adapt to the changing channel state. Second, the local authenticator trained with old CSI fingerprints is outdated when users reconnect to the network after being offline for a long time, thus, it needs to be retrained in the access phase with new fingerprints. To tackle these challenges, we propose a CSI-based enhancing Wi-Fi device authentication protocol and an authentication framework. The protocol helps to collect new CSI fingerprints for authenticator’s training in access phase and performs the fingerprints’ dispersion analysis for authentication. In the association phase, it provides packet-level authentication and updates the authenticator with valid CSI fingerprints. The authenticator consists of an ensemble of small-scale autoencoders, which has high enough time efficiency for packet-level authentication and authenticator’s update. Experiments show that the accuracy of the framework is up to 98.7%, and the authenticator updating method can help the framework maintains high accuracy.

computer science, information systems,telecommunications,engineering, electrical & electronic

Hongbo Liu,Yan Wang,Jian Liu,Jie Yang,Yingying Chen,H. Vincent Poor

DOI: https://doi.org/10.1109/tmc.2017.2718540

IF: 6.075

2018-01-01

IEEE Transactions on Mobile Computing

Abstract:User authentication is the critical first step in detecting identity-based attacks and preventing subsequent malicious attacks. However, the increasingly dynamic mobile environments make it harder to always apply cryptographic-based methods for user authentication due to their infrastructural and key management overhead. Exploiting non-cryptographic based techniques grounded on physical layer properties to performuser authentication appears promising. In this work, the use of channel state information (CSI), which is available from off-the-shelf WiFi devices, to performfine-grained user authentication is explored. Particularly, a user-authentication framework that can work with both stationary and mobile users is proposed. When the user is stationary, the proposed framework builds a user profile for user authentication that is resilient to the presence of a spoofer. The proposed machine learning based user-authentication techniques can distinguish between two users even when they possess similar signal fingerprints and detect the existence of a spoofer. When the user is mobile, it is proposed to detect the presence of a spoofer by examining the temporal correlation of CSI measurements. Both office building and apartment environments show that the proposed framework can filter out signal outliers and achieve higher authentication accuracy compared with existing approaches using received signal strength (RSS).

Abdulsahib Albehadili,Ahmad Y Javaid

DOI: https://doi.org/10.3390/s24175670

2024-08-31

Abstract:The authentication of wireless devices through physical layer attributes has attracted a fair amount of attention recently. Recent work in this area has examined various features extracted from the wireless signal to either identify a uniqueness in the channel between the transmitter-receiver pair or more robustly identify certain transmitter behaviors unique to certain devices originating from imperfect hardware manufacturing processes. In particular, the carrier frequency offset (CFO), induced due to the local oscillator mismatch between the transmitter and receiver pair, has exhibited good detection capabilities in stationary and low-mobility transmission scenarios. It is still unclear, however, how the CFO detection capability would hold up in more dynamic time-varying channels where there is a higher mobility. This paper experimentally demonstrates the identification accuracy of CFO for wireless devices in time-varying channels. To this end, a software-defined radio (SDR) testbed is deployed to collect CFO values in real environments, where real transmission and reception are conducted in a vehicular setup. The collected CFO values are used to train machine-learning (ML) classifiers to be used for device identification. While CFO exhibits good detection performance (97% accuracy) for low-mobility scenarios, it is found that higher mobility (35 miles/h) degrades (72% accuracy) the effectiveness of CFO in distinguishing between legitimate and non-legitimate transmitters. This is due to the impact of the time-varying channel on the quality of the exchanged pilot signals used for CFO detection at the receivers.

