Real-time Identification of Rogue WiFi Connections Using Environment-Independent Physical Features

WiFi has become a pervasive communication medium in connecting various devices of WLAN and IoT. However, WiFi connections are vulnerable to the impersonation attack from rogue access points (AP) or devices, whose SSID and/or MAC/IP address are identical to the legitimate devices. This kind of attack is difficult to countermeasure with traditional network security mechanisms. In this paper, we present a novel security mechanism to detect and identify rogue WiFi devices or AP using environment-independent characteristics extracted from channel state information (CSI), and refuse their connections. We find that nonlinear phase errors of different subcarriers change with WiFi network interface cards (NIC), due to the I/Q imbalance and imperfect oscillator of each WiFi NIC. Validated by our experiments, this phase feature across subcarriers is consistent and invariant to location and external environment, and can be extracted to build an essential signature of the NIC itself. Such signature of the transmitter can be calculated in real-time by the receiver and cannot be forged by rogue devices. Extensive experiments with dozens of WiFi devices demonstrate that the proposed mechanism can reliably detect the rogue WiFi connections and prevent impersonation in various scenarios. The speed of identification is 8$\times$ faster than that of the state-of-the-art solution. Moreover, the accuracy of rogue connection detection is up to 96% and false alarm rate is shown below 2%.

[1]  Raheem A. Beyah,et al.  Passive classification of wireless NICs during active scanning , 2007, International Journal of Information Security.

[2]  Ingrid Verbauwhede,et al.  PUFKY: A Fully Functional PUF-Based Cryptographic Key Generator , 2012, CHES.

[3]  Shan Chang,et al.  $\pi$ -Splicer: Perceiving Accurate CSI Phases with Commodity WiFi Devices , 2018, IEEE Transactions on Mobile Computing.

[4]  Jingyu Hua,et al.  Accurate and Efficient Wireless Device Fingerprinting Using Channel State Information , 2018, IEEE INFOCOM 2018 - IEEE Conference on Computer Communications.

[5]  Dan Pei,et al.  Why it takes so long to connect to a WiFi access point , 2017, IEEE INFOCOM 2017 - IEEE Conference on Computer Communications.

[6]  Zhichao Cao,et al.  GeneWave: Fast authentication and key agreement on commodity mobile devices , 2017, 2017 IEEE 25th International Conference on Network Protocols (ICNP).

[7]  Marimuthu Palaniswami,et al.  Internet of Things (IoT): A vision, architectural elements, and future directions , 2012, Future Gener. Comput. Syst..

[8]  Wenyuan Xu,et al.  Securing wireless systems via lower layer enforcements , 2006, WiSe '06.

[9]  Murat Demirbas,et al.  An RSSI-based scheme for sybil attack detection in wireless sensor networks , 2006, 2006 International Symposium on a World of Wireless, Mobile and Multimedia Networks(WoWMoM'06).

[10]  Ting Wang,et al.  Analysis on perfect location spoofing attacks using beamforming , 2013, 2013 Proceedings IEEE INFOCOM.

[11]  Marco Gruteser,et al.  Wireless device identification with radiometric signatures , 2008, MobiCom '08.

[12]  Mo Li,et al.  Precise Power Delay Profiling with Commodity Wi-Fi , 2015, IEEE Transactions on Mobile Computing.

[13]  Frank Piessens,et al.  Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 , 2017, CCS.

[14]  Yasuyuki Matsushita,et al.  Detecting State Changes of Indoor Everyday Objects using Wi-Fi Channel State Information , 2017, Proc. ACM Interact. Mob. Wearable Ubiquitous Technol..

[15]  Xue Liu,et al.  Taming the inconsistency of Wi-Fi fingerprints for device-free passive indoor localization , 2017, IEEE INFOCOM 2017 - IEEE Conference on Computer Communications.

[16]  Venkata N. Padmanabhan,et al.  Centaur: locating devices in an office environment , 2012, Mobicom '12.

[17]  Ke Gao,et al.  A passive approach to wireless device fingerprinting , 2010, 2010 IEEE/IFIP International Conference on Dependable Systems & Networks (DSN).

[18]  Qian Zhang,et al.  Proximity based IoT device authentication , 2017, IEEE INFOCOM 2017 - IEEE Conference on Computer Communications.

[19]  Jie Yang,et al.  Practical user authentication leveraging channel state information (CSI) , 2014, AsiaCCS.

[20]  Xiang-Yang Li,et al.  Rejecting the attack: Source authentication for Wi-Fi management frames using CSI Information , 2012, 2013 Proceedings IEEE INFOCOM.

[21]  Yunhao Liu,et al.  From RSSI to CSI , 2013, ACM Comput. Surv..

[22]  Ming Li,et al.  SFIRE: Secret-Free-in-band Trust Establishment for COTS Wireless Devices , 2018, IEEE INFOCOM 2018 - IEEE Conference on Computer Communications.

[23]  Wei Wang,et al.  Keystroke Recognition Using WiFi Signals , 2015, MobiCom.

[24]  Ivan Martinovic,et al.  Using Channel State Information for Tamper Detection in the Internet of Things , 2015, ACSAC 2015.

[25]  Yi Zhou,et al.  Understanding the Mirai Botnet , 2017, USENIX Security Symposium.

[26]  Xiaohui Liang,et al.  When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals , 2016, CCS.