Exploiting Lack of Hardware Reciprocity for Sender-Node Authentication at the PHY Layer

This paper proposes to exploit the so-called reciprocity parameters (modelling non-reciprocal communication hardware) to use them as decision metric for binary hypothesis testing based authentication framework at a receiver node Bob. Specifically, Bob first learns the reciprocity parameters of the legitimate sender Alice via initial training. Then, during the test phase, Bob first obtains a measurement of reciprocity parameters of channel occupier (Alice, or, the intruder Eve). Then, with ground truth and current measurement both in hand, Bob carries out the hypothesis testing to automatically accept (reject) the packets sent by Alice (Eve). For the proposed scheme, we provide its success rate (the detection probability of Eve), and its performance comparison with other schemes

Key Generation in Wireless Sensor Networks Based on Frequency-selective Channels - Design, Implementation, and Analysis

Key management in wireless sensor networks faces several new challenges. The scale, resource limitations, and new threats such as node capture necessitate the use of an on-line key generation by the nodes themselves. However, the cost of such schemes is high since their secrecy is based on computational complexity. Recently, several research contributions justified that the wireless channel itself can be used to generate information-theoretic secure keys. By exchanging sampling messages during movement, a bit string can be derived that is only known to the involved entities. Yet, movement is not the only possibility to generate randomness. The channel response is also strongly dependent on the frequency of the transmitted signal. In our work, we introduce a protocol for key generation based on the frequency-selectivity of channel fading. The practical advantage of this approach is that we do not require node movement. Thus, the frequent case of a sensor network with static motes is supported. Furthermore, the error correction property of the protocol mitigates the effects of measurement errors and other temporal effects, giving rise to an agreement rate of over 97%. We show the applicability of our protocol by implementing it on MICAz motes, and evaluate its robustness and secrecy through experiments and analysis.Comment: Submitted to IEEE Transactions on Dependable and Secure Computin

H4LO:Automation Platform for Efficient RF Fingerprinting using SLAM-derived Map and Poses

© 2020 The Institution of Engineering and Technology. One of the main shortcomings of received signal strength-based indoor localisation techniques is the labour and timecost involved in acquiring labelled \u27ground-truth\u27 training data. This training data is often obtained through fingerprinting, whichinvolves visiting all prescribed locations to capture sensor observations throughout the environment. In this work, the authorspresent a helmet for localisation optimisation (H4LO): a low-cost robotic system designed to cut down on said labour by utilisingan off-the-shelf light detection and ranging device. This system allows for simultaneous localisation and mapping, providing thehuman user with accurate pose estimation and a corresponding map of the environment. The high-resolution location estimationcan then be used to train a positioning model, where received signal strength data is acquired from a human-worn wearabledevice. The method is evaluated using live measurements, recorded within a residential property. They compare the groundtruthlocation labels generated automatically by the H4LO system with a camera-based fingerprinting technique from previous work.They find that the system remains comparable in performance to the less efficient camera-based method, whilst removing theneed for time-consuming labour associated with registering the user\u27s location

Wireless Device Authentication Techniques Using Physical-Layer Device Fingerprint