Zhiping Jiang,Jizhong Zhao,Xiang-Yang Li,Jinsong Han,Wei Xi

DOI: https://doi.org/10.1109/INFCOM.2013.6567061

2013-01-01

Abstract:Comparing to well protected data frames, Wi-Fi management frames (MFs) are extremely vulnerable to various attacks. Since MFs are transmitted without encryption or authentication, attackers can easily launch various attacks by forging the MFs. In a collaborative environment with many Wi-Fi sniffers, such attacks can be easily detected by sensing the anomaly RSS changes. However, it is quite difficult to identify these spoofing attacks without assistance from other nodes. By exploiting some unique characteristics (e.g., rapid spatial decorrelation, independence of Txpower, and much richer dimensions) of 802.11n Channel State Information (CSI), we design and implement CSITE, a prototype system to authenticate the Wi-Fi management frames on PHY layer merely by one station. Our system CSITE, built upon off-the-shelf hardware, achieves precise spoofing detection without collaboration and in-advance fingerprint. Several novel techniques are designed to address the challenges caused by user mobility and channel dynamics. To verify the performances of our solution, we conduct extensive evaluations in various scenarios. Our test results show that our design significantly outperforms the RSS-based method. We observe about 8 times improvement by CSITE over RSS-based method on the falsely accepted attacking frames.

Ruiqi Kong,He Chen

2023-08-01

Abstract:This paper presents a new radiometric fingerprint that is revealed by micro-signals in the channel state information (CSI) curves extracted from commodity Wi-Fi devices. We refer to this new fingerprint as "micro-CSI". Our experiments show that micro-CSI is likely to be caused by imperfections in the radio-frequency circuitry and is present in Wi-Fi 4/5/6 network interface cards (NICs). We conducted further experiments to determine the most effective CSI collection configuration to stabilize micro-CSI. To extract micro-CSI from varying CSI curves, we developed a signal space-based extraction algorithm that effectively separates distortions caused by wireless channels and hardware imperfections under line-of-sight (LoS) scenarios. Finally, we implemented a micro-CSI-based device authentication algorithm that uses the k-Nearest Neighbors (KNN) method to identify 11 COTS Wi-Fi NICs from the same manufacturer in typical indoor environments. Our experimental results demonstrate that the micro-CSI-based authentication algorithm can achieve an average attack detection rate of over 99% with a false alarm rate of 0%.

Signal Processing,Cryptography and Security

Chengchen Zhu,Kunling Li,Jianan Hong,Cunqing Hua,Futai Zou

DOI: https://doi.org/10.1109/icc51166.2024.10622361

2024-01-01

Abstract:The technology development of wireless communication has brought about the rapid growth of various wireless devices, but also brings in many security threats. This paper focuses on the security and privacy problems in wireless authentication and proposes a novel authentication scheme based on the design of reusable fuzzy extractor (RFE) for device's radio frequency (RF) fingerprinting. Firstly, unlike the traditional authentication protocol, our scheme can accomplish the mutual authentication without the storage of long-term secret key, thus tackles with the key-compromise threats. Furthermore, although the scheme authenticates devices based on their RF fingerprint, it does not store RF fingerprinting information explicitly to safeguard it from eavesdroppers who may use it to impersonate the identity of valid users. Finally, our designed protocol relies on the correspondent peer to measure the fingerprint, rather than the device itself, thus is more secure against various adversaries. The security analysis shows the resiliency against theft of secret keys, wireless channel attacks and privacy disclosure. And the performance evaluation demonstrates that the design of RFE for device's RF fingernrinting is efficient in terms of recognition accuracy.

Ning Wang,Weiwei Li,Long Jiao,Amir Alipour-Fanid,Tao Xiang,Kai Zeng

DOI: https://doi.org/10.1109/jiot.2021.3119319

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Physical-layer fingerprinting is a promising technique to identify Internet of Things (IoT) devices. In this article, we investigate a new radio-frequency (RF) fingerprinting based on the distinctive signal-to-noise-ratio (SNR) trace in the sector-level sweep (SLS) procedure of 5G IEEE 802.11ad devices. This SLS SNR trace-based fingerprinting can directly apply to off-the-shelf devices without any extra hardware requirements and be independent of the wireless channel and environment. To tackle the impact of orientation on the RF fingerprinting, we propose a novel fingerprinting framework, involving correlation analysis, surface fitting, curve pursuing, and binary classification, named the CSCB framework. Using this framework, the proposed SLS SNR trace-based fingerprinting can achieve device authentication at any orientation with one receiver under line-of-sight (LOS) or non-LOS (NLOS) scenarios. We conduct proof-of-concept experiments using off-the-shelf IEEE 802.11ad devices (Talon AD7200 and MG360 WiGig) to evaluate the performance of the proposed fingerprinting schemes. Experimental results show the effectiveness of the proposed fingerprinting schemes where the verification accuracy of the proposed scheme can reach 99% with only 200 training samples.

