Abstract
The intrinsic hardware imperfection of WiFi chipsets manifests itself in the transmitted signal, leading to a unique radiometric fingerprint. This fingerprint can be used as an additional means of authentication to enhance security. In fact, recent works propose practical fingerprinting solutions that can be readily implemented in commercial-off-the-shelf devices. In this paper, we prove analytically and experimentally that these solutions are highly vulnerable to impersonation attacks. We also demonstrate that such a unique device-based signature can be abused to violate privacy by tracking the user device, and, as of today, users do not have any means to prevent such privacy attacks other than turning off the device. We propose RF-Veil, a radiometric fingerprinting solution that not only is robust against impersonation attacks but also protects user privacy by obfuscating the radiometric fingerprint of the transmitter for non-legitimate receivers. Specifically, we introduce a randomized pattern of phase errors to the transmitted signal such that only the intended receiver can extract the original fingerprint of the transmitter. In a series of experiments and analyses, we expose the vulnerability of adopting naive randomization to statistical attacks and introduce countermeasures. Finally, we show the efficacy of RF-Veil experimentally in protecting user privacy and enhancing security. More importantly, our proposed solution allows communicating with other devices, which do not employ RF-Veil.
- Luis F. Abanto-Leon, Gek Hong (Allyson) Sim, Matthias Hollick, Amnart Boonkajay, and Fumiyuki Adachi. 2020. SWAN: Swarm-Based Low-Complexity Scheme for PAPR Reduction. In IEEE GLOBECOM . 1--7.Google Scholar
- Chrisil Arackaparambil, Sergey Bratus, Anna Shubina, and David Kotz. 2010. On the Reliability of Wireless Fingerprinting using Clock Skews. In ACM WiSec . 169--174. Google Scholar
Digital Library
- Mihir Bellare and Tadayoshi Kohno. 2004. Hash function balance and its impact on birthday attacks. In International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 401--418.Google Scholar
Cross Ref
- Sergey Bratus, Cory Cornelius, David Kotz, and Daniel Peebles. 2008. Active Behavioral Fingerprinting of Wireless Devices. In ACM WiSec. 56--61. Google Scholar
Digital Library
- Vladimir Brik, Suman Banerjee, Marco Gruteser, and Sangho Oh. 2008. Wireless Device Identification with Radiometric Signatures. In ACM MobiCom . 116--127. Google Scholar
Digital Library
- Johnny Cache. 2006. Fingerprinting 802.11 Devices. Ph.D. Dissertation. Naval Postgraduate School.Google Scholar
- Milos Cermak, Stefan Svorencik, Robert Lipovsky, and Ondrej Kubovic. 2020. KR00K - CVE-2019--15126. Technical Report. ESET.Google Scholar
- Marco Cominelli, Felix Kosterhon, Francesco Gringoli, Renato Lo Cigno, and Arash Asadi. 2020. An Experimental Study of CSI Management to Preserve Location Privacy. In ACM WiNTECH . 64--71. Google Scholar
Digital Library
- Cherita L Corbett, Raheem A Beyah, and John A Copeland. 2008. Passive Classification of Wireless NICs during Active Scanning . International Journal of Information Security , Vol. 7, 5 (2008), 335--348. Google Scholar
Digital Library
- A. N. D'Andrea, U. Mengali, and R. Reggiannini. 1994. The Modified Cramer-Rao Bound and its Application to Synchronization Problems . IEEE Transactions on Communications , Vol. 42, 234 (Feb 1994), 1391--1399.Google Scholar
Cross Ref
- Boris Danev and Srdjan Capkun. 2009. Transient-based Identification of Wireless Sensor Nodes. In ACM IPSN. 25--36. Google Scholar
Digital Library
