Wireless Device Authentication Techniques Using Physical-Layer Device Fingerprint

Due to the open nature of the radio signal propagation medium, wireless communication is inherently more vulnerable to various attacks than wired communication. Consequently, communication security is always one of the critical concerns in wireless networks. Given that the sophisticated adversaries may cover up their malicious behaviors through impersonation of legitimate devices, reliable wireless authentication is becoming indispensable to prevent such impersonation-based attacks through verification of the claimed identities of wireless devices. Conventional wireless authentication is achieved above the physical layer using upper-layer identities and key-based cryptography. As a result, user authenticity can even be validated for the malicious attackers using compromised security key. Recently, many studies have proven that wireless devices can be authenticated by exploiting unique physical-layer characteristics. Compared to the key-based approach, the possession of such physical-layer characteristics is directly associated with the transceiver\u27s unique radio-frequency hardware and corresponding communication environment, which are extremely difficult to forge in practice. However, the reliability of physical-layer authentication is not always high enough. Due to the popularity of cooperative communications, effective implementation of physical-layer authentication in wireless relay systems is urgently needed. On the other hand, the integration with existing upper-layer authentication protocols still has many challenges, e.g., end-to-end authentication. This dissertation is motivated to develop novel physical-layer authentication techniques in addressing the aforementioned challenges. In achieving enhanced wireless authentication, we first specifically identify the technique challenges in authenticating cooperative amplify-and-forward (AF) relay. Since AF relay only works at the physical layer, all of the existing upper-layer authentication protocols are ineffective in identifying AF relay nodes. To solve this problem, a novel device fingerprint of AF relay consisting of wireless channel gains and in-phase and quadrature imbalances (IQI) is proposed. Using this device fingerprint, satisfactory authentication accuracy is achieved when the signal-to-noise ratio is high enough. Besides, the optimal AF relay identification system is studied to maximize the performance of identifying multiple AF relays in the low signal-to-noise regime and small IQI. The optimal signals for quadrature amplitude modulation and phase shift keying modulations are derived to defend against the repeated access attempts made by some attackers with specific IQIs. Exploring effective authentication enhancement technique is another key objective of this dissertation. Due to the fast variation of channel-based fingerprints as well as the limited range of device-specific fingerprints, the performance of physical-layer authentication is not always reliable. In light of this, the physical-layer authentication is enhanced in two aspects. On the one hand, the device fingerprinting can be strengthened by considering multiple characteristics. The proper characteristics selection strategy, measurement method and optimal weighted combination of the selected characteristics are investigated. On the other hand, the accuracy of fingerprint estimation and differentiation can be improved by exploiting diversity techniques. To be specific, cooperative diversity in the form of involving multiple collaborative receivers is used in differentiating both frequency-dependent and frequency-independent device fingerprints. As a typical combining method of the space diversity techniques, the maximal-ratio combining is also applied in the receiver side to combat the channel degeneration effect and increase the fingerprint-to-noise ratio. Given the inherent weaknesses of the widely utilized upper-layer authentication protocols, it is straightforward to consider physical-layer authentication as an effective complement to reinforce existing authentication schemes. To this end, a cross-layer authentication is designed to seamlessly integrate the physical-layer authentication with existing infrastructures and protocols. The specific problems such as physical-layer key generation as well as the end-to-end authentication in networks are investigated. In addition, the authentication complexity reduction is also studied. Through prediction, pre-sharing and reusing the physical-layer information, the authentication processing time can be significantly shortened

