Proactive User Authentication Using WiFi Signals in Dynamic Networks

User authentication is the critical first step of network security to detect identity-based attacks and prevent subsequent malicious attacks. However, the increasingly dynamic mobile environments make it harder to always apply the cryptographic-based methods for user authentication due to their infrastructural and key management overhead. Exploiting non-cryptographic-based techniques grounded on physical layer properties to perform user authentication appears promising. To ensure the security of mobile devices in dynamic networks, we explore to use fine-grained channel state information (CSI), which is available from off-the-shelf WiFi devices, to perform proactive user authentication. We propose a user-authentication framework that has the capability to proactively request CSI and build the user profile resilient to the presence of the spoofer. Our machine learning based user-authentication techniques can distinguish two users even when they possess similar signal fingerprints and detect the existence of the spoofer in dynamic network environments. Extensive experiments in both office and apartment environments show that our framework can remove the effect of signal outliers and achieve higher authentication accuracy compared to existing approaches that use received signal strength (RSS).

[1]  Mohamed Abid,et al.  A lightweight user authentication scheme for Wireless Sensor Networks , 2010, ACS/IEEE International Conference on Computer Systems and Applications - AICCSA 2010.

[2]  Dawn Xiaodong Song,et al.  Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication , 2012, IEEE Transactions on Information Forensics and Security.

[3]  Aggelos Kiayias,et al.  Robust key generation from signal envelopes in wireless networks , 2007, CCS '07.

[4]  Srinivasan Seshan,et al.  802.11 user fingerprinting , 2007, MobiCom '07.

[5]  L. O'Gorman,et al.  Comparing passwords, tokens, and biometrics for user authentication , 2003, Proceedings of the IEEE.

[6]  Eric Horvitz,et al.  LOCADIO: inferring motion and location from Wi-Fi signal strengths , 2004, The First Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services, 2004. MOBIQUITOUS 2004..

[7]  David Wetherall,et al.  Predictable 802.11 packet delivery from wireless channel measurements , 2010, SIGCOMM '10.

[8]  Tzi-cker Chiueh,et al.  Sequence Number-Based MAC Address Spoof Detection , 2005, RAID.

[9]  Richard P. Martin,et al.  Detecting intra-room mobility with signal strength descriptors , 2010, MobiHoc '10.

[10]  Kiran S. Balagani,et al.  Secure privacy-preserving protocols for outsourcing continuous authentication of smartphone users with touch data , 2013, 2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[11]  Richard P. Martin,et al.  DECODE: Exploiting Shadow Fading to DEtect COMoving Wireless DEvices , 2009, IEEE Transactions on Mobile Computing.

[12]  Wade Trappe,et al.  Radio-telepathy: extracting a secret key from an unauthenticated wireless channel , 2008, MobiCom '08.

[13]  Avishai Wool,et al.  Lightweight Key Management for IEEE 802.11 Wireless LANs with Key Refresh and Host Revocation , 2005, Wirel. Networks.

[14]  Rong Zheng,et al.  Device fingerprinting to enhance wireless security using nonparametric Bayesian method , 2011, 2011 Proceedings IEEE INFOCOM.

[15]  Jie Yang,et al.  Detecting Spoofing Attacks in Mobile Wireless Environments , 2009, 2009 6th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks.

[16]  Eyal de Lara,et al.  Ensemble: cooperative proximity-based authentication , 2010, MobiSys '10.

[17]  Wade Trappe,et al.  ProxiMate: proximity-based secure pairing using ambient wireless signals , 2011, MobiSys '11.

[18]  Prasant Mohapatra,et al.  Non-cryptographic authentication and identification in wireless networks [Security and Privacy in Emerging Wireless Networks] , 2010, IEEE Wireless Communications.

[19]  Sneha Kumar Kasera,et al.  On Fast and Accurate Detection of Unauthorized Wireless Access Points Using Clock Skews , 2008, IEEE Transactions on Mobile Computing.

[20]  Prasant Mohapatra,et al.  Identity-based attack detection in mobile wireless networks , 2011, 2011 Proceedings IEEE INFOCOM.

[21]  Xiang-Yang Li,et al.  Rejecting the attack: Source authentication for Wi-Fi management frames using CSI Information , 2012, 2013 Proceedings IEEE INFOCOM.

[22]  T. Kohno,et al.  Remote physical device fingerprinting , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[23]  Jie Wu,et al.  Secure and Efficient Key Management in Mobile Ad Hoc Networks , 2005, IPDPS.

[24]  Marco Gruteser,et al.  Wireless device identification with radiometric signatures , 2008, MobiCom '08.

[25]  José María Sierra,et al.  A light-weight authentication scheme for wireless sensor networks , 2011, Ad Hoc Networks.

[26]  Yan Dong,et al.  PHY-CRAM: Physical Layer Challenge-Response Authentication Mechanism for Wireless Networks , 2013, IEEE Journal on Selected Areas in Communications.

[27]  Jie Yang,et al.  Detection and Localization of Multiple Spoofing Attackers in Wireless Networks , 2013, IEEE Transactions on Parallel and Distributed Systems.

[28]  Richard P. Martin,et al.  Detecting and Localizing Identity-Based Attacks in Wireless and Sensor Networks , 2010, IEEE Transactions on Vehicular Technology.

[29]  Guoliang Xue,et al.  Unobservable Re-authentication for Smartphones , 2013, NDSS.