Wireless Physical-Layer Authentication for the Internet of Things

doi:10.1017/9781316450840.015

14 - Wireless Physical-Layer Authentication for the Internet of Things

from Part III - Secret Key Generation and Authentication

Published online by Cambridge University Press: 28 June 2017

G. Caparra ,

S. Tomasin and

Edited by

Ashish Khisti and

G. Caparra: Affiliation:
Department of Information Engineering, University of Padova
M. Centenaro: Affiliation:
Department of Information Engineering, University of Padova
N. Laurenti: Affiliation:
Department of Information Engineering, University of Padova
S. Tomasin: Affiliation:
Department of Information Engineering, University of Padova
L. Vangelista: Affiliation:
Department of Information Engineering, University of Padova
Rafael F. Schaefer: Affiliation:
Technische Universität Berlin
Holger Boche: Affiliation:
Technische Universität München
Ashish Khisti: Affiliation:
University of Toronto
H. Vincent Poor: Affiliation:
Princeton University, New Jersey

Book contents

Get access

Summary

Authentication of messages in an Internet of Things (IoT) is a key security feature that may involve heavy signaling and protocol procedures, not suitable for small devices with very limited computational capabilities and energy availability. In this chapter we address the problem of message authentication in an IoT context, by using physical-layer approaches. We propose a solution based on the use of trusted anchor nodes that estimate the channel from the transmitting node and report them to a concentrator node, which takes a decision on the message authenticity. Assuming that the anchor nodes have a limited energy availability, we analyze the lifespan of the authenticating network and propose both centralized and distributed approaches to determine which anchor nodes report the information to the concentrator. The authenticating network overhead is also discussed and a tradeoff between energy efficiency and signaling traffic is found.

IoT Authentication Overview

In the near future it is expected that many devices in common use will be connected to the Internet, thus enabling enhanced features and applications, from flexible home automation to customization of body area networks. Huge security challenges must be faced in this new scenario.We will focus on the authentication problem, i.e., the problem of determining whether a message has been truly transmitted by a specific device. In other words, we want to make sure that no malicious node is transmitting messages in place of a legitimate node.

In an IoT scenario the dramatically large number of nodes calls for simple authentication techniques. As will be discussed in more detail in Section 14.2, the most popular IoT standards address the problem of authentication only with approaches based on cryptography that require complex processing procedures and the exchange (and refresh) of keys among the devices. An open-minded approach, trying to include new techniques, e.g., at the physical layer, could contribute strongly to the solution of the problem.

Therefore, here we investigate solutions that exploit the features of wireless transmissions and can integrate well other authentication procedures implemented in the higher layers.

Type: Chapter
Information: Information Theoretic Security and Privacy of Information Systems , pp. 390 - 418

DOI: https://doi.org/10.1017/9781316450840.015 [Opens in a new window]

Publisher: Cambridge University Press

Print publication year: 2017

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

Book purchase

Temporarily unavailable

References

[1] II Consortium, 2015. [Online]. Available: www.iiconsortium.org/

[2] ThingWorx, 2015. [Online]. Available: www.thingworx.com/

[3] “IEEE Standard 802.15.4,” IEEE, Tech. Rep., 2011.

[4] NIST, “Pub 800-38c, recommendation for block cipher modes of operation – the CCM mode for authentication and confidentiality,” U.S. Department of Commerce/N.I.S.T., Tech. Rep., 2004.

[5] ANSI, “ANSI X9.63-2001, public key cryptography for the financial services industry – key agreement and key transport using elliptic curve cryptography,” ANSI, Tech. Rep., 2001.

[6] C. E., Shannon, “Communication theory of secrecy systems,” Bell Syst. Tech. J., vol. 28, no. 4, pp. 656–715, Oct. 1949.Google Scholar

[7] A. D., Wyner, “The wire-tap channel,” Bell Syst. Tech. J., vol. 54, pp. 1355–1387, Oct. 1975.Google Scholar

[8] E. A., Jorswieck, S., Tomasin, and A., Sezgin, “Broadcasting into the uncertainty: Authentication and confidentiality by physical-layer processing,” Proc. IEEE, vol. 103, no. 10, pp. 1702–1724, Oct. 2015.Google Scholar

[9] T., Daniels, M., Mina, and S. F., Russell, “A signal fingerprinting paradigm for general physical layer and sensor network security and assurance,” in Proc. IEEE First Int. Conf. Security and Privacy for Emerging Areas in Commun. Networks, Athens, Greece, Sep. 2005, pp. 1–3.