computer science, information systems,telecommunications,engineering, electrical & electronic

Rahel Abayneh,Mutala Muhammed,Renhui Huang,Zhi Chai,Yilin Qiu,Jiawei Ren,Xuelin Yang

DOI: https://doi.org/10.21203/rs.3.rs-4272697/v1

2024-01-01

Abstract:Abstract Radio frequency fingerprint (RFF) is applied for physical-layer authentication and transmitter identification in wireless communications. However, the characteristics of the wireless channel dramatically distorts RFF, and affects the identification accuracy. In this paper, we propose the channel-independent extraction of RFFs. Initially, the signal is represented using the Wigner-Ville Distribution (WVD). Subsequently, to mitigate channel distortions and isolate device-specific features, we perform division across adjacent columnar values. The linear discriminant analysis (LDA) is then applied to condense the RFF features, creating distinct device representations. Finally, the device identification is conducted using K-nearest neighbours (KNN). The proposed scheme is experimentally demonstrated using 10 wireless network interface controllers (WNICs), where an excellent unauthorized device recognition accuracy of 98.59% is achieved, with a false alarm rate of 1.23% and a miss alarm rate of 0.24%. Notably, the high recognition accuracy can be mainly attributed to the channel-independent RFF extraction using WVD, which provides an effective solution to enhance physical-layer security in wireless communications, even for dynamic channel environments.

Pengfei Liu,Panlong Yang,Wen-Zhan Song,Yubo Yan,Xiang-Yang Li

DOI: https://doi.org/10.1109/infocom.2019.8737455

2019-01-01

Abstract:WiFi has become a pervasive communication medium in connecting various devices of WLAN and IoT. However, WiFi connections are vulnerable to the impersonation attack from rogue access points (AP) or devices, whose SSID and/or MAC/IP address are identical to the legitimate devices. This kind of attack is difficult to countermeasure with traditional network security mechanisms. In this paper, we present a novel security mechanism to detect and identify rogue WiFi devices or AP using environment-independent characteristics extracted from channel state information (CSI), and refuse their connections. We find that nonlinear phase errors of different subcarriers change with WiFi network interface cards (NIC), due to the I/Q imbalance and imperfect oscillator of each WiFi NIC. Validated by our experiments, this phase feature across subcarriers is consistent and invariant to location and external environment, and can be extracted to build an essential signature of the NIC itself. Such signature of the transmitter can be calculated in real-time by the receiver and cannot be forged by rogue devices. Extensive experiments with dozens of WiFi devices demonstrate that the proposed mechanism can reliably detect the rogue WiFi connections and prevent impersonation in various scenarios. The speed of identification is 8$\times$ faster than that of the state-of-the-art solution. Moreover, the accuracy of rogue connection detection is up to 96% and false alarm rate is shown below 2%.

