Yubo Song,Bing Chen,Tianqi Wu,Tianyu Zheng,Hongyuan Chen,Junbo Wang

DOI: https://doi.org/10.1155/2021/2993019

2021-11-17

Wireless Communications and Mobile Computing

Abstract:Wi-Fi device authentication is crucial for defending against impersonation attacks and information forgery attacks. Most of the existing authentication technologies rely on complex cryptographic algorithms. However, they cannot be supported well on the devices with limited hardware resources. A fine-grained device authentication technology based on channel state information (CSI) provides a noncryptographic method, which uses the CSI fingerprints for authentication since CSI can uniquely identify the devices. But long-term authentication based on CSI fingerprints is a challenging work. First, the CSI fingerprints are environment-sensitive, which means that the local authenticator should be updated to adapt to the changing channel state. Second, the local authenticator trained with old CSI fingerprints is outdated when users reconnect to the network after being offline for a long time, thus, it needs to be retrained in the access phase with new fingerprints. To tackle these challenges, we propose a CSI-based enhancing Wi-Fi device authentication protocol and an authentication framework. The protocol helps to collect new CSI fingerprints for authenticator’s training in access phase and performs the fingerprints’ dispersion analysis for authentication. In the association phase, it provides packet-level authentication and updates the authenticator with valid CSI fingerprints. The authenticator consists of an ensemble of small-scale autoencoders, which has high enough time efficiency for packet-level authentication and authenticator’s update. Experiments show that the accuracy of the framework is up to 98.7%, and the authenticator updating method can help the framework maintains high accuracy.

computer science, information systems,telecommunications,engineering, electrical & electronic

Hongbo Liu,Yan Wang,Jian Liu,Jie Yang,Yingying Chen,H. Vincent Poor

DOI: https://doi.org/10.1109/tmc.2017.2718540

IF: 6.075

2018-01-01

IEEE Transactions on Mobile Computing

Abstract:User authentication is the critical first step in detecting identity-based attacks and preventing subsequent malicious attacks. However, the increasingly dynamic mobile environments make it harder to always apply cryptographic-based methods for user authentication due to their infrastructural and key management overhead. Exploiting non-cryptographic based techniques grounded on physical layer properties to performuser authentication appears promising. In this work, the use of channel state information (CSI), which is available from off-the-shelf WiFi devices, to performfine-grained user authentication is explored. Particularly, a user-authentication framework that can work with both stationary and mobile users is proposed. When the user is stationary, the proposed framework builds a user profile for user authentication that is resilient to the presence of a spoofer. The proposed machine learning based user-authentication techniques can distinguish between two users even when they possess similar signal fingerprints and detect the existence of a spoofer. When the user is mobile, it is proposed to detect the presence of a spoofer by examining the temporal correlation of CSI measurements. Both office building and apartment environments show that the proposed framework can filter out signal outliers and achieve higher authentication accuracy compared with existing approaches using received signal strength (RSS).

Hongbo Liu,Yan Wang,Jian Liu,Jie Yang,Yingying Chen

DOI: https://doi.org/10.1145/2590296.2590321

2014-06-04

Abstract:User authentication is the critical first step to detect identity-based attacks and prevent subsequent malicious attacks. However, the increasingly dynamic mobile environments make it harder to always apply the cryptographic-based methods for user authentication due to their infrastructural and key management overhead. Exploiting non-cryptographic based techniques grounded on physical layer properties to perform user authentication appears promising. In this work, we explore to use channel state information (CSI), which is available from off-the-shelf WiFi devices, to conduct fine-grained user authentication. We propose an user-authentication framework that has the capability to build the user profile resilient to the presence of the spoofer. Our machine learning based user-authentication techniques can distinguish two users even when they possess similar signal fingerprints and detect the existence of the spoofer. Our experiments in both office building and apartment environments show that our framework can filter out the signal outliers and achieve higher authentication accuracy compared with existing approaches using received signal strength (RSS).

