L. Xiao, L. Greenstein, N. Mandayam, W. Trappe

1
MIMO-Assisted Channel-Based Authentication in
Wireless Networks

• L. Xiao, L. Greenstein, N. Mandayam, W. Trappe
• WINLAB, Dept. ECE, Rutgers University
• lxiao_at_winlab.rutgers.edu
• CISS 2008
• This work is supported in part by NSF grant
  CNS-0626439

2
Outline

• Fingerprints in the Ether/channel-based
  authentication
• How to use the multipath fading to improve
  security?
• MIMO-assisted authentication
• Fingerprints in the Ether MIMO ?
• Simulation results
• Conclusions

3
Benefits of Multipath Fading

• CDMA Rake processing that transforms multipath
  into a diversity-enhancing benefit
• MIMO Transforms scatter-induced Rayleigh fading
  into a capacity-enhancing benefit
• Fingerprints in the Ether Distinguishes channel
  responses of different paths to enhance
  authentication

4
PHY-based Security Techniques

• Detections of attacks based on the received
  signal strength
• Identity-based attacks in wireless networks
  Faria-Cheriton 06
• Sybil attacks in sensor networks Demirbas-Song
  06
• Spoofing attacks Chen-Trappe-Martin 07
• Detections of attack based on the multipath
  channel information
• Fingerprints in the Ether Authentication based
  on channel frequency response Xiao-Greenstein-Man
  dayam-Trappe 07
• Location distinction based on channel impulse
  response Patawari-Kasera 07
• Encryption keys establishment Wilson-Tse-Scholtz
  07

5
Fingerprints in the Ether

• Fingerprints in the Ether
• In typical indoor environments, the wireless
  channel decorrelates rapidly in space
• The channel response is hard to predict and to
  spoof

6
Channel-Based Authentication

• Wireless networks are vulnerable to various
  identity-based attacks, like spoofing attacks
• Huge system overhead if every message is
  protected by upper-layer authentication/encryption
  
• Channel-based authentication
• Detect attacks for each message, significantly
  reducing the number of calls for upper-layer
  authentication
• Utilize the existing channel estimation mechanism
• Low system overhead
• Performance in single-antenna systems has been
  verified
• Here we will show the additional gain in MIMO
  links

7
Fingerprints MIMO ?

• Eve must use the same number of transmit antennas
  to spoof Alice
• Better channel resolution Additional dimension
  of channel estimation samples provided by MIMO
• Less transmit power per antenna Equal power
  allocation of pilot symbols over transmit
  antennas (without a priori CSI)
• Benefits of MIMO techniques
• Diversity gain (tradeoff with Multiplexing gain)
• Security gain More accurate detection of
  attacks, when replacing SISO with MIMO

8
System Model
Alice
HA

• Alice sent the first message
• If Alice is silent, Eve may spoof her by using
  her identity (e.g., MAC address) in the second
  message
• Bob measures, stores and compares channel vectors
  in consecutive messages, Who is the current
  transmitter, Alice or Eve?
• Spatial variability of multipath propagation HA
  HE (with high probability)
• Time-invariant channel Constant HA

Bob
HE
Eve
9
Channel Estimation

• Channel estimation based on pilot symbols at M
  tones
• Channel vectors derived from consecutive
  messages H1 (Alice) and H2 (May be Alice, may be
  Eve)
• In NT x NR MIMO systems, both H1 and H2 have
  MNTNR elements
• Inaccurate channel estimation
• AWGN receiver thermal noise model,
• Unknown phase measurement drifts

10
MIMO-Assisted Spoofing Detection

• Hypothesis testing H0 H1 H2
• 
  H1 H1 H2
• Test statistic
• Rejection region of H0 L gt Test threshold, k
• Performance criteria
• False alarm rate, The
  probability of calling the upper-layer
  authentication unnecessarily
• Miss rate, The
  probability of missing the detection of Eve

No Spoofing
Spoofing!!!
11
Performance Summary
12
Simulation Scenario

• Verified in a wireless indoor environment, with
  405 spatial samples and half wavelength (3 cm)
  spacing for antennas
• Frequency response for any T-R path, as FT of the
  impulse response, obtained using the
  Alcatel-Lucent ray-tracing tool WiSE
• The received SNR per tone ranges from -16.5 dB to
  53.6 dB, with a median value of 16 dB, when
  PT0.1 mW, SISO systems.

Alice Eve
Bob
13
Simulation Results -1

• The use of more receive antennas is always a
  benefit, while the impact of transmit antenna
  depends

of receive antennas
, of transmit antennas
14
Simulation Results -2

• MIMO security gain rises with PT, under small M
  (e.g., M1) while decreases with PT, o.w.
• With high PT and small M, SISO systems have
  accurate but insufficient channel response
  samples.
• With high PT and large M, SISO systems have
  performance too good to be significantly
  improved.
• With low PT , the channel estimation is
  inaccurate, and thus more data are required for a
  right decision.

, frequency sample size
15
Simulation Results -3

• The miss rate decreases with the system
  bandwidth, W
• Less-correlated frequency samplesgt Better
  resolution among users

16
Simulation Results -4

• The miss rate rises with the measurement noise
  bandwidth, b, in narrowband systems
• The noise power in the channel estimation is
  proportional to b

17
Conclusion

• We proposed a MIMO-assisted channel-based
  authentication scheme, and verified its
  performance in spoofing detection, using a
  channel-simulation software

18
References

• FC06 Faria, et al, Detecting identity-based
  attacks in wireless networks using signalprints,
  WiSE, 2006
• DS06 Demirbas, et al, An RSSI-based scheme for
  sybil attack detection in wireless sensor
  networks, 2006
• CTM07 Chen, et al, Detecting and localizing
  wireless spoofing attacks, 2007
• WTS07 Wilson, et al, Channel identification
  secret sharing using reciprocity in UWB
  channels, 2007
• PK07 Patwari, et al, Robust location
  distinction using temporal link signatures, 2007
• XGMT07 Xiao, et al, Fingerprints in the Ether
  Using the physical layer for wireless
  authentication, ICC, 2007