Due to the open nature of the radio signal propagation medium, wireless communication is inherently more vulnerable to various attacks than wired communication. Consequently, communication security is always one of the critical concerns in wireless networks. Given that the sophisticated adversaries may cover up their malicious behaviors through impersonation of legitimate devices, reliable wireless authentication is becoming indispensable to prevent such impersonation-based attacks through verification of the claimed identities of wireless devices. Conventional wireless authentication is achieved above the physical layer using upper-layer identities and key-based cryptography. As a result, user authenticity can even be validated for the malicious attackers using compromised security key. Recently, many studies have proven that wireless devices can be authenticated by exploiting unique physical-layer characteristics. Compared to the key-based approach, the possession of such physical-layer characteristics is directly associated with the transceiver\u27s unique radio-frequency hardware and corresponding communication environment, which are extremely difficult to forge in practice. However, the reliability of physical-layer authentication is not always high enough. Due to the popularity of cooperative communications, effective implementation of physical-layer authentication in wireless relay systems is urgently needed. On the other hand, the integration with existing upper-layer authentication protocols still has many challenges, e.g., end-to-end authentication. This dissertation is motivated to develop novel physical-layer authentication techniques in addressing the aforementioned challenges. In achieving enhanced wireless authentication, we first specifically identify the technique challenges in authenticating cooperative amplify-and-forward (AF) relay. Since AF relay only works at the physical layer, all of the existing upper-layer authentication protocols are ineffective in identifying AF relay nodes. To solve this problem, a novel device fingerprint of AF relay consisting of wireless channel gains and in-phase and quadrature imbalances (IQI) is proposed. Using this device fingerprint, satisfactory authentication accuracy is achieved when the signal-to-noise ratio is high enough. Besides, the optimal AF relay identification system is studied to maximize the performance of identifying multiple AF relays in the low signal-to-noise regime and small IQI. The optimal signals for quadrature amplitude modulation and phase shift keying modulations are derived to defend against the repeated access attempts made by some attackers with specific IQIs. Exploring effective authentication enhancement technique is another key objective of this dissertation. Due to the fast variation of channel-based fingerprints as well as the limited range of device-specific fingerprints, the performance of physical-layer authentication is not always reliable. In light of this, the physical-layer authentication is enhanced in two aspects. On the one hand, the device fingerprinting can be strengthened by considering multiple characteristics. The proper characteristics selection strategy, measurement method and optimal weighted combination of the selected characteristics are investigated. On the other hand, the accuracy of fingerprint estimation and differentiation can be improved by exploiting diversity techniques. To be specific, cooperative diversity in the form of involving multiple collaborative receivers is used in differentiating both frequency-dependent and frequency-independent device fingerprints. As a typical combining method of the space diversity techniques, the maximal-ratio combining is also applied in the receiver side to combat the channel degeneration effect and increase the fingerprint-to-noise ratio. Given the inherent weaknesses of the widely utilized upper-layer authentication protocols, it is straightforward to consider physical-layer authentication as an effective complement to reinforce existing authentication schemes. To this end, a cross-layer authentication is designed to seamlessly integrate the physical-layer authentication with existing infrastructures and protocols. The specific problems such as physical-layer key generation as well as the end-to-end authentication in networks are investigated. In addition, the authentication complexity reduction is also studied. Through prediction, pre-sharing and reusing the physical-layer information, the authentication processing time can be significantly shortened

Improved Wireless Security through Physical Layer Protocol Manipulation and Radio Frequency Fingerprinting

Wireless networks are particularly vulnerable to spoofing and route poisoning attacks due to the contested transmission medium. Traditional bit-layer defenses including encryption keys and MAC address control lists are vulnerable to extraction and identity spoofing, respectively. This dissertation explores three novel strategies to leverage the wireless physical layer to improve security in low-rate wireless personal area networks. The first, physical layer protocol manipulation, identifies true transceiver design within remote devices through analysis of replies in response to packets transmitted with modified physical layer headers. Results herein demonstrate a methodology that correctly differentiates among six IEEE 802.15.4 transceiver classes with greater than 99% accuracy, regardless of claimed bit-layer identity. The second strategy, radio frequency fingerprinting, accurately identifies the true source of every wireless transmission in a network, even among devices of the same design and manufacturer. Results suggest that even low-cost signal collection receivers can achieve greater than 90% authentication accuracy within a defense system based on radio frequency fingerprinting. The third strategy, based on received signal strength quantification, can be leveraged to rapidly locate suspicious transmission sources and to perform physical security audits of critical networks. Results herein reduce mean absolute percentage error of a widely-utilized distance estimation model 20% by examining signal strength measurements from real-world networks in a military hospital and a civilian hospital

Wireless device identification from a phase noise prospective

As wireless devices become increasingly pervasive and essential, they are becoming both a target for attacks and the very weapon with which such an attack can be carried out. Wireless networks have to face new kinds of intrusion that had not been considered previously because they are linked to the open nature of wireless networks. In particular, device identity management and intrusion detection are two of the most significant challenges in any network security solution but they are paramount for any wireless local area networks (WLANs) because of the inherent non-exclusivity of the transmission medium. The physical layer of 802.11-based wireless communication does not offer security guarantee because any electromagnetic signal transmitted can be monitored, captured, and analyzed by any sufficiently motivated and equipped adversary within the 802.11 device's transmission range. What is required is a form of identification that is nonmalleable (cannot be spoofed easily). For this reason we have decided to focus on physical characteristics of the network interface card (NIC) to distinguish between different wireless users because it can provide an additional layer of security. The unique properties of the wireless medium are extremely useful to get an additional set of information that can be used to extend and enhance traditional security mechanisms. This approach is commonly referred to as radio frequency fingerprinting (RFF), i.e., determining specific characteristics (fingerprint) of a network device component. More precisely, our main goal is to prove the feasibility of exploiting phase noise in oscillators for fingerprinting design and overcome existing limitations of conventional approaches. The intuition behind our design is that the autonomous nature of oscillators among noisy physical systems makes them unique in their response to perturbations and none of the previous work has ever tried to take advantage of thi