[10] P., Baracca, N., Laurenti, and S., Tomasin, “Physical layer authentication over an OFDM fading wiretap channel,” in Proc. Int. ICST Conf. Performance Evaluation Methodologies and Tools, Paris, France, 2011, pp. 648–657.

[11] P., Baracca, N., Laurenti, and S., Tomasin, “Physical layer authentication over MIMO fading wiretap channels,” IEEE Trans. Wireless Commun., vol. 11, no. 7, pp. 2564–2573, Jul. 2012.Google Scholar

[12] A., Ferrante, N., Laurenti, C., Masiero, M., Pavon, and S., Tomasin, “On the error region for channel estimation based physical layer authentication over Rayleigh fading,” IEEE Trans. Inf. Forensics Security, vol. 10, no. 5, pp. 941–952, May 2015.Google Scholar

[13] S., Jiang, “Keyless authentication in a noisy model,” IEEE Trans. Inf. Forensics Security, vol. 9, no. 6, pp. 1024–1033, Jun. 2014.Google Scholar

[14] L., Xiao, L. J., Greenstein, N. B., Mandayam, and W., Trappe, “Fingerprints in the ether: using the physical layer for wireless authentication,” in Proc. IEEE Int. Conf. Commun., Glasgow, UK, Jun. 2007, pp. 4646–4651.

[15] L., Xiao, L. J., Greenstein, N. B., Mandayam, and W., Trappe, “A physical-layer technique to enhance authentication for mobile terminals,” in Proc. IEEE Int. Conf. Commun., Beijing, China, May 2008, pp. 1520–1524.

[16] L., Xiao, L. J., Greenstein, N. B., Mandayam, and W., Trappe, “Channel-based spoofing detection in frequency-selective Rayleigh channels,” IEEE Trans. Wireless Commun., vol. 8, no. 12, pp. 5948–5956, Dec. 2009.Google Scholar

[17] L., Xiao, A., Reznik, W., Trappe, C., Ye, Y., Shah, and L. J., Greenstein, “PHY-authentication protocol for spoofing detection in wireless networks,” in Proc. IEEE Global Commun. Conf., Miami, FL, USA, Dec. 2010, pp. 1–6.

[18] F., He, W., Wang, and H., Man, “REAM: rake receiver enhanced authentication method,” in Proc. IEEE Military Commun. Conf., San Jose, CA, USA, Oct. 2010, pp. 2205–2210.

[19] J., Liu, A., Refaey, X., Wang, and H., Tang, “Reliability enhancement for CIR-based physical layer authentication,” Security and Communication Networks, vol. 8, no. 4, pp. 661–671, 2015.Google Scholar

[20] D. B., Faria and D. R., Cheriton, “Detecting identity-based attacks in wireless networks using signalprints,” in Proc. ACMWorkshopWireless Security, Los Angeles, CA, USA, Sep. 2006, pp. 43–52.

[21] M., Demirbas and Y., Song, “An RSSI-based scheme for sybil attack detection in wireless sensor networks,” in Proc. IEEE Int. Symp. World of Wireless, Mobile and Multimedia Networks, Buffalo, NY, USA, Jun. 2006, p. 5.

[22] Y., Chen, W., Trappe, and R. P., Martin, “Detecting and localizing wireless spoofing attacks,” in Proc. IEEE Conf. Sensor, Mesh and Ad Hoc Commun. and Networks, San Diego, CA, USA, Jun. 2007, pp. 193–202.

[23] F., He, H., Man, D., Kivanc, and B., McNair, “EPSON: enhanced physical security in OFDM networks,” in Proc. IEEE Int. Conf. Commun., Dresden, Germany, Jun. 2009, pp. 1–5.

