Title: Fingerprints in the Ether: Using the Physical Layer for Wireless Authentication
1Fingerprints in the Ether Using the Physical
Layer for Wireless Authentication
- L. Xiao, L. Greenstein, N. Mandayam, W. Trappe
- ICC 2007
- Glasgow, Scotland
- This work is supported in part by NSF grant
CNS-0626439
2Outline
- Motivation Main Idea
- System Model Hypothesis Test
- Simulation Results
- Conclusion Future Work
3Motivation
- Wireless networks more exposed to security
problems - Spoofing attacks
- Passive eavesdropping
- DoS attacks
- And more
4Main Idea Fingerprints in the Ether
- Fingerprints Distinguishes channel responses
of different paths to enhance authentication - Other examples that benefit from multipath
fading - CDMA Rake processing that transforms multipath
into a diversity-enhancing benefit - MIMO Transforms scatter-induced Rayleigh fading
into a capacity-enhancing benefit
5Main Idea Fingerprints in the Ether
- Typical indoor wireless channel is a frequency
selective channel with spatial variability - The channel response can be hard to predict and
to spoof
6PHY-Authentication Scenario
TIME 0
Bob estimates channel response HAB from
Alice at time 0
Bob
HAB
Alice
Probe Signal u(.)
7PHY-Authentication Scenario (Cont.)
TIME t
Case 1 Alice is still transmitting.
Bob estimates Ht at time t, and compares
with HAB
Bob
Ht HAB
Eve
Alice
Probe Signal
Desired result Bob accepts the transmission.
8PHY-Authentication Scenario (Cont.)
Case 2 Eve is transmitting, pretending to be
Alice.
TIME t
Bob estimates Ht at time t, and compares
with HAB
Bob
Ht HEB
Probe Signal
Alice
Eve
Desired result Bob rejects the transmission.
9Channel Model
- Time-invariant channel (no terminal motion or
other changes) - M measurement samples (tones) in the frequency
domain with bandwidth W and center frequency f0
10Hypothesis Testing
- Simple Hypothesis
- H0
- H1
- Test Statistic
- Solution for
- Rejection region of H0
11Hypothesis Analysis
- Null Hypothesis H0
-
- Alternative Hypothesis H1
12Detection Metrics
- False Alarm Rate,
- Threshold for given
- Miss Rate,
CDF of chi-square distribution
13Simulation Scenario
- Wireless Indoor environment
- Frequency response for any T-R path obtained as
FT of the impulse response - Impulse response obtained using the
Alcatel-Lucent ray-tracing tool WiSE - Eve in the same room as Alice
- 348347/260,378 Alice-Eve pairs in Room 1
- 150149/211,175 Alice-Eve pairs in Room 2
14Simulation Assumptions
- Default false alarm rate,
- Receiver noise power
15Average Miss Rate,ß (a0.01)
M5
W 100 MHz
Room 1
16Average Miss Rate,ß (a0.01)
M5
W 100 MHz
Room 2
17Conclusion Future Work
- We proposed a PHY-layer authentication scheme
- Channel frequency response measurement and
hypothesis testing are used to discriminate
between a legitimate user and a would-be intruder - Verified using a ray-tracing tool (WiSE) for
indoor environment - Works well, requiring reasonable values of the
measurement bandwidth (e.g., W gt 10 MHz), number
of response samples (e.g., M 5) and transmit
power (e.g., PT 100 mW) - Ongoing and future work
- Other buildings
- Temporal changes (environment and terminal
mobility) - Testing via measurements
- Combining with existing higher-layer security
protocols
18