Hao Kong,Li Lu,Jiadi Yu,Yingying Chen,Xiangyu Xu,Feilong Tang,Yi-Chao Chen

DOI: https://doi.org/10.1145/3466772.3467032

2021-01-01

Abstract:ABSTRACTWith the increasing integration of humans and the cyber world, user authentication becomes critical to support various emerging application scenarios requiring security guarantees. Existing works utilize Channel State Information (CSI) of WiFi signals to capture single human activities for non-intrusive and device-free user authentication, but multi-user authentication remains a challenging task. In this paper, we present a multi-user authentication system, MultiAuth, which can authenticate multiple users with a single commodity WiFi device. The key idea is to profile multipath components of WiFi signals induced by multiple users, and construct individual CSI from the multipath components to solely characterize each user for user authentication. Specifically, we propose a MUltipath Time-of-Arrival measurement algorithm (MUTA) to profile multipath components of WiFi signals in high resolution. Then, after aggregating and separating the multipath components related to users, MultiAuth constructs individual CSI based on the multipath components to solely characterize each user. To identify users, MultiAuth further extracts user behavior profiles based on the individual CSI of each user through time-frequency analysis, and leverages a dual-task neural network for robust user authentication. Extensive experiments involving 3 simultaneously present users demonstrate that MultiAuth is accurate and reliable for multi-user authentication with 87.6% average accuracy and 8.8% average false accept rate.

Hao Kong,Li Lu,Jiadi Yu,Yingying Chen,Xiangyu Xu,Feng Lyu

DOI: https://doi.org/10.1109/tnet.2023.3237686

2023-01-01

Abstract:User authentication nowadays has become an important support for not only security guarantees but also emerging novel applications. Although WiFi signal-based user authentication has achieved initial success, it works in single-user scenarios while multi-user authentication remains a challenging task. In this paper, we present MultiAuth, a multi-user authentication system that can authenticate multiple users with a single pair of commodity WiFi devices. The basic idea is to profile multipath components of WiFi signals, and leverage the multipath components to characterize each user individually for multi-user authentication. MultiAuth first profiles multipath components of WiFi signals through a proposed MUltipath Time-of-Arrival estimation algorithm (MUTA). Then, after matching corresponding multipath components to each user in complex multi-user scenarios, MultiAuth constructs individual CSI based on the multipath components to characterize each user individually. An AoA-based approach is exploited to further separate individual CSI constructed by the users with same ToA. To identify users through their activities, MultiAuth extracts user behavior profiles based on the individual CSI, and leverages a dual-task neural network for robust user authentication. Extensive experiments involving 3 simultaneously present users demonstrate that MultiAuth is effective in multi-user authentication with 86.2% average accuracy and 9.5% average false accept rate.

Qian Wang,Hang Li,Dou Zhao,Zhi Chen,Shuang Ye,Jiansheng Cai

DOI: https://doi.org/10.1109/access.2019.2938533

IF: 3.9

2019-01-01

IEEE Access

Abstract:From the viewpoint of physical-layer authentication, spoofing attacks can be foiled by checking channel state information (CSI). Existing CSI-based authentication algorithms mostly require a deep knowledge of the channel variation to deliver decent performance. In this paper, we investigate CSI-based authenticators that can spare the effort to predetermine channel properties by utilizing deep neural networks (DNNs). First, we propose a convolutional neural network (CNN)-enabled authenticator that is able to extract the local features in CSI. Next, the recurrent neural network (RNN) is employed to capture the dependencies between different frequencies in CSI. In addition, we propose to use the convolutional recurrent neural network (CRNN)-a combination of the CNN and the RNN-to learn local and contextual information in CSI for user authentication. Finally, experiments based on Universal Software Radio Peripherals (USRPs) are conducted to demonstrate the performance of the proposed methods on real-world channel estimates. According to the experimental results, the proposed DNNs-enabled schemes can significantly outperform the dynamic time warping (DTW) technique and a heuristic Neyman-Pearson (NP) test in the aspects of false alarm and miss detection. Besides, the hybrid of the CNN and the RNN can further promote the authentication accuracy.