[24] O., Gungor, C., Koksal, and H. El, Gamal, “An information theoretic approach to RF fingerprinting,” in Proc. 47th Asilomar Conf. Signals, Systems, Computers, Pacific Grove, CA, USA, Nov. 2013, pp. 61–65.

[25] E. N., Gilbert, F. J., MacWilliams, and N. J. A., Sloane, “Codes which detect deception,” Bell Syst. Tech. J., vol. 53, no. 3, pp. 405–424, 1974.Google Scholar

[26] V., Fåk, “Repeated use of codes which detect deception,” IEEE Trans. Inf. Theory, vol. 25, pp. 233–234, Mar. 1979.Google Scholar

[27] G. J., Simmons, “Authentication theory/coding theory,” Lecture Notes in Computer Science, vol. 196, pp. 411–431, 1985.Google Scholar

[28] G. J., Simmons, “A survey of information authentication,” Proc. IEEE, vol. 76, no. 5, pp. 603–620, May 1988.Google Scholar

[29] A., Sgarro, “Information divergence bounds for authentication codes,” Lecture Notes in Computer Science, vol. 434, pp. 93–101, 1985.Google Scholar

[30] R., Johannesson and A., Sgarro, “Strengthening Simmons' bound on impersonation,” IEEE Trans. Inf. Theory, vol. 37, pp. 1182–1185, Jul. 1991.Google Scholar

[31] T., Johansson, “Lower bounds on the probability of deception in authentication with arbitration,” IEEE Trans. Inf. Theory, vol. 40, pp. 1573–1585, Sep. 1994.Google Scholar

[32] U. M., Maurer, “Authentication theory and hypothesis testing,” IEEE Trans. Inf. Theory, vol. 46, no. 4, pp. 1350–1356, Jul. 2000.Google Scholar

[33] P. L., Yu, J. S., Baras, and B. M., Sadler, “Physical-layer authentication,” IEEE Trans. Inf. Forensics Security, vol. 3, no. 1, pp. 38–51, Mar. 2008.Google Scholar

[34] P. L., Yu, J. S., Baras, and B. M., Sadler, “Power allocation tradeoffs in multicarrier authentication systems,” in Proc. IEEE Sarnoff Symp., Princeton, NJ, USA, Mar. 2009, pp. 1–5.

[35] E., Martinian, G. W., Wornell, and B., Chen, “Authentication with distortion criteria,” IEEE Trans. Inf. Theory, vol. 51, no. 7, pp. 2523–2542, Jul. 2005.Google Scholar

[36] Y., Liu and C. G., Boncelet, “The CRC-NTMAC for noisy message authentication,” IEEE Trans. Inf. Forensics Security, vol. 1, no. 4, pp. 517–523, Dec. 2006.Google Scholar

[37] C. G., Boncelet, “The NTMAC for authentication of noisy messages,” IEEE Trans. Inf. Forensics Security, vol. 1, no. 1, pp. 35–42, Mar. 2006.Google Scholar

[38] L., Lai, H. El, Gamal, and H. V., Poor, “Authentication over noisy channels,” IEEE Trans. Inf. Theory, vol. 55, no. 2, pp. 906–916, Feb. 2009.Google Scholar

[39] P. L., Yu and B. M., Sadler, “MIMO authentication via deliberate fingerprinting at the physical layer,” IEEE Trans. Inf. Forensics Security, vol. 6, no. 3, pp. 606–615, Sep. 2011.Google Scholar

[40] S., Kay, Fundamentals of Statistical Signal Processing: Detection Theory. Upper Saddle River, NJ: Prentice Hall, 1993.

[41] H. V., Khuong and H. Y., Kong, “General expression for pdf of a sum of independent exponential random variables,” IEEE Commun. Letters, vol. 10, no. 3, pp. 159–161, 2006.Google Scholar

[42] A., Biral, M., Centenaro, A., Zanella, L., Vangelista, and M., Zorzi, “The challenges of m2m massive access in wireless cellular networks,” Digital Communications and Networks, vol. 1, no. 1, pp. 1–19, 2015.Google Scholar