skip to main content
research-article

Stay Connected, Leave no Trace: Enhancing Security and Privacy in WiFi via Obfuscating Radiometric Fingerprints

Published:15 June 2021Publication History
Skip Abstract Section

Abstract

The intrinsic hardware imperfection of WiFi chipsets manifests itself in the transmitted signal, leading to a unique radiometric fingerprint. This fingerprint can be used as an additional means of authentication to enhance security. In fact, recent works propose practical fingerprinting solutions that can be readily implemented in commercial-off-the-shelf devices. In this paper, we prove analytically and experimentally that these solutions are highly vulnerable to impersonation attacks. We also demonstrate that such a unique device-based signature can be abused to violate privacy by tracking the user device, and, as of today, users do not have any means to prevent such privacy attacks other than turning off the device. We propose RF-Veil, a radiometric fingerprinting solution that not only is robust against impersonation attacks but also protects user privacy by obfuscating the radiometric fingerprint of the transmitter for non-legitimate receivers. Specifically, we introduce a randomized pattern of phase errors to the transmitted signal such that only the intended receiver can extract the original fingerprint of the transmitter. In a series of experiments and analyses, we expose the vulnerability of adopting naive randomization to statistical attacks and introduce countermeasures. Finally, we show the efficacy of RF-Veil experimentally in protecting user privacy and enhancing security. More importantly, our proposed solution allows communicating with other devices, which do not employ RF-Veil.

