fingerprints in the ether: physical layer authentication
TRANSCRIPT
Fingerprints in the Ether: Physical Layer Authentication
Liang XiaoAdvisors: Prof. L. Greenstein, Prof. N. Mandayam and Prof. W. Trappe
IAB 2007
WIRELESS INFORMATION NETWORK LABORATORY
25/21/2007
Outline
Motivation & Main IdeaSystem Model & Hypothesis TestSimulation & Results
Time-Invariant Channel with Receiver Thermal NoiseTime-Variant Channel with Background Changes
Conclusion & Future Work
WIRELESS INFORMATION NETWORK LABORATORY
35/21/2007
Wireless networks more “exposed”to security problems:•Spoofing attacks•Passive eavesdropping•DoS attacks•And more…
Motivation
45/21/2007
Security ProtocolsQ1: Can we use the physical layer information to enhance security?A1: Yes, as we will seeQ2: What is the value added?A2: My graduation depends on finding out …
55/21/2007
“Fingerprints”: Distinguishes channel responses of different paths to enhance authentication
Other examples that benefit from multipath fading:CDMA: Rake processing that transforms multipath into a diversity-enhancing benefitMIMO: Transforms scatter-induced Rayleigh fading into a capacity-enhancing benefit
Main Idea: Fingerprints in the Ether
65/21/2007
Fingerprints in the Ether (Cont.)The channel frequency response in the indoor environments
Frequency selective with spatial variabilityRapidly decorrelates with distance: hard to predict and to spoof
Top View of Alcatel-Lucent’s Crawford Hill Laboratory, Holmdel, NJ
75/21/2007
PHY-Authentication Scenario
Alice
Bob
Bob estimates channel response HAB from Alice at time 0
TIME: 0
Probe Signal u(.)
HAB
• Narrow Pulset
u(t)
• Pilot Tones
85/21/2007
PHY-Authentication Scenario (Cont.)
Alice
BobBob estimates Ht at time t, and compares with HAB
TIME: t
Probe Signal
Ht = HAB
Case 1: Alice is still transmitting.
Eve
Desired result: Bob accepts the transmission.
95/21/2007
PHY-Authentication Scenario (Cont.)
Alice
BobBob estimates Ht at time t, and compares with HAB
TIME: t
Probe SignalHt = HEB
Case 2: Eve is transmitting, pretending to be Alice.
Eve
Desired result: Bob rejects the transmission.
105/21/2007
Sample frequency response at M frequenciesTwo complex frequency response vectors
Simple Hypothesis: H0:H1:
Test Statistic:Phase measurement error due to changes of receiver local oscillator
Channel measurement assumed to be noisy
22
1min || ||jA tZ H H e θ
θ σ= −
PHY-Authentication Via Hypothesis Test
t AB
t AB
H HH H
=≠
1 2
? 1 ? 2 ?
[ (0, ), (0, ),..., (0, )]
[ ( , ), ( , ),..., ( , )]
TAB AB AB AB M
Tt M
H H f H f H f
H H t f H t f H t f
=
=
115/21/2007
Rejection region of H0 :Detection Metrics
False Alarm Rate, Miss Rate,
Threshold is chosen to satisfy
Hypothesis Test (Cont.)
0( )HP Zα = > Γ
1( )HP Zβ = ≤ Γ
Z > Γ
0( )HP Z α> Γ =
Γ
125/21/2007
SimulationUse ray-tracing tool WiSE (Wireless System Engineering) to generate channel responses for specified real environmentsEve in the same room as Alice348*347/2=60,378 Alice-Eve pairs
135/21/2007
Case 1: Time-Invariant ChannelAverage miss rate , for required false alarm rate
1α =
Room # 1Sample Size (M)=5 Bandwidth (W) = 100 MHz
β 0.01α =
145/21/2007
Case 2: Time-Variant ChannelChannel response
Tap-delay model for the inverse Fourier transform of Single-sided exponential model as power delay profileAR-1 Model for the time correlation
W=10 MHz, M=10
More time variation
( , ) ( ) ( , )AB AB ABH t f H f t fε= +( , )AB t fε
Time variation is negligibleTime variation helpsTime variation is so big that it hurts Thermal noise is negligible
155/21/2007
Conclusion & Future WorkWe proposed a PHY-layer authentication scheme
Channel frequency response measurement and hypothesis testing are used to discriminate between a legitimate user and awould-be intruderVerified using a ray-tracing tool (WiSE) for indoor environmentWorks well, requiring reasonable values of the measurement bandwidth (e.g., W > 10 MHz), number of response samples (e.g., M ≤ 5) and transmit power (e.g., PT ~ 100 mW)Channel time-variations can improve the performance
Ongoing work:Cross-layer framework for security: protocol designTerminal mobilityMeasurements
165/21/2007
Thank you!
Questions?
175/21/2007
References[1] L. Xiao, L. Greenstein, N. Mandayam, W. Trappe, “Fingerprints in
the either: using the physical layer for wireless authentication,” IEEE ICC’ 2007, to appear.
[2] L. Xiao, L. Greenstein, N. Mandayam, W. Trappe, “ Using the physical layer for wireless authentication in time-invariant channels,”submitted to IEEE Trans. On Wireless Communications, 2007.