1 / 16

A Physical-Layer Technique to Enhance Authentication for Mobile Terminals

A Physical-Layer Technique to Enhance Authentication for Mobile Terminals. L. Xiao, L. Greenstein, N. Mandayam, W. Trappe WINLAB, Dept. ECE, Rutgers University lxiao@winlab.rutgers.edu ICC 2008 This work is supported in part by NSF grant CNS-0626439. Outline. Channel-based authentication

heba
Download Presentation

A Physical-Layer Technique to Enhance Authentication for Mobile Terminals

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Physical-Layer Technique to Enhance Authentication for Mobile Terminals L. Xiao, L. Greenstein, N. Mandayam, W. Trappe WINLAB, Dept. ECE, Rutgers University lxiao@winlab.rutgers.edu ICC 2008 This work is supported in part by NSF grant CNS-0626439

  2. Outline • Channel-based authentication • Challenge: Terminal mobility • Enhanced channel-based authentication • Inter-burst authentication • Intra-burst authentication • Simulation results • Conclusion

  3. PHY-based Security Techniques

  4. Benefits of Multipath Fading • CDMA: Rake processing that transforms multipath into a diversity-enhancing benefit • MIMO: Transforms scatter-induced Rayleigh fading into a capacity-enhancing benefit • Fingerprints in the Ether: Distinguishes channel responses of different paths to enhance authentication

  5. Fingerprints in the Ether • Fingerprints in the Ether: • In typical indoor environments, the wireless channel decorrelates rapidly in space • The channel response is hard to predict and to spoof Top View of Alcatel-Lucent’s Crawford Hill Laboratory, Holmdel, NJ

  6. Channel-Based Authentication • Wireless networks are vulnerable to various identity-based attacks, like spoofing attacks • System overhead can be large if every message is protected by upper-layer authentication/encryption • Channel-based authentication: • Detect attacks for each message, significantly reducing the number of calls for upper-layer authentication • Works well under time-invariant channels and stationary terminals in spoofing detection

  7. System Model • Multicarrier systems, e.g., OFDM • Also applies to single-carrier systems • Each burst contains multiple frames • Each frame (with duration of T) contains pilot symbols at M subbands • Reuse the existing channel estimation mechanism Data transmission

  8. Alice-Bob-Eve Model Alice HA • Alice sent the first message • If Alice is silent, Eve may spoof her by using her identity (e.g., MAC address) in the second message • Bob measures, stores and compares channel vectors in consecutive messages, “Who is the current transmitter, Alice or Eve?” • Spatial variability of multipath propagation: HA HE (with high probability) • Time-invariant channel: Constant HA Bob HE Eve

  9. Challenge: What If Alice Moves? • Channel response, HA, changes quickly as Alice moves • Alice may be mistakenly regarded as Eve • Larger false alarm rate • Larger channel variation, for larger r (displacement of Alice during one frame) • Performance worsened by large intervals between data bursts HA H’A r Bob Alice Alice

  10. Inter-Burst Authentication • To solve the problem of large channel time variations due to long inter-burst intervals • Authentication of the first frames in data bursts • Key generation at Alice • Based on the channel response at a specified frame in the previous data burst • Feedback from the receiver • Channel measurement in the TDD system

  11. Intra-Burst Authentication • Authentication of the following frames in data bursts • Based on channel vectors (each with Melements) from channel estimation at M tones in consecutive frames • HA (k-1), HA (k-2), … (Alice) • Ht (k) (Maybe Alice, maybe Eve) • Channel model • Receiver thermal noise, AWGN • Phase measurement drifts

  12. Intra-Burst Authentication -2 • Hypothesis testing: H0: H1: • Test statistic: • Rejection region of H0 : • False alarm rate, • Miss rate, No Spoofing Spoofing!!!

  13. Intra-Burst Authentication -3 • Neyman-Pearson test-based scheme: • Given , Eve has much larger uncertainty of the channel response than Alice, at time k • Test statistic: • Recursive least-squares (RLS) adaptive filters-based scheme: • M parallel independent RLS filters for channel estimation • Eve usually leads to larger RLS estimation error than Alice • Test statistic: • Larger system overhead: Ensure the previous 3L frames all came from Alice

  14. Simulation Scenario • Transmitter mobility in wireless Indoor environment • Frequency response at 4.75, 5.0, and 5.25 GHz, for any T-R path, as FT of the impulse response, obtained using the Alcatel-Lucent ray-tracing tool WiSE • Consider NE=1000 locations of Eve, NA=50 traces of Alice, each with Nx=100 frames. In each scenario, Nn=5 i.i.d. complex Gaussian thermal noise is generated.

  15. Simulation Results • NP-based statistic has good performance if r<5 mm, corresponding to transmitter velocity of 1.43 mps, with frame duration of 3.5 ms • Adaptive filter-based statistic is less robust than NP-based scheme to terminal mobility Alice moves faster Alice moves faster NP-based RLS-based

  16. Conclusion • We proposed an enhanced PHY-layer authentication scheme • Inter-burst authentication: Channel response in previous burst is used as the key for the authentication of the first frame in the data burst • Intra-burst authentication: NP-based test vs. RLS adaptive filter based scheme • Verified using a ray-tracing tool (WiSE) for indoor environments • NP-based test is more robust against terminal mobility, and more efficient in terms of system overhead and implementation complexity • It correctly detects 96% of spoofing attacks, while reduces unnecessary calls of upper-layer authentications by 94%, with transmitters moving at a typical pedestrian speed (1.43 mps), and frame duration of 3.5 ms.

More Related