MIMO-Assisted Channel-Based Authentication in Wireless Networks CISS 2008
Download
Report
Transcript MIMO-Assisted Channel-Based Authentication in Wireless Networks CISS 2008
WIRELESS INFORMATION NETWORK LABORATORY
MIMO-Assisted Channel-Based
Authentication in Wireless Networks
L. Xiao, L. Greenstein, N. Mandayam, W. Trappe
WINLAB, Dept. ECE, Rutgers University
[email protected]
CISS 2008
This work is supported in part by NSF grant CNS-0626439
Outline
Fingerprints in the Ether/channel-based
authentication
How to use the multipath fading to improve security?
MIMO-assisted authentication
Fingerprints in the Ether + MIMO = ?
Simulation results
Conclusions
5/23/2016
2
Benefits of Multipath Fading
• CDMA: Rake processing that transforms multipath into a
diversity-enhancing benefit
• MIMO: Transforms scatter-induced Rayleigh fading into a
capacity-enhancing benefit
• Fingerprints in the Ether: Distinguishes channel
responses of different paths to enhance authentication
Reflector
cluster
AP(Bob)
Internet
Alice
3
Multipath
propagation
Eve 5/23/2016
PHY-based Security Techniques
• Detections of attacks based on the received signal strength:
• Identity-based attacks in wireless networks [Faria-Cheriton 06]
• Sybil attacks in sensor networks [Demirbas-Song 06]
• Spoofing attacks [Chen-Trappe-Martin 07]
• Detections of attack based on the multipath channel information:
• Fingerprints in the Ether: Authentication based on channel frequency
response [Xiao-Greenstein-Mandayam-Trappe 07]
• Location distinction based on channel impulse response [PatawariKasera 07]
• Encryption keys establishment [Wilson-Tse-Scholtz 07]
4
5/23/2016
Fingerprints in the Ether
Fingerprints in the Ether:
In typical indoor environments, the wireless channel
decorrelates rapidly in space
The channel response is hard to predict and to spoof
10
Frequency response
-3
|H(f)|
Loc 1
Loc 2
Loc 3
10
10
5
-4
-5
4.9
4.95
5
f (GHz)
5.05
5.1
5/23/2016
Channel-Based Authentication
Wireless networks are vulnerable to various identity-based
attacks, like spoofing attacks
Huge system overhead if every message is protected by upper-
layer authentication/encryption
Channel-based authentication:
Detect attacks for each message, significantly reducing the
number of calls for upper-layer authentication
Utilize the existing channel estimation mechanism
Low system overhead
Performance in single-antenna systems has been verified
Here we will show the additional gain in MIMO links
6
5/23/2016
Fingerprints + MIMO =?
Eve must use the same number of transmit antennas to spoof Alice
Better channel resolution: Additional dimension of channel estimation
samples provided by MIMO
Less transmit power per antenna: Equal power allocation of pilot symbols
over transmit antennas (without a priori CSI)
Benefits of MIMO techniques:
Diversity gain (tradeoff with Multiplexing gain)
Security gain: More accurate detection of attacks, when replacing SISO with
MIMO
7
5/23/2016
System Model
Alice
HA
Bob
HE
Eve
Alice sent the first message
If Alice is silent, Eve may spoof her by using her identity (e.g.,
MAC address) in the second message
Bob measures, stores and compares channel vectors in consecutive
messages, “Who is the current transmitter, Alice or Eve?”
Spatial variability of multipath propagation: HA HE (with high
probability)
Time-invariant channel: Constant HA
8
5/23/2016
Channel Estimation
Channel estimation based on pilot symbols at M tones
Channel vectors derived from consecutive messages: H1 (Alice)
and H2 (May be Alice, may be Eve)
In NT x NR MIMO systems, both H1 and H2 have MNTNR elements
Inaccurate channel estimation: Hi Hi exp ji Ni
AWGN receiver thermal noise model, N ~ CN(0, 2 I )
Unknown phase measurement drifts
5/23/2016
9
MIMO-Assisted Spoofing Detection
Hypothesis testing:
Test statistic: L
1
2
H0: H1 = H2
H1: H1 H2
No Spoofing
Spoofing!!!