ZigBee/ZigBee PRO security assessment based on compromised cryptographic keys

Sensor networks have many applications in monitoring and controlling of environmental properties such as sound, acceleration, vibration and temperature. Due to limited resources in computation capability, memory and energy, they are vulnerable to many kinds of attacks. The ZigBee specification based on the 802.15.4 standard, defines a set of layers specifically suited to sensor networks. These layers support secure messaging using symmetric cryptographic. This paper presents two different ways for grabbing the cryptographic key in ZigBee: remote attack and physical attack. It also surveys and categorizes some additional attacks which can be performed on ZigBee networks: eavesdropping, spoofing, replay and DoS attacks at different layers. From this analysis, it is shown that some vulnerabilities still in the existing security schema in ZigBee technology.Les xarxes de sensors tenen moltes aplicacions en el control i la monitorització de les propietats del medi ambient, com ara el so, l¿acceleració, la vibració i la temperatura. A causa dels limitats recursos en la capacitat de càlcul, la memòria i l'energia són vulnerables a molts tipus d'atacs. L'especificació ZigBee basada en l'estàndard 802.15.4, defineix un conjunt de capes, adaptada específicament per a xarxes de sensors. Aquestes capes suporten missatgeria segura mitjançant criptografia simètrica. Aquest article presenta dues formes diferents per agafar la clau de xifrat en ZigBee: atac a distància i atacs físics. També les enquesta i classifica alguns atacs addicionals que es poden realitzar en les xarxes ZigBee: espionatge, falsificació, reproducció i atacs DoS en les diferents capes. A partir d'aquesta anàlisi, es demostren algunes vulnerabilitats existents en l'esquema de seguretat en tecnologia ZigBee.Las redes de sensores tienen muchas aplicaciones en el control y la monitorización de las propiedades del medio ambiente, como el sonido, la aceleración, la vibración y la temperatura. Debido a los limitados recursos en la capacidad de cálculo, la memoria y la energía son vulnerables a muchos tipos de ataques. La especificación ZigBee basada en el estándar 802.15.4, define un conjunto de capas, adaptada específicamente para redes de sensores. Estas capas soportan mensajería segura mediante criptografía simétrica. Este artículo presenta dos formas diferentes para coger la clave de cifrado en ZigBee: ataque a distancia y ataques físicos. También las encuesta y clasifica algunos ataques adicionales que se pueden realizar en las redes ZigBee: espionaje, falsificación, reproducción y ataques DoS en las diferentes capas. A partir de este análisis, se demuestran algunas vulnerabilidades existentes en el esquema de seguridad en tecnología ZigBee

Relay Selection for Wireless Communications Against Eavesdropping: A Security-Reliability Tradeoff Perspective

This article examines the secrecy coding aided wireless communications from a source to a destination in the presence of an eavesdropper from a security-reliability tradeoff (SRT) perspective. Explicitly, the security is quantified in terms of the intercept probability experienced at the eavesdropper, while the outage probability encountered at the destination is used to measure the transmission reliability. We characterize the SRT of conventional direct transmission from the source to the destination and show that if the outage probability is increased, the intercept probability decreases, and vice versa. We first demonstrate that the employment of relay nodes for assisting the source-destination transmissions is capable of defending against eavesdropping, followed by quantifying the benefits of single-relay selection (SRS) as well as of multi-relay selection (MRS) schemes. More specifically, in the SRS scheme, only the single "best" relay is selected for forwarding the source signal to the destination, whereas the MRS scheme allows multiple relays to participate in this process. It is illustrated that both the SRS and MRS schemes achieve a better SRT than the conventional direct transmission, especially upon increasing the number of relays. Numerical results also show that as expected, the MRS outperforms the SRS in terms of its SRT. Additionally, we present some open challenges and future directions for the wireless relay aided physical-layer security.Comment: 16 pages, IEEE Network, 201

A Survey on Wireless Security: Technical Challenges, Recent Advances and Future Trends

This paper examines the security vulnerabilities and threats imposed by the inherent open nature of wireless communications and to devise efficient defense mechanisms for improving the wireless network security. We first summarize the security requirements of wireless networks, including their authenticity, confidentiality, integrity and availability issues. Next, a comprehensive overview of security attacks encountered in wireless networks is presented in view of the network protocol architecture, where the potential security threats are discussed at each protocol layer. We also provide a survey of the existing security protocols and algorithms that are adopted in the existing wireless network standards, such as the Bluetooth, Wi-Fi, WiMAX, and the long-term evolution (LTE) systems. Then, we discuss the state-of-the-art in physical-layer security, which is an emerging technique of securing the open communications environment against eavesdropping attacks at the physical layer. We also introduce the family of various jamming attacks and their counter-measures, including the constant jammer, intermittent jammer, reactive jammer, adaptive jammer and intelligent jammer. Additionally, we discuss the integration of physical-layer security into existing authentication and cryptography mechanisms for further securing wireless networks. Finally, some technical challenges which remain unresolved at the time of writing are summarized and the future trends in wireless security are discussed.Comment: 36 pages. Accepted to Appear in Proceedings of the IEEE, 201