Fingerprints in the ether: Channel-based authentication

Most wireless systems lack the ability to reliably identify clients without employing complicated cryptographic tools. This introduces a significant threat to the security of wireless networks, as the wireless channel is a broadcast medium, i.e., intruders can access wireless networks without a physical connection. One serious consequence is that spoofing attacks (or masquerading attacks), where a malicious device claims to be a specific client by spoofing its MAC address, becomes possible. Spoofing attacks can seriously degrade network performance and facilitate many forms of security weakness. For instance, by attacking control messages or management frames smartly, the intruder can corrupt the services of legal clients [13]. It is desirable to conduct authentication at the lowest possible layer (i.e., physical layer). In rich multipath environments typical of wireless scenarios, channel responses are location-specific. That is, channel frequency responses decorrelate from one transmit-receive path to another, if the paths are separated by the order of an RF wavelength or more [4]. Hence it is difficult for an adversary to create or precisely model a waveform that is transmitted and received by entities that are more than a wavelength away from the adversary. This is the basis of what we call "fingerprints in the ether", i.e., channel-based authentication [59]. Authentication is traditionally associated with the assurance that a communication comes from a specific entity [10]. Physical-layer authentication, however, is used to discriminate among different transmitters, and must be combined with a traditional handshake authentication process to completely identify an entity. Throughout this chapter, we assume that an entitys identity is obtained at the beginning of a transmission using traditional higher layer authentication mechanisms. Channel-based authentication is then used to ensure that all signals in both the handshake process and data transmission are actually from the same transmitter. Thus, this may be viewed as a cross-layer design approach to authentication. We note that channel time variation is a challenge to the channel-based authentication. In practice it will be necessary to guarantee the continuity of the authentication procedure by probing the channel at time intervals less than the channels coherence time. In this chapter, we first describe the channel-based authentication in a static multipath environment, Sect. 13.2. Then we discuss the issues of environmental changes in Sect. 13.3, and terminal mobility in Sect. 13.4. As multiple-input multiple-output (MIMO) techniques will be widely deployed in future wireless networks, in Sect. 13.5, we also study the security gains possible when multiple antennas are available.