References

  1. Luis F. Abanto-Leon, Gek Hong (Allyson) Sim, Matthias Hollick, Amnart Boonkajay, and Fumiyuki Adachi. 2020. SWAN: Swarm-Based Low-Complexity Scheme for PAPR Reduction. In IEEE GLOBECOM . 1--7.Google ScholarGoogle Scholar
  2. Chrisil Arackaparambil, Sergey Bratus, Anna Shubina, and David Kotz. 2010. On the Reliability of Wireless Fingerprinting using Clock Skews. In ACM WiSec . 169--174. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Mihir Bellare and Tadayoshi Kohno. 2004. Hash function balance and its impact on birthday attacks. In International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 401--418.Google ScholarGoogle ScholarCross RefCross Ref
  4. Sergey Bratus, Cory Cornelius, David Kotz, and Daniel Peebles. 2008. Active Behavioral Fingerprinting of Wireless Devices. In ACM WiSec. 56--61. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Vladimir Brik, Suman Banerjee, Marco Gruteser, and Sangho Oh. 2008. Wireless Device Identification with Radiometric Signatures. In ACM MobiCom . 116--127. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Johnny Cache. 2006. Fingerprinting 802.11 Devices. Ph.D. Dissertation. Naval Postgraduate School.Google ScholarGoogle Scholar
  7. Milos Cermak, Stefan Svorencik, Robert Lipovsky, and Ondrej Kubovic. 2020. KR00K - CVE-2019--15126. Technical Report. ESET.Google ScholarGoogle Scholar
  8. Marco Cominelli, Felix Kosterhon, Francesco Gringoli, Renato Lo Cigno, and Arash Asadi. 2020. An Experimental Study of CSI Management to Preserve Location Privacy. In ACM WiNTECH . 64--71. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Cherita L Corbett, Raheem A Beyah, and John A Copeland. 2008. Passive Classification of Wireless NICs during Active Scanning . International Journal of Information Security , Vol. 7, 5 (2008), 335--348. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. A. N. D'Andrea, U. Mengali, and R. Reggiannini. 1994. The Modified Cramer-Rao Bound and its Application to Synchronization Problems . IEEE Transactions on Communications , Vol. 42, 234 (Feb 1994), 1391--1399.Google ScholarGoogle ScholarCross RefCross Ref
  11. Boris Danev and Srdjan Capkun. 2009. Transient-based Identification of Wireless Sensor Nodes. In ACM IPSN. 25--36. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Scott Fluhrer, Itsik Mantin, and Adi Shamir. 2001. Weaknesses in the Key Scheduling Algorithm of RC4. In SAC. Springer Berlin Heidelberg, 1--24. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Robert M. Gray. 2006. Toeplitz and Circulant Matrices: A Review . Foundations and Trends® in Communications and Information Theory , Vol. 2, 3 (2006), 155--239. https://doi.org/10.1561/0100000006 Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Francesco Gringoli, Matthias Schulz, Jakob Link, and Matthias Hollick. 2019. Free Your CSI: A Channel State Information Extraction Platform For Modern Wi-Fi Chipsets. In ACM WiNTECH. 21--28. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Marco Gruteser and Dirk Grunwald. 2005. Enhancing Location Privacy in Wireless LAN through Disposable Interface Identifiers: A Quantitative Analysis . Mobile Networks and Applications , Vol. 10, 3 (2005), 315--325. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Jeyanthi Hall, Michel Barbeau, and Evangelos Kranakis. 2004. Enhancing intrusion detection in wireless networks using radio frequency fingerprinting . ICCIIT, 1--6.Google ScholarGoogle Scholar
  17. Daniel Halperin, Wenjun Hu, Anmol Sheth, and David Wetherall. 2011. Tool Release: Gathering 802.11 n Traces with Channel State Information . ACM SIGCOMM , Vol. 41, 1 (Jan 2011), 53--53. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Jingyu Hua, Hongyi Sun, Zhenyu Shen, Zhiyun Qian, and Sheng Zhong. 2018. Accurate and Efficient Wireless Device Fingerprinting Using Channel State Information. In IEEE INFOCOM. 1700--1708.Google ScholarGoogle Scholar
  19. Jafar Haadi Jafarian, Amirreza Niakanlahiji, Ehab Al-Shaer, and Qi Duan. 2016. Multi-Dimensional Host Identity Anonymization for Defeating Skilled Attackers. In Proceedings of the 2016 ACM Workshop on Moving Target Defense. 47--58. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Steven M. Kay. 1993. Fundamentals of Statistical Signal Processing, Volume I: Estimation Theory. Prentice Hall. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Guyue Li, Jiabao Yu, Yuexiu Xing, and Aiqun Hu. 2019. Location-Invariant Physical Layer Identification Approach for WiFi Devices . IEEE Access , Vol. 7 (Aug 2019), 106974--106986.Google ScholarGoogle ScholarCross RefCross Ref
  22. Hongbo Liu, Yang Wang, Jie Yang, and Yingying Chen. 2013. Fast and Practical Secret Key Extraction by Exploiting Channel Response. In IEEE INFOCOM . 3048--3056.Google ScholarGoogle Scholar
  23. P. Liu, P. Yang , W. Song, Y. Yan, and X. Li. 2019. Real-time Identification of Rogue WiFi Connections Using Environment-Independent Physical Features. In IEEE INFOCOM. 190--198.Google ScholarGoogle Scholar
  24. R. Miller and C. B. Chang. 1978. A modified Cramér-Rao bound and its applications (Corresp.) . IEEE Transactions on Information Theory , Vol. 24, 3 (May 1978), 398--400. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Sangho Oh, Tam Vu, Marco Gruteser, and Suman Banerjee. 2012. Phantom: Physical Layer Cooperation for Location Privacy Protection. In IEEE INFOCOM . 3061--3065.Google ScholarGoogle Scholar
  26. Yue Qiao, Ouyang Zhang, Wenjie Zhou, Kannan Srinivasan, and Anish Arora. 2016. PhyCloak: Obfuscating Sensing from Communication Signals. In USENIX NSDI . 685--699. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Hanif Rahbari and Marwan Krunz. 2014. Friendly CryptoJam: A Mechanism for Securing Physical-layer Attributes. In Proceedings of the 2014 ACM conference on Security and privacy in wireless & mobile networks . 129--140. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Hanif Rahbari and Marwan Krunz. 2015a. Secrecy Beyond Encryption: Obfuscating Transmission Signatures in Wireless Communications . IEEE Communications Magazine , Vol. 53, 12 (2015), 54--60.Google ScholarGoogle ScholarCross RefCross Ref
  29. Hanif Rahbari and Marwan Krunz. 2015b. Secrecy beyond encryption: obfuscating transmission signatures in wireless communications. IEEE Communications Magazine , Vol. 53, 12 (2015), 54--60.Google ScholarGoogle ScholarCross RefCross Ref
  30. Kasper Bonne Rasmussen and Srdjan Capkun. 2007. Implications of Radio Fingerprinting on the Security of Sensor Networks. In EAI SecureComm . 331--340.Google ScholarGoogle Scholar
  31. Pieter Robyns, Bram Bonné, Peter Quax, and Wim Lamotte. 2017. Noncooperative 802.11 MAC Layer Fingerprinting and Tracking of Mobile Devices . Security and Communication Networks (2017).Google ScholarGoogle Scholar
  32. T M Schmidl and D C Cox. 1997. Robust frequency and timing synchronization for OFDM . IEEE Transactions on Communications , Vol. 45, 12 (1997), 1613--1621.Google ScholarGoogle ScholarCross RefCross Ref
  33. Matthias Schulz, Jakob Link, Francesco Gringoli, and Matthias Hollick. 2018. Shadow Wi-Fi: Teaching Smartphones to Transmit Raw Signals and to Extract Channel State Information to Implement Practical Covert Channels over Wi-Fi . (Jun 2018), 256--268. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Matthias Schulz, Daniel Wegemer, and Matthias Hollick. 2017. Nexmon: The C-based Firmware Patching Framework . https://nexmon.orgGoogle ScholarGoogle Scholar
  35. IEEE Computer Society. 2016. 802.11--2016: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications . Technical Report. IEEE.Google ScholarGoogle Scholar
  36. Mathy Vanhoef, Célestin Matte, Mathieu Cunche, Leonardo S Cardoso, and Frank Piessens. 2016. Why MAC Address randomization Is Not Enough: An Analysis of Wi-Fi Network Discovery Mechanisms. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security. 413--424. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Mathy Vanhoef and Frank Piessens. 2017. Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. In CCS ACM SIGSAC . 1313--1328. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Yaxiong Xie, Zhenjiang Li, and Mo Li. 2018. Precise Power Delay Profiling with Commodity Wi-Fi . IEEE Transactions on Mobile Computing , Vol. 18, 6 (Sep 2018), 1342--1355.Google ScholarGoogle Scholar
  39. Qiang Xu, Rong Zheng, Walid Saad, and Zhu Han. 2015. Device Fingerprinting in Wireless Networks: Challenges and Opportunities . IEEE Communications Surveys & Tutorials , Vol. 18, 1 (2015), 94--104.Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Yao Yao, Yan Li, Xin Liu, Zicheng Chi, Wei Wang, Tiantian Xie, and Ting Zhu. 2018. Aegis: An Interference-negligible RF Sensing Shield. In IEEE INFOCOM . 1718--1726.Google ScholarGoogle Scholar
  41. Yiwei Zhuo, Hongzi Zhu, Hua Xue, and Shan Chang. 2017. Perceiving Accurate CSI Phases with Commodity WiFi Devices. In IEEE INFOCOM . 1--9.Google ScholarGoogle Scholar

Index Terms

  1. Stay Connected, Leave no Trace: Enhancing Security and Privacy in WiFi via Obfuscating Radiometric Fingerprints

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          Full Access

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!