Statistical and Machine Learning-based Decision Techniques for Physical Layer Authentication

In this paper we assess the security performance of key-less physical layer authentication schemes in the case of time-varying fading channels, considering both partial and no channel state information (CSI) on the receiver's side. We first present a generalization of a well-known protocol previously proposed for flat fading channels and we study different statistical decision methods and the corresponding optimal attack strategies in order to improve the authentication performance in the considered scenario. We then consider the application of machine learning techniques in the same setting, exploiting different one-class nearest neighbor (OCNN) classification algorithms. We observe that, under the same probability of false alarm, one-class classification (OCC) algorithms achieve the lowest probability of missed detection when a low spatial correlation exists between the main channel and the adversary one, while statistical methods are advantageous when the spatial correlation between the two channels is higher.Comment: To be presented at IEEE Globecom 201

Learning-Aided Physical Layer Authentication as an Intelligent Process

Performance of the existing physical layer authentication schemes could be severely affected by the imperfect estimates and variations of the communication link attributes used. The commonly adopted static hypothesis testing for physical layer authentication faces significant challenges in time-varying communication channels due to the changing propagation and interference conditions, which are typically unknown at the design stage. To circumvent this impediment, we propose an adaptive physical layer authentication scheme based on machine-learning as an intelligent process to learn and utilize the complex and time-varying environment, and hence to improve the reliability and robustness of physical layer authentication. Explicitly, a physical layer attribute fusion model based on a kernel machine is designed for dealing with multiple attributes without requiring the knowledge of their statistical properties. By modeling the physical layer authentication as a linear system, the proposed technique directly reduces the authentication scope from a combined N-dimensional feature space to a single dimensional (scalar) space, hence leading to reduced authentication complexity. By formulating the learning (training) objective of the physical layer authentication as a convex problem, an adaptive algorithm based on kernel least-mean-square is then proposed as an intelligent process to learn and track the variations of multiple attributes, and therefore to enhance the authentication performance. Both the convergence and the authentication performance of the proposed intelligent authentication process are theoretically analyzed. Our simulations demonstrate that our solution significantly improves the authentication performance in time-varying environments

RF-PUF: Enhancing IoT Security through Authentication of Wireless Nodes using In-situ Machine Learning

Traditional authentication in radio-frequency (RF) systems enable secure data communication within a network through techniques such as digital signatures and hash-based message authentication codes (HMAC), which suffer from key recovery attacks. State-of-the-art IoT networks such as Nest also use Open Authentication (OAuth 2.0) protocols that are vulnerable to cross-site-recovery forgery (CSRF), which shows that these techniques may not prevent an adversary from copying or modeling the secret IDs or encryption keys using invasive, side channel, learning or software attacks. Physical unclonable functions (PUF), on the other hand, can exploit manufacturing process variations to uniquely identify silicon chips which makes a PUF-based system extremely robust and secure at low cost, as it is practically impossible to replicate the same silicon characteristics across dies. Taking inspiration from human communication, which utilizes inherent variations in the voice signatures to identify a certain speaker, we present RF- PUF: a deep neural network-based framework that allows real-time authentication of wireless nodes, using the effects of inherent process variation on RF properties of the wireless transmitters (Tx), detected through in-situ machine learning at the receiver (Rx) end. The proposed method utilizes the already-existing asymmetric RF communication framework and does not require any additional circuitry for PUF generation or feature extraction. Simulation results involving the process variations in a standard 65 nm technology node, and features such as LO offset and I-Q imbalance detected with a neural network having 50 neurons in the hidden layer indicate that the framework can distinguish up to 4800 transmitters with an accuracy of 99.9% (~ 99% for 10,000 transmitters) under varying channel conditions, and without the need for traditional preambles.Comment: Accepted: in the IEEE Internet of Things Journal (JIoT), 201