Namin Hou,Yushi Cheng,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ICCCS61882.2024.10603286

2024-01-01

Abstract:The advancement of Fifth-Generation (5G) technology has greatly enriched individuals' access to a broad array of convenient services, offering significant benefits in mobile communications, autonomous driving, smart homes, and the Internet of Things. However, with the increase in the number of network access devices, large and frequent data interactions have brought potential security risks to wireless networks, which are related to user privacy security, traffic safety, and even social security. Malicious intrusions targeting wireless communications have resulted in significant disruptions and incurred substantial losses. Presently, user identities in wireless communications rely on software-based data identifiers, which can be forged easily. This paper proposes a hardware-level device authentication mechanism that uses the intrinsic hardware characteristics of the transmitter (shown as impairments in the radio signal of the transmission link) for identity authentication. The resulting fingerprint is naturally distinctive and highly resistant to counterfeiting attempts. We use 5 devices across different models and 10 devices of the same model for experimental evaluation. Then we apply machine learning algorithms to construct a fingerprint database and device authentication, achieving an average of 82.4% precision, 89.9% recall, and 85.9% F1-score, which can help to safeguard the security of 5G communication.

Xiaoyu Ji,Xinyan Zhou,Chen Yan,Jiangyi Deng,Wenyuan Xu

DOI: https://doi.org/10.1109/tmc.2020.3025023

IF: 6.075

2022-01-01

IEEE Transactions on Mobile Computing

Abstract:With the proliferation of mobile devices, face-to-face device-to-device (D2D) communication has been applied to a variety of daily scenarios such as mobile payment and short distance file transfer. In D2D communications, a critical security problem is to verify the device legitimacy when they share no secrets in advance. Previous research proposed device authentication schemes based on pre-built database or exploiting physical properties. However, a remaining challenge is to secure face-to-face D2D communication even in the middle of a crowd, within which an attacker may hide. In this paper, we present NAuth, a nonlinearity-enhanced, location-sensitive authentication mechanism. Especially, we target at the secure authentication within a limited range such as 20 cm, which is typical for face-to-face scenarios. NAuth designs a verification scheme based on the nonlinear distortion of speaker-microphone systems and a location-based validation model. The verification scheme guarantees device authentication consistency by extracting acoustic nonlinearity patterns (ANP) while the validation model ensures device legitimacy by measuring the time difference of arrival (TDOA) at two microphones. We analyze the feasibility and security of NAuth theoretically and evaluate its performance experimentally. Results demonstrate that NAuth can verify the device legitimacy in the presence of nearby attackers.

Monika Roopak,Yachao Ran,Xiaotian Chen,Gui Yun Tian,Simon Parkinson

DOI: https://doi.org/10.1049/wss2.12093

2024-09-11

IET Wireless Sensor Systems

Abstract:Internet of Things (IoT) security concerns, particularly regarding user authentication, are addressed by our proposed Wi‐Fi sensing‐based physical layer authentication. The solution, integrating convolutional neural networks and long short‐term memory networks with raw channel state information data, achieves an impressive 99.97% accuracy, offering effective and portable protection for wireless networks in the IoT landscape. Security problems loom big in the fast‐growing world of Internet of Things (IoT) networks, which is characterised by unprecedented interconnectedness and data‐driven innovation, due to the inherent susceptibility of wireless infrastructure. One of the most pressing concerns is user authentication, which was originally intended to prevent unwanted access to critical information but has since expanded to provide tailored service customisation. We suggest a Wi‐Fi sensing‐based physical layer authentication method for IoT networks to solve this problem. Our proposed method makes use of raw channel state information (CSI) data from Wi‐Fi signals to create a hybrid deep‐learning model that combines convolutional neural networks and long short‐term memory networks. Rigorous testing yields an astonishing 99.97% accuracy rate, demonstrating the effectiveness of our CSI‐based verification. This technology not only strengthens wireless network security but also prioritises efficiency and portability. The findings highlight the practicality of our proposed CSI‐based physical layer authentication, which provides lightweight and precise protection for wireless networks in the IoT.