- Scott Fluhrer, Itsik Mantin, and Adi Shamir. 2001. Weaknesses in the Key Scheduling Algorithm of RC4. In SAC. Springer Berlin Heidelberg, 1--24. Google Scholar
Digital Library
- Robert M. Gray. 2006. Toeplitz and Circulant Matrices: A Review . Foundations and Trends® in Communications and Information Theory , Vol. 2, 3 (2006), 155--239. https://doi.org/10.1561/0100000006 Google Scholar
Digital Library
- Francesco Gringoli, Matthias Schulz, Jakob Link, and Matthias Hollick. 2019. Free Your CSI: A Channel State Information Extraction Platform For Modern Wi-Fi Chipsets. In ACM WiNTECH. 21--28. Google Scholar
Digital Library
- Marco Gruteser and Dirk Grunwald. 2005. Enhancing Location Privacy in Wireless LAN through Disposable Interface Identifiers: A Quantitative Analysis . Mobile Networks and Applications , Vol. 10, 3 (2005), 315--325. Google Scholar
Digital Library
- Jeyanthi Hall, Michel Barbeau, and Evangelos Kranakis. 2004. Enhancing intrusion detection in wireless networks using radio frequency fingerprinting . ICCIIT, 1--6.Google Scholar
- Daniel Halperin, Wenjun Hu, Anmol Sheth, and David Wetherall. 2011. Tool Release: Gathering 802.11 n Traces with Channel State Information . ACM SIGCOMM , Vol. 41, 1 (Jan 2011), 53--53. Google Scholar
Digital Library
- Jingyu Hua, Hongyi Sun, Zhenyu Shen, Zhiyun Qian, and Sheng Zhong. 2018. Accurate and Efficient Wireless Device Fingerprinting Using Channel State Information. In IEEE INFOCOM. 1700--1708.Google Scholar
- Jafar Haadi Jafarian, Amirreza Niakanlahiji, Ehab Al-Shaer, and Qi Duan. 2016. Multi-Dimensional Host Identity Anonymization for Defeating Skilled Attackers. In Proceedings of the 2016 ACM Workshop on Moving Target Defense. 47--58. Google Scholar
Digital Library
- Steven M. Kay. 1993. Fundamentals of Statistical Signal Processing, Volume I: Estimation Theory. Prentice Hall. Google Scholar
Digital Library
- Guyue Li, Jiabao Yu, Yuexiu Xing, and Aiqun Hu. 2019. Location-Invariant Physical Layer Identification Approach for WiFi Devices . IEEE Access , Vol. 7 (Aug 2019), 106974--106986.Google Scholar
Cross Ref
- Hongbo Liu, Yang Wang, Jie Yang, and Yingying Chen. 2013. Fast and Practical Secret Key Extraction by Exploiting Channel Response. In IEEE INFOCOM . 3048--3056.Google Scholar
- P. Liu, P. Yang , W. Song, Y. Yan, and X. Li. 2019. Real-time Identification of Rogue WiFi Connections Using Environment-Independent Physical Features. In IEEE INFOCOM. 190--198.Google Scholar
- R. Miller and C. B. Chang. 1978. A modified Cramér-Rao bound and its applications (Corresp.) . IEEE Transactions on Information Theory , Vol. 24, 3 (May 1978), 398--400. Google Scholar
Digital Library
- Sangho Oh, Tam Vu, Marco Gruteser, and Suman Banerjee. 2012. Phantom: Physical Layer Cooperation for Location Privacy Protection. In IEEE INFOCOM . 3061--3065.Google Scholar
- Yue Qiao, Ouyang Zhang, Wenjie Zhou, Kannan Srinivasan, and Anish Arora. 2016. PhyCloak: Obfuscating Sensing from Communication Signals. In USENIX NSDI . 685--699. Google Scholar
Digital Library
- Hanif Rahbari and Marwan Krunz. 2014. Friendly CryptoJam: A Mechanism for Securing Physical-layer Attributes. In Proceedings of the 2014 ACM conference on Security and privacy in wireless & mobile networks . 129--140. Google Scholar
Digital Library
- Hanif Rahbari and Marwan Krunz. 2015a. Secrecy Beyond Encryption: Obfuscating Transmission Signatures in Wireless Communications . IEEE Communications Magazine , Vol. 53, 12 (2015), 54--60.Google Scholar
Cross Ref
- Hanif Rahbari and Marwan Krunz. 2015b. Secrecy beyond encryption: obfuscating transmission signatures in wireless communications. IEEE Communications Magazine , Vol. 53, 12 (2015), 54--60.Google Scholar
Cross Ref