Six Key Enablers for Machine Type Communication in 6G

While 5G is being rolled out in different parts of the globe, few research groups around the world $-$ such as the Finnish 6G Flagship program $-$ have already started posing the question: \textit{What will 6G be?} The 6G vision is a data-driven society, enabled by near instant unlimited wireless connectivity. Driven by impetus to provide vertical-specific wireless network solutions, machine type communication encompassing both its mission critical and massive connectivity aspects is foreseen to be an important cornerstone of 6G development. This article presents an over-arching vision for machine type communication in 6G. In this regard, some relevant performance indicators are first anticipated, followed by a presentation of six key enabling technologies.Comment: 14 pages, five figures, submitted to IEEE Communications Magazine for possible publicatio

IDNet: Smartphone-based Gait Recognition with Convolutional Neural Networks

Here, we present IDNet, a user authentication framework from smartphone-acquired motion signals. Its goal is to recognize a target user from their way of walking, using the accelerometer and gyroscope (inertial) signals provided by a commercial smartphone worn in the front pocket of the user's trousers. IDNet features several innovations including: i) a robust and smartphone-orientation-independent walking cycle extraction block, ii) a novel feature extractor based on convolutional neural networks, iii) a one-class support vector machine to classify walking cycles, and the coherent integration of these into iv) a multi-stage authentication technique. IDNet is the first system that exploits a deep learning approach as universal feature extractors for gait recognition, and that combines classification results from subsequent walking cycles into a multi-stage decision making framework. Experimental results show the superiority of our approach against state-of-the-art techniques, leading to misclassification rates (either false negatives or positives) smaller than 0.15% with fewer than five walking cycles. Design choices are discussed and motivated throughout, assessing their impact on the user authentication performance

Distributed SIMO Physical Layer Authentication: Performance Bounds Under Optimal Attacker Strategies

We provide worst-case bounds for the detection performance of a physical layer authentication scheme where authentication is based on channel-state information (CSI) observed at multiple distributed remote radio-heads (RRHs). The bounds are established based on two physical-layer attack strategies that a sophisticated attacker can launch against a given deployment. First, we consider a power manipulation attack, in which a single-antenna attacker adopts optimal transmit power and phase, and derive an approximation for the missed detection probability that is applicable for both statistical and perfect CSI knowledge at the attacker. Secondly, we characterize the spatial attack position that maximizes the attacker's success probability under strong line-of-sight conditions. We use this to provide a heuristic truncated search algorithm that efficiently finds the optimal attack position, and hence, constitutes a powerful tool for planning, analyzing, and optimizing deployments. Interestingly, our results show that there is only a small gap between the detection performance under a power manipulation attack based on statistical respectively perfect CSI knowledge, which significantly strengthens the relevance and applicability of our results in real-world scenarios. Furthermore, our results illustrate the benefits of the distributed approach by showing that the worst-case bounds can be reduced by 4 orders of magnitude without increasing the total number of antennas.Comment: Submitted to IEEE Transactions on Wireless Communication

Supervised and Semi-Supervised Deep Neural Networks for CSI-Based Authentication

From the viewpoint of physical-layer authentication, spoofing attacks can be foiled by checking channel state information (CSI). Existing CSI-based authentication algorithms mostly require a deep knowledge of the channel to deliver decent performance. In this paper, we investigate CSI-based authenticators that can spare the effort to predetermine channel properties by utilizing deep neural networks (DNNs). We first propose a convolutional neural network (CNN)-enabled authenticator that is able to extract the local features in CSI. Next, we employ the recurrent neural network (RNN) to capture the dependencies between different frequencies in CSI. In addition, we propose to use the convolutional recurrent neural network (CRNN)---a combination of the CNN and the RNN---to learn local and contextual information in CSI for user authentication. To effectively train these DNNs, one needs a large amount of labeled channel records. However, it is often expensive to label large channel observations in the presence of a spoofer. In view of this, we further study a case in which only a small part of the the channel observations are labeled. To handle it, we extend these DNNs-enabled approaches into semi-supervised ones. This extension is based on a semi-supervised learning technique that employs both the labeled and unlabeled data to train a DNN. To be specific, our semi-supervised method begins by generating pseudo labels for the unlabeled channel samples through implementing the K-means algorithm in a semi-supervised manner. Subsequently, both the labeled and pseudo labeled data are exploited to pre-train a DNN, which is then fine-tuned based on the labeled channel records.Comment: This paper has been submitted for possible publicatio

