Authentication Techniques Based on Physical Layer Attributes

Abstract: Authentication is an indispensable part of information security. It serves to distinguish legitimate users from unauthorized ones. With the rapid growth of Internet of Things (IoT) devices, authentication of wireless communication is gathering more and more attention. Traditional authentication methods using cryptography, such as Hash-based Message Authentication Codes (HMACs) or digital signature, demand significant computational power and hardware resources, especially for low-end platforms. Spoofing attackers take advantage of trust relationships, trying to impersonate legitimate entities the wireless Access Point (AP) trusts. To tackle this issue, physical layer authentication methods are proposed. Using a fast and lightweight implementation, authentication based on physical layer attributes has the chance to improve the security performance of the authentication in the wireless network and protect it from spoofing attacks. It takes advantage of the uniqueness and inimitability of physical layer attributes by using them as identifying information. In this project, one of the physical layer attributes, Channel State Information (CSI), is utilized as the identifying information of devices. CSI samples from different wireless devices are collected by a wireless monitor. Features on amplitude and phase are extracted from raw CSI samples through data processing algorithms. For every device, a corresponding feature profile is pre-built so that authentication can be accomplished by matching the CSI profile. One-Class Support Vector Machine (OCSVM), a machine learning technique, which has a satisfying performance in novel discrimination, is used for profile building and profile matching algorithms so that the physical layer identities from various devices can be distinguished effectively. Our study aims to prove the feasibility of the authentication using CSI identity is conducted and the authentication and spoofer detection accuracy is calculated. With the profile matching algorithm based on OCSVM, the authentication accuracy and the spoofer detection accuracy remains around 98% and 100% respectively. Finally, to address the limitations in related work, such as the phase error fingerprinting which is not effective across all the bands, and the instability of the authentication results, a combined authentication method is designed and implemented successfully. The new method is based on both the traditional cryptographic authentication and CSI-based authentication. The implementation is accomplished by using the data processing methods and discrimination techniques mentioned above. The basic functions, such as detecting CSI variance and switching between CSI and cryptographic authentication, and the CPU computing performance under different authentication modes are observed. The performance of the new method is analyzed and evaluated under different potential attack scenarios. The evaluation shows that the basic functions and defense ability are valid and satisfying under different scenarios. The computing resource saves at least 36.92% and at most 79.73% compared to various traditional cryptographic authentication.