MIMO-Assisted Channel-Based Authentication in Wireless Networks CISS 2008

Download Report

Transcript MIMO-Assisted Channel-Based Authentication in Wireless Networks CISS 2008 

WIRELESS INFORMATION NETWORK LABORATORY
MIMO-Assisted Channel-Based
Authentication in Wireless Networks
L. Xiao, L. Greenstein, N. Mandayam, W. Trappe
WINLAB, Dept. ECE, Rutgers University
[email protected]
CISS 2008
This work is supported in part by NSF grant CNS-0626439
Outline
 Fingerprints in the Ether/channel-based
authentication
 How to use the multipath fading to improve security?
 MIMO-assisted authentication
 Fingerprints in the Ether + MIMO = ?
 Simulation results
 Conclusions
5/23/2016
2
Benefits of Multipath Fading
• CDMA: Rake processing that transforms multipath into a
diversity-enhancing benefit
• MIMO: Transforms scatter-induced Rayleigh fading into a
capacity-enhancing benefit
• Fingerprints in the Ether: Distinguishes channel
responses of different paths to enhance authentication
Reflector
cluster
AP(Bob)
Internet
Alice
3
Multipath
propagation
Eve 5/23/2016
PHY-based Security Techniques
• Detections of attacks based on the received signal strength:
• Identity-based attacks in wireless networks [Faria-Cheriton 06]
• Sybil attacks in sensor networks [Demirbas-Song 06]
• Spoofing attacks [Chen-Trappe-Martin 07]
• Detections of attack based on the multipath channel information:
• Fingerprints in the Ether: Authentication based on channel frequency
response [Xiao-Greenstein-Mandayam-Trappe 07]
• Location distinction based on channel impulse response [PatawariKasera 07]
• Encryption keys establishment [Wilson-Tse-Scholtz 07]
4
5/23/2016
Fingerprints in the Ether
 Fingerprints in the Ether:
 In typical indoor environments, the wireless channel
decorrelates rapidly in space
 The channel response is hard to predict and to spoof
10
Frequency response
-3
|H(f)|
Loc 1
Loc 2
Loc 3
10
10
5
-4
-5
4.9
4.95
5
f (GHz)
5.05
5.1
5/23/2016
Channel-Based Authentication
 Wireless networks are vulnerable to various identity-based
attacks, like spoofing attacks
 Huge system overhead if every message is protected by upper-
layer authentication/encryption
 Channel-based authentication:
 Detect attacks for each message, significantly reducing the
number of calls for upper-layer authentication
 Utilize the existing channel estimation mechanism
 Low system overhead
 Performance in single-antenna systems has been verified
 Here we will show the additional gain in MIMO links
6
5/23/2016
Fingerprints + MIMO =?
 Eve must use the same number of transmit antennas to spoof Alice
 Better channel resolution: Additional dimension of channel estimation
samples provided by MIMO
 Less transmit power per antenna: Equal power allocation of pilot symbols
over transmit antennas (without a priori CSI)
 Benefits of MIMO techniques:
 Diversity gain (tradeoff with Multiplexing gain)
 Security gain: More accurate detection of attacks, when replacing SISO with
MIMO
7
5/23/2016
System Model
Alice
HA
Bob
HE
Eve
 Alice sent the first message
 If Alice is silent, Eve may spoof her by using her identity (e.g.,
MAC address) in the second message
 Bob measures, stores and compares channel vectors in consecutive
messages, “Who is the current transmitter, Alice or Eve?”
 Spatial variability of multipath propagation: HA  HE (with high
probability)
 Time-invariant channel: Constant HA
8
5/23/2016
Channel Estimation
 Channel estimation based on pilot symbols at M tones
 Channel vectors derived from consecutive messages: H1 (Alice)
and H2 (May be Alice, may be Eve)
 In NT x NR MIMO systems, both H1 and H2 have MNTNR elements
 Inaccurate channel estimation: Hi  Hi exp  ji   Ni
 AWGN receiver thermal noise model, N ~ CN(0,  2 I )
 Unknown phase measurement drifts
5/23/2016
9
MIMO-Assisted Spoofing Detection
 Hypothesis testing:
 Test statistic: L 
1
2
H0: H1 = H2
H1: H1  H2

