Fingerprints in the Ether: Using the Physical Layer for Wireless Authentication

1
Fingerprints in the Ether Using the Physical
Layer for Wireless Authentication

• L. Xiao, L. Greenstein, N. Mandayam, W. Trappe
• ICC 2007
• Glasgow, Scotland
• This work is supported in part by NSF grant
  CNS-0626439

2
Outline

• Motivation Main Idea
• System Model Hypothesis Test
• Simulation Results
• Conclusion Future Work

3
Motivation

• Wireless networks more exposed to security
  problems
• Spoofing attacks
• Passive eavesdropping
• DoS attacks
• And more

4
Main Idea Fingerprints in the Ether

• Fingerprints Distinguishes channel responses
  of different paths to enhance authentication
• Other examples that benefit from multipath
  fading
• CDMA Rake processing that transforms multipath
  into a diversity-enhancing benefit
• MIMO Transforms scatter-induced Rayleigh fading
  into a capacity-enhancing benefit

5
Main Idea Fingerprints in the Ether

• Typical indoor wireless channel is a frequency
  selective channel with spatial variability
• The channel response can be hard to predict and
  to spoof

6
PHY-Authentication Scenario
TIME 0
Bob estimates channel response HAB from
Alice at time 0
Bob
HAB
Alice
Probe Signal u(.)
7
PHY-Authentication Scenario (Cont.)
TIME t
Case 1 Alice is still transmitting.
Bob estimates Ht at time t, and compares
with HAB
Bob
Ht HAB
Eve
Alice
Probe Signal
Desired result Bob accepts the transmission.
8
PHY-Authentication Scenario (Cont.)
Case 2 Eve is transmitting, pretending to be
Alice.
TIME t
Bob estimates Ht at time t, and compares
with HAB
Bob
Ht HEB
Probe Signal
Alice
Eve
Desired result Bob rejects the transmission.
9
Channel Model

• Time-invariant channel (no terminal motion or
  other changes)
• M measurement samples (tones) in the frequency
  domain with bandwidth W and center frequency f0

10
Hypothesis Testing

• Simple Hypothesis
• H0
• H1
• Test Statistic
• Solution for
• Rejection region of H0

11
Hypothesis Analysis

• Null Hypothesis H0
• Alternative Hypothesis H1

12
Detection Metrics

• False Alarm Rate,
• Threshold for given
• Miss Rate,

CDF of chi-square distribution
13
Simulation Scenario

• Wireless Indoor environment
• Frequency response for any T-R path obtained as
  FT of the impulse response
• Impulse response obtained using the
  Alcatel-Lucent ray-tracing tool WiSE
• Eve in the same room as Alice
• 348347/260,378 Alice-Eve pairs in Room 1
• 150149/211,175 Alice-Eve pairs in Room 2

14
Simulation Assumptions

• Default false alarm rate,
• Receiver noise power

15
Average Miss Rate,ß (a0.01)

M5
W 100 MHz
Room 1
16
Average Miss Rate,ß (a0.01)

M5
W 100 MHz
Room 2
17
Conclusion Future Work

• We proposed a PHY-layer authentication scheme
• Channel frequency response measurement and
  hypothesis testing are used to discriminate
  between a legitimate user and a would-be intruder
• Verified using a ray-tracing tool (WiSE) for
  indoor environment
• Works well, requiring reasonable values of the
  measurement bandwidth (e.g., W gt 10 MHz), number
  of response samples (e.g., M 5) and transmit
  power (e.g., PT 100 mW)
• Ongoing and future work
• Other buildings
• Temporal changes (environment and terminal
  mobility)
• Testing via measurements
• Combining with existing higher-layer security
  protocols

18

• Thank you!
• Questions?