- Kasper Bonne Rasmussen and Srdjan Capkun. 2007. Implications of Radio Fingerprinting on the Security of Sensor Networks. In EAI SecureComm . 331--340.Google Scholar
- Pieter Robyns, Bram Bonné, Peter Quax, and Wim Lamotte. 2017. Noncooperative 802.11 MAC Layer Fingerprinting and Tracking of Mobile Devices . Security and Communication Networks (2017).Google Scholar
- T M Schmidl and D C Cox. 1997. Robust frequency and timing synchronization for OFDM . IEEE Transactions on Communications , Vol. 45, 12 (1997), 1613--1621.Google Scholar
Cross Ref
- Matthias Schulz, Jakob Link, Francesco Gringoli, and Matthias Hollick. 2018. Shadow Wi-Fi: Teaching Smartphones to Transmit Raw Signals and to Extract Channel State Information to Implement Practical Covert Channels over Wi-Fi . (Jun 2018), 256--268. Google Scholar
Digital Library
- Matthias Schulz, Daniel Wegemer, and Matthias Hollick. 2017. Nexmon: The C-based Firmware Patching Framework . https://nexmon.orgGoogle Scholar
- IEEE Computer Society. 2016. 802.11--2016: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications . Technical Report. IEEE.Google Scholar
- Mathy Vanhoef, Célestin Matte, Mathieu Cunche, Leonardo S Cardoso, and Frank Piessens. 2016. Why MAC Address randomization Is Not Enough: An Analysis of Wi-Fi Network Discovery Mechanisms. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security. 413--424. Google Scholar
Digital Library
- Mathy Vanhoef and Frank Piessens. 2017. Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. In CCS ACM SIGSAC . 1313--1328. Google Scholar
Digital Library
- Yaxiong Xie, Zhenjiang Li, and Mo Li. 2018. Precise Power Delay Profiling with Commodity Wi-Fi . IEEE Transactions on Mobile Computing , Vol. 18, 6 (Sep 2018), 1342--1355.Google Scholar
- Qiang Xu, Rong Zheng, Walid Saad, and Zhu Han. 2015. Device Fingerprinting in Wireless Networks: Challenges and Opportunities . IEEE Communications Surveys & Tutorials , Vol. 18, 1 (2015), 94--104.Google Scholar
Digital Library
- Yao Yao, Yan Li, Xin Liu, Zicheng Chi, Wei Wang, Tiantian Xie, and Ting Zhu. 2018. Aegis: An Interference-negligible RF Sensing Shield. In IEEE INFOCOM . 1718--1726.Google Scholar
- Yiwei Zhuo, Hongzi Zhu, Hua Xue, and Shan Chang. 2017. Perceiving Accurate CSI Phases with Commodity WiFi Devices. In IEEE INFOCOM . 1--9.Google Scholar
Index Terms
Stay Connected, Leave no Trace: Enhancing Security and Privacy in WiFi via Obfuscating Radiometric Fingerprints
Recommendations
Stay Connected, Leave no Trace: Enhancing Security and Privacy in WiFi via Obfuscating Radiometric Fingerprints
SIGMETRICS '21: Abstract Proceedings of the 2021 ACM SIGMETRICS / International Conference on Measurement and Modeling of Computer SystemsThe intrinsic hardware imperfection of WiFi chipsets manifests itself in the transmitted signal, leading to a unique radiometric (radio frequency) fingerprint. This fingerprint can be used as an additional means of authentication to enhance security. In ...
Stay Connected, Leave no Trace: Enhancing Security and Privacy in WiFi via Obfuscating Radiometric Fingerprints
SIGMETRICS '21The intrinsic hardware imperfection of WiFi chipsets manifests itself in the transmitted signal, leading to a unique radiometric (radio frequency) fingerprint. This fingerprint can be used as an additional means of authentication to enhance security. In ...
Equalization attacks against OFDM: analysis and countermeasures
This paper introduces, investigates, and proposes power-efficient equalization jamming attacks against the orthogonal frequency division multiplexing OFDM and possible countermeasures. Signals known a priori, called pilot tones, are employed in the ...






Comments