Ruiqi Kong,He Chen

DOI: https://doi.org/10.1109/tifs.2024.3396375

IF: 7.231

2024-05-14

IEEE Transactions on Information Forensics and Security

Abstract:This paper introduces CSI-RFF, a new framework that leverages micro-signals embedded within Channel State Information (CSI) curves to realize Radio-Frequency Fingerprinting of commodity off-the-shelf (COTS) WiFi devices for open-set authentication. The micro-signals that serve as RF fingerprints are termed "micro-CSI". Through experimentation, we have found that the presence of micro-CSI can primarily be attributed to imperfections in the RF circuitry. Furthermore, this characteristic signal is detectable in WiFi 4/5/6 network interface cards (NICs). We have conducted further experiments to determine the most effective CSI collection configurations to stabilize micro-CSI. Yet, extracting micro-CSI for authentication purposes poses a significant challenge. This complexity arises from the fact that CSI measurements inherently include both micro-CSI and the distortions introduced by wireless channels. These two elements are intricately intertwined, making their separation non-trivial. To tackle this challenge, we have developed a signal space-based extraction technique for line-of-sight (LoS) scenarios, which can effectively separate the distortions caused by wireless channels and micro-CSI. Over the course of our comprehensive CSI data collection period extending beyond one year, we found that the extracted micro-CSI displays unique characteristics specific to each WiFi device and remains invariant over time. This establishes micro-CSI as a suitable candidate for device fingerprinting. Finally, we conduct a case study focusing on area access control for mobile robots. In particular, we applied our CSI-RFF framework to identify mobile robots operating in real-world indoor LoS environments based on their transmitted WiFi signals. To accomplish this, we have compared and employed anomaly detection algorithms for the authentication of 15 COTS WiFi 4/5/6 NICs that were carried by a mobile robot under both static and mobile conditions, maintaining an average signal-to-noise ratio (SNR) of 34 dB. Our experimental results demonstrate that the micro-CSI-based authentication algorithm can achieve an average attack detection rate close to 99% with a false alarm rate of 0% in both static and mobile conditions when using 20 CSI measurements to construct one fingerprint.

computer science, theory & methods,engineering, electrical & electronic

Bing Chen,Yubo Song,Zhenchao Zhu,Shang Gao,Junbo Wang,Aiqun Hu

DOI: https://doi.org/10.1109/dsn-w52860.2021.00024

2021-01-01

Abstract:Non-cryptographic mobile wireless device authentication based on channel signature has aroused extensive attention. This technology uses the mobile device’s physical characteristics to mark and verify its identity, and can be used to detect impersonation attacks and information forgery attacks. Channel State Information (CSI) has been used to generate fine-grained channel signatures. However, there are two sticking points in using CSI-based signature for authentication in association phase. The first is that the channel state will change as the device moves, which means that the local authenticator should be updated in real time to adapts to the latest channel state. The second is that the time complexity of authentication should be small enough to do packet-level authentication in association phase and detect attackers in time. In this paper, we propose a CSI-based authentication scheme, which can authenticate mobile devices at the packet level. Further, we provide an packet-level authentication framework based on neural networks. It uses a simple real-time authenticator update method to keep the authenticator valid. What’s more, an ensemble of small-scale autoencoders are used to build the authenticator. It has been shown to significantly reduce the authentication’s time complexity while maintaining the accuracy, providing the possibility for packet-level authentication. The evaluation shows that the packet-level framework can authenticate legitimate mobile devices with 95.19% accuracy and filter out attackers with even greater accuracy, which has higher time efficiency than traditional large-scale neural networks.

Dawei Yan,Yubo Yan,Panlong Yang,Wen-Zhan Song,Xiang-Yang Li,Pengfei Liu

DOI: https://doi.org/10.1109/jiot.2022.3223682

IF: 10.6

2023-03-25

IEEE Internet of Things Journal

Abstract:WiFi connections are vulnerable to simulated attacks from rogue access points (AP) or devices whose SSID and/or MAC/IP address are the same as legitimate devices. This kind of attack is difficult to counter with traditional network security mechanisms. In this paper, we propose a new security mechanism that uses environment-independent features extracted from channel state information (CSI) to detect and identify rogue WiFi devices or APs, and reject their connections. We find that due to the I/Q imbalance and imperfect oscillator of each WiFi network card (NIC), the nonlinear phase error of different subcarriers will vary with the NIC. Through our experimental verification, this cross-subcarrier phase feature is invariant to the location and the environment. We deploy systems on two platforms that can extract constant phase errors from the constantly changing CSI in less than one second, which is at least 8× faster than that of the state-of-the-art solution. Extensive experiments on commercial routers and end devices in different scenarios show that based on the Industral Platform Computer (IPC) platform, where only non-encrypted rogue connections can be detected, the detection accuracy rate reaches 96%, and the false alarm rate is less than 2%. Based on the ASUS router platform (a commercial WiFi router), WiFi channels and smart device types are not restricted, which greatly improved universality, and the accuracy of device connection detection can even reach more than 99%. We improve a device-type identification method based on the communication traffic features of the device when connected to WiFi. Experiments show that even if there are multiple similar devices from the same manufacturer, the accuracy of device type detection exceeds 99%.