No Spoofing
Spoofing!!!

|| H1  H 2 exp jArg  H1H 2H  ||2
 Rejection region of H0 : L > Test threshold, k
 Performance criteria
 False alarm rate, PFA  PH ( L  k ) : The probability of calling the
0
upper-layer authentication unnecessarily
 Miss rate, Pm  PH ( L  k ) : The probability of missing the detection of
Eve
1
5/23/2016
10
Performance Summary
Detection Performance
System BW, W
Noise BW, b (NarrowBand)
# of receive antennas, NR
# of transmit antennas, NT
Depends
Transmit power per tone, PT
Frequency sample size, M
11
5/23/2016
Simulation Scenario
 Verified in a wireless indoor environment, with 405 spatial samples and
half wavelength (3 cm) spacing for antennas
 Frequency response for any T-R path, as FT of the impulse response,
obtained using the Alcatel-Lucent ray-tracing tool WiSE
 The received SNR per tone ranges from -16.5 dB to 53.6 dB, with a
median value of 16 dB, when PT=0.1 mW, SISO systems.
Alice & Eve
Bob
5/23/2016
12
Simulation Results -1
 The use of more receive antennas is always a benefit, while
the impact of transmit antenna depends
10
0
0.1mW
Average Miss Rate
10
10
10
-1
-2
1mW
-3
# of receive
antennas
N =1
R
10
N =2
-4
R
NR=3
N =4
10
13
R
-5
1
1.5
2
2.5
3
3.5
4
4.5
NT , # of transmit antennas
5
5/23/2016
Simulation Results -2
 MIMO security gain rises with
PT, under small M (e.g., M=1);
while decreases with PT, o.w.
 With high PT and small M, SISO
14
10
Average Miss Rate
systems have accurate but
insufficient channel response
samples.
 With high PT and large M, SISO
systems have performance too
good to be significantly improved.
 With low PT , the channel
estimation is inaccurate, and thus
more data are required for a right
decision.
10
-1
SISO
MISO
SIMO
MIMO
0.1 mW
-2
1 mW
10
10
-3
-4
10 mW
10
-5
2
4
6
8
10
12
14
16
M, frequency sample size
Simulation Results -3
 The miss rate decreases with the system bandwidth, W
 Less-correlated frequency samples=> Better resolution among users
10
0
SISO
MISO
SIMO
MIMO
0.1 mW
Average Miss Rate
10
10
-1
-2
1 mW
10
10
-3
-4
10 mW
10
15
-5
0
5
10
15
20
W (MHz)
25
30
35
40
5/23/2016
Simulation Results -4
 The miss rate rises with the measurement noise bandwidth, b, in
narrowband systems
 The noise power in the channel estimation is proportional to b
10
Average Miss Rate
10
10
10
10
10
10
16
0
-1
-2
-3
-4
SISO
MISO
SIMO
MIMO
-5
-6
10
0
10
1
Measurement Noise Bandwidth, b (kHz)
10
2
5/23/2016
Conclusion
We proposed a MIMO-assisted channel-based authentication
scheme, and verified its performance in spoofing detection,
using a channel-simulation software
Detection Performance
System BW, W
Noise BW, b (NarrowBand)
# of receive antennas, NR
# of transmit antennas, NT
Depends
Transmit power per tone, PT
Frequency sample size, M
17
5/23/2016
References
 [FC06] Faria, et al, “Detecting identity-based attacks in wireless networks using





18
signalprints,” WiSE, 2006
[DS06] Demirbas, et al, “An RSSI-based scheme for sybil attack detection in
wireless sensor networks,” 2006
[CTM07] Chen, et al, “Detecting and localizing wireless spoofing attacks,” 2007
[WTS07] Wilson, et al, “Channel identification: secret sharing using reciprocity
in UWB channels,” 2007
[PK07] Patwari, et al, “ Robust location distinction using temporal link
signatures,” 2007
[XGMT07] Xiao, et al, “Fingerprints in the Ether: Using the physical layer for
wireless authentication,” ICC, 2007
5/23/2016