DeepKey: An EEG and Gait Based Dual-Authentication System

Biometric authentication involves various technologies to identify individuals by exploiting their unique, measurable physiological and behavioral characteristics. However, traditional biometric authentication systems (e.g., face recognition, iris, retina, voice, and fingerprint) are facing an increasing risk of being tricked by biometric tools such as anti-surveillance masks, contact lenses, vocoder, or fingerprint films. In this paper, we design a multimodal biometric authentication system named Deepkey, which uses both Electroencephalography (EEG) and gait signals to better protect against such risk. Deepkey consists of two key components: an Invalid ID Filter Model to block unauthorized subjects and an identification model based on attention-based Recurrent Neural Network (RNN) to identify a subject`s EEG IDs and gait IDs in parallel. The subject can only be granted access while all the components produce consistent evidence to match the user`s proclaimed identity. We implement Deepkey with a live deployment in our university and conduct extensive empirical experiments to study its technical feasibility in practice. DeepKey achieves the False Acceptance Rate (FAR) and the False Rejection Rate (FRR) of 0 and 1.0%, respectively. The preliminary results demonstrate that Deepkey is feasible, show consistent superior performance compared to a set of methods, and has the potential to be applied to the authentication deployment in real world settings.Comment: 22 page

A Machine Learning Framework for Biometric Authentication using Electrocardiogram

This paper introduces a framework for how to appropriately adopt and adjust Machine Learning (ML) techniques used to construct Electrocardiogram (ECG) based biometric authentication schemes. The proposed framework can help investigators and developers on ECG based biometric authentication mechanisms define the boundaries of required datasets and get training data with good quality. To determine the boundaries of datasets, use case analysis is adopted. Based on various application scenarios on ECG based authentication, three distinct use cases (or authentication categories) are developed. With more qualified training data given to corresponding machine learning schemes, the precision on ML-based ECG biometric authentication mechanisms is increased in consequence. ECG time slicing technique with the R-peak anchoring is utilized in this framework to acquire ML training data with good quality. In the proposed framework four new measure metrics are introduced to evaluate the quality of ML training and testing data. In addition, a Matlab toolbox, containing all proposed mechanisms, metrics and sample data with demonstrations using various ML techniques, is developed and made publicly available for further investigation. For developing ML-based ECG biometric authentication, the proposed framework can guide researchers to prepare the proper ML setups and the ML training datasets along with three identified user case scenarios. For researchers adopting ML techniques to design new schemes in other research domains, the proposed framework is still useful for generating ML-based training and testing datasets with good quality and utilizing new measure metrics.Comment: This paper has been published in the IEEE Acces

A ReRAM Physically Unclonable Function (ReRAM PUF)-based Approach to Enhance Authentication Security in Software Defined Wireless Networks

The exponentially increasing number of ubiquitous wireless devices connected to the Internet in Internet of Things (IoT) networks highlights the need for a new paradigm of data flow management in such large-scale networks under software defined wireless networking (SDWN). The limited power and computation capability available at IoT devices as well as the centralized management and decision-making approach in SDWN introduce a whole new set of security threats to the networks. In particular, the authentication mechanism between the controllers and the forwarding devices in SDWNs is a key challenge from both secrecy and integrity aspects. Conventional authentication protocols based on public key infrastructure (PKI) are no longer sufficient for these networks considering the large-scale and heterogeneity nature of the networks as well as their deployment cost, and security vulnerabilities due to key distribution and storage. We propose a novel security protocol based on physical unclonable functions (PUFs) known as hardware security primitives to enhance the authentication security in SDWNs. In this approach, digital PUFs are developed using the inherent randomness of the nanomaterials of Resistive Random Access Memory (ReRAM) that are embedded in most IoT devices to enable a secure authentication and access control in these networks. These PUFs are developed based on a novel approach of multi-states, in which the natural drifts due to the physical variations in the environment are predicted to reduce the potential errors in challenge-response pairs of PUFs being tested in different situations. We also proposed a PUF-based PKI protocol to secure the controller in SDWNs. The performance of the developed ReRAM-based PUFs are evaluated in the experimental results.Comment: 16 pages, 10 figures, submitted to Springer International Journal of Wireless Information Network