|| H1 H 2 exp jArg H1H 2H ||2
Rejection region of H0 : L > Test threshold, k
Performance criteria
False alarm rate, PFA PH ( L k ) : The probability of calling the
0
upper-layer authentication unnecessarily
Miss rate, Pm PH ( L k ) : The probability of missing the detection of
Eve
1
5/23/2016
10
Performance Summary
Detection Performance
System BW, W
Noise BW, b (NarrowBand)
# of receive antennas, NR
# of transmit antennas, NT
Depends
Transmit power per tone, PT
Frequency sample size, M
11
5/23/2016
Simulation Scenario
Verified in a wireless indoor environment, with 405 spatial samples and
half wavelength (3 cm) spacing for antennas
Frequency response for any T-R path, as FT of the impulse response,
obtained using the Alcatel-Lucent ray-tracing tool WiSE
The received SNR per tone ranges from -16.5 dB to 53.6 dB, with a
median value of 16 dB, when PT=0.1 mW, SISO systems.
Alice & Eve
Bob
5/23/2016
12
Simulation Results -1
The use of more receive antennas is always a benefit, while
the impact of transmit antenna depends
10
0
0.1mW
Average Miss Rate
10
10
10
-1
-2
1mW
-3
# of receive
antennas
N =1
R
10
N =2
-4
R
NR=3
N =4
10
13
R
-5
1
1.5
2
2.5
3
3.5
4
4.5
NT , # of transmit antennas
5
5/23/2016
Simulation Results -2
MIMO security gain rises with
PT, under small M (e.g., M=1);
while decreases with PT, o.w.
With high PT and small M, SISO
14
10
Average Miss Rate
systems have accurate but
insufficient channel response
samples.
With high PT and large M, SISO
systems have performance too
good to be significantly improved.
With low PT , the channel
estimation is inaccurate, and thus
more data are required for a right
decision.
10
-1
SISO
MISO
SIMO
MIMO
0.1 mW
-2
1 mW
10
10
-3
-4
10 mW
10
-5
2
4
6
8
10
12
14
16
M, frequency sample size
Simulation Results -3
The miss rate decreases with the system bandwidth, W
Less-correlated frequency samples=> Better resolution among users
10
0
SISO
MISO
SIMO
MIMO
0.1 mW
Average Miss Rate
10
10
-1
-2
1 mW
10
10
-3
-4
10 mW
10
15
-5
0
5
10
15
20
W (MHz)
25
30
35
40
5/23/2016
Simulation Results -4
The miss rate rises with the measurement noise bandwidth, b, in
narrowband systems
The noise power in the channel estimation is proportional to b
10
Average Miss Rate
10
10
10
10
10
10
16
0
-1
-2
-3
-4
SISO
MISO
SIMO
MIMO
-5
-6
10
0
10
1
Measurement Noise Bandwidth, b (kHz)
10
2
5/23/2016
Conclusion
We proposed a MIMO-assisted channel-based authentication
scheme, and verified its performance in spoofing detection,
using a channel-simulation software
Detection Performance
System BW, W
Noise BW, b (NarrowBand)
# of receive antennas, NR
# of transmit antennas, NT
Depends
Transmit power per tone, PT
Frequency sample size, M
17
5/23/2016
References
[FC06] Faria, et al, “Detecting identity-based attacks in wireless networks using
18
signalprints,” WiSE, 2006
[DS06] Demirbas, et al, “An RSSI-based scheme for sybil attack detection in
wireless sensor networks,” 2006
[CTM07] Chen, et al, “Detecting and localizing wireless spoofing attacks,” 2007
[WTS07] Wilson, et al, “Channel identification: secret sharing using reciprocity
in UWB channels,” 2007
[PK07] Patwari, et al, “ Robust location distinction using temporal link
signatures,” 2007
[XGMT07] Xiao, et al, “Fingerprints in the Ether: Using the physical layer for
wireless authentication,” ICC, 2007
5/23/2016