Yijia Guo,Junqing Zhang,Y. -W. Peter Hong

DOI: https://doi.org/10.1109/globecom54140.2023.10437299

2023-01-01

Abstract:The Internet of Things (IoT) is ubiquitous thanks to the rapid development of wireless technology. However, the broadcast nature of wireless transmission results in great challenges to the security authentication for large-scale IoT. In this paper, we propose a novel physical layer authentication approach for mobile scenarios employing deep learning and channel state information (CSI). Specifically, the convolution neural network (CNN) is designed to learn the temporal and spatial similarity between CSIs and output a score to measure the difference between the input CSIs. Device authentication is achieved by comparing the score to an empirically obtained threshold. We build a WiFi-based testbed and carry out a comprehensive experimental evaluation. The performance of using the CSI magnitude and real & imaginary parts is compared. The effect of the distance between legitimate and rogue devices on authentication performance is studied. The generalization performance of the CNN model in different test scenarios is also evaluated. Experiment results demonstrate the effectiveness of the proposed CNN-based authentication over conventional correlation-based authentication schemes.

Hongbo Liu,Yan Wang,Jian Liu,Yingying Chen

DOI: https://doi.org/10.1007/978-3-030-10597-6_9

2019-01-01

Abstract:User authentication is the critical first step of network security to detect identity-based attacks and prevent subsequent malicious attacks. However, the increasingly dynamic mobile environments make it harder to always apply the cryptographic-based methods for user authentication due to their infrastructural and key management overhead. Exploiting non-cryptographic-based techniques grounded on physical layer properties to perform user authentication appears promising. To ensure the security of mobile devices in dynamic networks, we explore to use fine-grained channel state information (CSI), which is available from off-the-shelf WiFi devices, to perform proactive user authentication. We propose a user-authentication framework that has the capability to proactively request CSI and build the user profile resilient to the presence of the spoofer. Our machine learning based user-authentication techniques can distinguish two users even when they possess similar signal fingerprints and detect the existence of the spoofer in dynamic network environments. Extensive experiments in both office and apartment environments show that our framework can remove the effect of signal outliers and achieve higher authentication accuracy compared to existing approaches that use received signal strength (RSS).

Zhi Li,Yong Lian,Qibin Sun,Chang Chen

DOI: https://doi.org/10.1109/ICME.2006.262446

2006-01-01

Abstract:We propose in this paper a novel content-aware stream-level approach to authenticating multimedia data transmitted over wireless networks. The proposed approach is fundamentally different from conventional authentication methods and offers robust authentication for multimedia data in the presence of channel noise. The scheme is designed in such a way that it facilitates explicit capture and exploitation of channel condition as well as how the multimedia content is packetized and transmitted. The design allows the integration of authentication with the framework of joint source and channel coding (JSCC) to achieve adaptiveness to the content and efficient utilization of limited bandwidth. We have realized the proposed scheme through optimal resource allocation and authentication graph construction. Experiment results demonstrated the effectiveness of this novel approach

Ruiqi Kong,He Chen

2023-08-01

Abstract:This paper presents a new radiometric fingerprint that is revealed by micro-signals in the channel state information (CSI) curves extracted from commodity Wi-Fi devices. We refer to this new fingerprint as "micro-CSI". Our experiments show that micro-CSI is likely to be caused by imperfections in the radio-frequency circuitry and is present in Wi-Fi 4/5/6 network interface cards (NICs). We conducted further experiments to determine the most effective CSI collection configuration to stabilize micro-CSI. To extract micro-CSI from varying CSI curves, we developed a signal space-based extraction algorithm that effectively separates distortions caused by wireless channels and hardware imperfections under line-of-sight (LoS) scenarios. Finally, we implemented a micro-CSI-based device authentication algorithm that uses the k-Nearest Neighbors (KNN) method to identify 11 COTS Wi-Fi NICs from the same manufacturer in typical indoor environments. Our experimental results demonstrate that the micro-CSI-based authentication algorithm can achieve an average attack detection rate of over 99% with a false alarm rate of 0%.