Survey and Systematization of Secure Device Pairing

Secure Device Pairing (SDP) schemes have been developed to facilitate secure communications among smart devices, both personal mobile devices and Internet of Things (IoT) devices. Comparison and assessment of SDP schemes is troublesome, because each scheme makes different assumptions about out-of-band channels and adversary models, and are driven by their particular use-cases. A conceptual model that facilitates meaningful comparison among SDP schemes is missing. We provide such a model. In this article, we survey and analyze a wide range of SDP schemes that are described in the literature, including a number that have been adopted as standards. A system model and consistent terminology for SDP schemes are built on the foundation of this survey, which are then used to classify existing SDP schemes into a taxonomy that, for the first time, enables their meaningful comparison and analysis.The existing SDP schemes are analyzed using this model, revealing common systemic security weaknesses among the surveyed SDP schemes that should become priority areas for future SDP research, such as improving the integration of privacy requirements into the design of SDP schemes. Our results allow SDP scheme designers to create schemes that are more easily comparable with one another, and to assist the prevention of persisting the weaknesses common to the current generation of SDP schemes.Comment: 34 pages, 5 figures, 3 tables, accepted at IEEE Communications Surveys & Tutorials 2017 (Volume: PP, Issue: 99

Efficient wireless location estimation through simultaneous localization and mapping

Conventional Wi-Fi location estimation techniques using radio fingerprinting typically require a lengthy initial site survey. It is suggested that the lengthy site survey is a barrier to adoption of the radio fingerprinting technique. This research investigated two methods for reducing or eliminating the site survey and instead build the radio map on-the-fly. The first approach utilized a deterministic algorithm to predict the user's location near each access point and subsequently construct a radio map of the entire area. This deterministic algorithm performed only fairly and only under limited conditions, rendering it unsuitable for most typical real-world deployments. Subsequently, a probabilistic algorithm was developed, derived from a robotic mapping technique called simultaneous localization and mapping. The standard robotic algorithm was augmented with a modified particle filter, modified motion and sensor models, and techniques for hardware-agnostic radio measurements (utilizing radio gradients and ranked radio maps). This algorithm performed favorably when compared to a standard implementation of the radio fingerprinting technique, but without needing an initial site survey. The algorithm was also reasonably robust even when the number of available access points were decreased.Ph.D.Committee Chair: Owen, Henry; Committee Member: Copeland, John; Committee Member: Giffin, Jonathon; Committee Member: Howard, Ayanna; Committee Member: Riley, Georg

Hybrid Internal Anomaly Detection System for IoT: Reactive Nodes with Cross-Layer Operation

We present a hybrid internal anomaly detection system that shares detection tasks between router and nodes. It allows nodes to react instinctively against the anomaly node by enforcing temporary communication ban on it. Each node monitors its own neighbors and if abnormal behavior is detected, the node blocks the packets of the anomaly node at link layer and reports the incident to its parent node. A novel RPL control message, Distress Propagation Object (DPO), is formulated and used for reporting the anomaly and network activities to the parent node and subsequently to the router. The system has configurable profile settings and is able to learn and differentiate between the nodes normal and suspicious activities without a need for prior knowledge. It has different subsystems and operation phases that are distributed in both the nodes and router, which act on data link and network layers. The system uses network fingerprinting to be aware of changes in network topology and approximate threat locations without any assistance from a positioning subsystem. The developed system was evaluated using test-bed consisting of Zolertia nodes and in-house developed PandaBoard based gateway as well as emulation environment of Cooja. The evaluation revealed that the system has low energy consumption overhead and fast response. The system occupies 3.3 KB of ROM and 0.86 KB of RAM for its operations. Security analysis confirms nodes reaction against abnormal nodes and successful detection of packet flooding, selective forwarding, and clone attacks. The system’s false positive rate evaluation demonstrates that the proposed system exhibited 5% to 10% lower false positive rate compared to simple detection system