S2M: A Lightweight Acoustic Fingerprints-Based Wireless Device Authentication Protocol

Device authentication is a critical and challenging issue for the emerging Internet of Things (IoT). One promising solution to authenticate IoT devices is to extract a fingerprint to perform device authentication by exploiting variations in the transmitted signal caused by hardware and manufacturing inconsistencies. In this paper, we propose a lightweight device authentication protocol [named speaker-to-microphone (S2M)] by leveraging the frequency response of a speaker and a microphone from two wireless IoT devices as the acoustic hardware fingerprint. S2M authenticates the legitimate user by matching the fingerprint extracted in the learning process and the verification process, respectively. To validate and evaluate the performance of S2M, we design and implement it in both mobile phones and PCs and the extensive experimental results show that S2M achieves both low false negative rate and low false positive rate in various scenarios under different attacks.

[1]  Xiaohui Liang,et al.  Sybil Attacks and Their Defenses in the Internet of Things , 2014, IEEE Internet of Things Journal.

[2]  G. Edward Suh,et al.  Physical Unclonable Functions for Device Authentication and Secret Key Generation , 2007, 2007 44th ACM/IEEE Design Automation Conference.

[3]  Jie Xiong,et al.  SecureArray: improving wifi security with fine-grained physical-layer information , 2013, MobiCom.

[4]  Xiaohui Liang,et al.  Security and privacy for mobile healthcare networks: from a quality of protection perspective , 2015, IEEE Wireless Communications.

[5]  Athanasios V. Vasilakos,et al.  Security of the Internet of Things: perspectives and challenges , 2014, Wireless Networks.

[6]  Srinivasan Seshan,et al.  802.11 user fingerprinting , 2007, MobiCom '07.

[7]  Nikita Borisov,et al.  Do You Hear What I Hear?: Fingerprinting Smart Devices Through Embedded Acoustic Components , 2014, CCS.

[8]  Xiang-Yang Li,et al.  Rejecting the attack: Source authentication for Wi-Fi management frames using CSI Information , 2012, 2013 Proceedings IEEE INFOCOM.

[9]  Benjamin Bertka 802 . 11 w Security : DoS Attacks and Vulnerability Controls , 2012 .

[10]  Xiangyu Liu,et al.  Acoustic Fingerprinting Revisited: Generate Stable Device ID Stealthily with Inaudible Sound , 2014, CCS.

[11]  Qian Zhang,et al.  Privacy-Preserving Location Authentication in Wi-Fi Networks Using Fine-Grained Physical Layer Signatures , 2016, IEEE Transactions on Wireless Communications.

[12]  Xiaohua Jia,et al.  Enabling efficient access control with dynamic policy updating for big data in the cloud , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[13]  Sneha A. Dalvi,et al.  Internet of Things for Smart Cities , 2017 .

[14]  Erik Tews,et al.  Practical attacks against WEP and WPA , 2009, WiSec '09.

[15]  Prasant Mohapatra,et al.  Non-cryptographic authentication and identification in wireless networks [Security and Privacy in Emerging Wireless Networks] , 2010, IEEE Wireless Communications.

[16]  Luigi Alfredo Grieco,et al.  Security, privacy and trust in Internet of Things: The road ahead , 2015, Comput. Networks.

[17]  Marco Gruteser,et al.  Detecting Identity Spoofs in IEEE 802.11e Wireless Networks , 2009, GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference.

[18]  Martin Eian,et al.  The modeling and comparison of wireless network denial of service attacks , 2011, MobiHeld '11.

[19]  Thomas L. Szabo,et al.  Time domain wave equations for lossy media obeying a frequency power law , 1994 .

[20]  Lida Xu,et al.  The internet of things: a survey , 2014, Information Systems Frontiers.

[21]  Tzi-cker Chiueh,et al.  Sequence Number-Based MAC Address Spoof Detection , 2005, RAID.

[22]  Srdjan Capkun,et al.  Attacks on physical-layer identification , 2010, WiSec '10.

[23]  Xuemin Shen,et al.  Connected Vehicles: Solutions and Challenges , 2014, IEEE Internet of Things Journal.

[24]  Xiaohui Liang,et al.  Security and privacy in mobile social networks: challenges and solutions , 2014, IEEE Wireless Communications.

[25]  Xiang-Yang Li,et al.  Wireless Device Authentication Using Acoustic Hardware Fingerprints , 2015, BigCom.

[26]  Yunhao Liu,et al.  Locating sensors in the wild: pursuit of ranging quality , 2010, SenSys '10.

[27]  Larry J. Greenstein,et al.  A Physical-Layer Technique to Enhance Authentication for Mobile Terminals , 2008, 2008 IEEE International Conference on Communications.

[28]  Marco Gruteser,et al.  Wireless device identification with radiometric signatures , 2008, MobiCom '08.

[29]  Richard Sharp,et al.  Audio networking: the forgotten wireless technology , 2005, IEEE Pervasive Computing.

[30]  Sneha Kumar Kasera,et al.  Robust location distinction using temporal link signatures , 2007, MobiCom '07.

[31]  Ramarathnam Venkatesan,et al.  Dhwani: secure peer-to-peer acoustic NFC , 2013, SIGCOMM.

[32]  Sneha Kumar Kasera,et al.  On Fast and Accurate Detection of Unauthorized Wireless Access Points Using Clock Skews , 2010, IEEE Transactions on Mobile Computing.

[33]  Yunhao Liu,et al.  Context-free Attacks Using Keyboard Acoustic Emanations , 2014, CCS.

[34]  Panlong Yang,et al.  SmokeGrenade: An Efficient Key Generation Protocol With Artificial Interference , 2013, IEEE Transactions on Information Forensics and Security.