Signal Processing,Cryptography and Security

Qian Wang,Hang Li,Zhi Chen,Dou Zhao,Shuang Ye,Jiansheng Cai

2018-01-01

Abstract:From the viewpoint of physical-layer authentication, spoofing attacks can be foiled by checking channel state information (CSI). Existing CSI-based authentication algorithms mostly require a deep knowledge of the channel to deliver decent performance. In this paper, we investigate CSI-based authenticators that can spare the effort to predetermine channel properties by utilizing deep neural networks (DNNs). We first propose a convolutional neural network (CNN)-enabled authenticator that is able to extract the local features in CSI. Next, we employ the recurrent neural network (RNN) to capture the dependencies between different frequencies in CSI. In addition, we propose to use the convolutional recurrent neural network (CRNN)---a combination of the CNN and the RNN---to learn local and contextual information in CSI for user authentication. To effectively train these DNNs, one needs a large amount of labeled channel records. However, it is often expensive to label large channel observations in the presence of a spoofer. In view of this, we further study a case in which only a small part of the the channel observations are labeled. To handle it, we extend these DNNs-enabled approaches into semi-supervised ones. This extension is based on a semi-supervised learning technique that employs both the labeled and unlabeled data to train a DNN. To be specific, our semi-supervised method begins by generating pseudo labels for the unlabeled channel samples through implementing the K-means algorithm in a semi-supervised manner. Subsequently, both the labeled and pseudo labeled data are exploited to pre-train a DNN, which is then fine-tuned based on the labeled channel records.

Fei Pan,Zhibo Pang,Michele Luvisotto,Xiaolin Jiang,Roger N. Jansson,Ming Xiao,Hong Wen

DOI: https://doi.org/10.1109/IECON.2018.8592783

2018-01-01

Abstract:Physical layer authentication based on channel state information is an effective solution to preventing spoofing attacks in wireless communications by comparing the channel impulse responses. Existing theoretical analyses and experiments have proved the feasibility and efficiency in labs or offices. However, the environment of industrial wireless communication is significantly different. This paper applies physical layer authentication based on channel state information to measurements from four different industrial wireless communication scenarios, including indoor, outdoor, moving, and stationary scenarios. The analysis of the results allows to derive meaningful insights on the applicability of such a method to industrial wireless communications.

Jingyu Hua,Hongyi Sun,Zhenyu Shen,Zhiyun Qian,Sheng Zhong

DOI: https://doi.org/10.1109/INFOCOM.2018.8485917

2018-01-01

Abstract:Due to the loose authentication requirement between access points (APs) and clients, it is notoriously known that WLANs face long-standing threats such as rogue APs and network freeloading. Take the rogue AP problem as an example, unfortunately encryption alone does not provide authentication. APs need to be equipped with certificates that are trusted by clients ahead of time. This requires either the presence of PKI for APs or other forms of pre-established trust (e.g., distributing the certificates offline), none of which is widely used. Before any strong security solution is deployed, we still need a practical solution that can mitigate the problem. In this paper, we explore a non-cryptographic solution that is readily deployable today on end hosts (e.g., smartphones and laptops) without requiring any changes to the APs or the network infrastructure. The solution infers the Carrier Frequency Offsets (CFOs) of wireless devices from Channel State Information (CSI) as their hardware fingerprints without any special hardware requirement. CFO is attributed to the oscillator drift, which is a fundamental physical property that cannot be manipulated easily and remains fairly consistent over time but varies significantly across devices. The real experiments on 23 smartphones and 34 APs (with both identical and different brands) in different scenarios demonstrate that the detection rate could exceed 94%.