computer science, information systems,telecommunications,engineering, electrical & electronic

Shuyu Shi,Stephan Sigg,Yusheng Ji

DOI: https://doi.org/10.1109/VTCSpring.2016.7504431

2016-01-01

Abstract:Given the ubiquitous distribution of electronic devices equipped with a radio frequency (RF) interface, researchers have shown great interest in analyzing signal fluctuation on this interface for environmental perception. A popular example is the enabling of indoor localization with RF signals. As an alternative to active device-based positioning, device-free passive (DfP) indoor localization has the advantage that the sensed individuals do not require to carry RF sensors. We propose a probabilistic fingerprinting-based technique for DfP indoor localization. Our system adopts CSI readings derived from off-the-shelf WiFi 802.11n wireless cards which can provide fine-grained subchannel measurements in the context of MIMO-OFDM PHY layer parameters. This complex channel information enables accurate localization of non-equipped individuals. Our scheme further boosts the localization efficiency by using principal component analysis (PCA) to identify the most relevant feature vectors. The experimental results demonstrate that our system can achieve an accuracy of over 92% and an error distance smaller than 0.5m. We also investigate the effect of other parameters on the performance of our system, including packet transmission rate, the number of links as well as the number of principle components.

Junjie Wang,Yong Huang,Feiyang Zhao,Wenjing Wang,Dalong Zhang,Wei Wang

2024-08-13

Abstract:Identity authentication is crucial for ensuring the information security of wireless communication. Radio frequency (RF) fingerprinting techniques provide a prom-ising supplement to cryptography-based authentication approaches but rely on dedicated equipment to capture in-phase and quadrature (IQ) samples, hindering their wide adoption. Recent advances advocate easily obtainable channel state in-formation (CSI) by commercial WiFi devices for lightweight RF fingerprinting, but they mainly focus on eliminating channel interference and cannot address the challenges of coarse granularity and information loss of CSI measurements. To overcome these challenges, we propose CSI2Q, a novel CSI fingerprinting sys-tem that achieves comparable performance to IQ-based approaches. Instead of ex-tracting fingerprints directly from raw CSI measurements, CSI2Q first transforms them into time-domain signals that share the same feature space with IQ samples. Then, the distinct advantages of an IQ fingerprinting model in feature extraction are transferred to its CSI counterpart via an auxiliary training strategy. Finally, the trained CSI fingerprinting model is used to decide which device the sample under test comes from. We evaluate CSI2Q on both synthetic and real CSI datasets. On the synthetic dataset, our system can improve the recognition accuracy from 76% to 91%. On the real dataset, CSI2Q boosts the accuracy from 67% to 82%.

Cryptography and Security

Xiuyuan Zheng,Chen Wang,Yingying Chen,Jie Yang

DOI: https://doi.org/10.1109/cns.2014.6997488

2014-01-01

Abstract:Rogue access point (AP) has emerged as an important security problem in WLANs. However, it is a challenge task to localize the rogue AP with both high accuracy and minimal infrastructure cost. Either expensive professional infrastructure (e.g., multiple wireless sniffers) or additional hardware (e.g., directional antenna) need to be pre-deployed for rogue AP localization with high cost. Moreover, existing methods using Received Signal Strength (RSS) result in large error as RSS is suffered from the multipath and shadowing effects in complex wireless environment. In this work, we exploit the channel state information (CSI), which is readily available from commercial Wi-Fi devices, to locate the rogue AP with high accuracy. We use only a single off-the-shelf Wi-Fi device for rogue AP localization which involves minimal infrastructure requirement. Our proposed rogue AP localization framework consists of two components: direction determination and position estimation. By characterizing time domain CSI amplitude, we develop direction determination approach to estimate the direction of the rogue AP at the Wi-Fi device. We further propose two schemes to estimate position of the rogue AP: directions determined at multiple locations grounded on triangulation, or walking towards the rogue AP with direction adjustment. Results from extensive experiments in both indoor and outdoor environments show that our framework can achieve more practical and accurate rogue AP localization when comparing with existing RSS-based approach.