Runfa Liao,Hong Wen,Fei Pan,Huanhuan Song,Aidong Xu,Yixin Jiang

DOI: https://doi.org/10.1109/icaica.2019.8873460

2019-01-01

Abstract:This paper investigates the physical layer (PHY-layer) authentication that exploits channel state information (CSI) to enhance multiple-input multiple-output orthogonal frequency division multiplexing (MIMO-OFDM) system security by detecting spoofing attacks in wireless networks. A multi-user authentication system is proposed using convolutional neural networks (CNNs) which also can distinguish spoofers effectively. In addition, the mini batch scheme is used to train the neural networks and accelerate the training speed. Meanwhile, L1 regularization is adopted to prevent over-fitting and improve the authentication accuracy. The convolutional-neural-network-based (CNN-based) approach can authenticate legitimate users and detect attackers by CSIs with higher performances comparing to traditional hypothesis test based methods.

Xiaoying Qiu,Xuan Sun,Monson Hayes

DOI: https://doi.org/10.3390/s21165379

IF: 3.9

2021-08-09

Sensors

Abstract:The performance of classical security authentication models can be severely affected by imperfect channel estimation as well as time-varying communication links. The commonly used approach of statistical decisions for the physical layer authenticator faces significant challenges in a dynamically changing, non-stationary environment. To address this problem, this paper introduces a deep learning-based authentication approach to learn and track the variations of channel characteristics, and thus improving the adaptability and convergence of the physical layer authentication. Specifically, an intelligent detection framework based on a Convolutional-Long Short-Term Memory (Convolutional-LSTM) network is designed to deal with channel differences without knowing the statistical properties of the channel. Both the robustness and the detection performance of the learning authentication scheme are analyzed, and extensive simulations and experiments show that the detection accuracy in time-varying environments is significantly improved.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Yongchao Dang,Yin Chen,Huihui Wu,Yulong Shen,Xiaohong Jiang

DOI: https://doi.org/10.1109/nana.2017.38

2017-01-01

Abstract:Physical layer security is expected to address the security issue in wireless networks by taking advantage of the unique attributes of fading channels. In this paper, we propose a novel physical layer authentication scheme by measuring the locations of surrounding noise sources between communication participants. Typically, the transmitting power of surrounding noise is unknown, so a maximum likelihood (ML) method is adopted to estimate the locations of noise sources, based on the received signal strength (RSS) and angle of arrival (AoA). We analyze the security of the proposed scheme under both passive and active attacks, and show that the proposed scheme can work under highly dynamical scenarios.

Qi Wang,Wei Liang,Jialin Zhang,Ke Wang,Xiaolin Jiang

DOI: https://doi.org/10.1109/tce.2024.3379524

2024-01-01

IEEE Transactions on Consumer Electronics

Abstract:Channel state information (CSI)-based physical layer authentication (PLA) is considered to be a promising technology for wireless network security. However, in mobile scenarios, device mobility and environmental dynamics limit the reliability of PLA due to channel state instability and spatial location uncertainty. To improve authentication reliability, we propose a knowledge-enhanced PLA algorithm. This algorithm leverages prior knowledge of mobile devices and wireless channels to verify mobility patterns and extract stable features. Specifically, trajectory verification, exploiting the space-time constraints of the mobile device, is conducted before and after location prediction to assess the rationality of the mobile trajectory. Moreover, a three-scale feature model is proposed to extract stable features for precise location prediction, which models the stable characteristics of unstable mobile channels from different sensitivities to spatial variations. Evaluation results show that the proposed algorithm can achieve higher reliability than two state-of-the-art algorithms in three mobile scenarios.

telecommunications,engineering, electrical & electronic