1	RF Fingerprints for Secure Authentication in WSN D. Knox and T. Kunz Systems and Computer Engineering Carleton University
2	WSN Authentication Wireless Sensor Network (WSN) Partially connected network of self-powered (e.g. battery-powered) embedded processor nodes with wireless communications interfaces and application-specific sensors Data traffic: Security and privacy concerns exist in some WSN applications e.g. personal medical data in a health monitoring system Need to determine which WSN nodes are legitimate Prevent nodes accessing sensed data without authorization. Configuration of authentication should be as ‘automatic’ as possible
3	RF Fingerprints for WSN Authentication RF Fingerprints Unique characteristics of different wireless signals can be used to identify specific nodes (the equivalent of human fingerprints for a radio signal) Some characterization work already done by other researchers, but some problems still need to be solved (e.g. ‘noisy’ characterization process and they have only been studied recently for implementation in ad hoc networks) Our Research Interest: What can be done and what needs to be done to use RF Fingerprints for WSN Node Authentication?
4	Presentation Outline Context for our work Application Assumptions and Requirements Related Work for WSN Authentication and RF Fingerprints Our main Contributions: Definition of a process to bind the physical layer to higher cryptographic layers in a WSN WSN Authentication Attacks Conclusions and Future Work
5	Motivation – “Aging in Place” World’s population is aging fast fertility rates are decreasing across the ‘Developed World’ In 1995, 6.5% of the world’s population was over 65* In 2025, 10.7% of the world’s population will be over 65* Elderly people can be monitored by trusted third parties (e.g. these could be their own children or professional health care providers) in their own homes new WSN technology provides a convenient and practical health-related monitoring service Monitored subjects are the on-site ‘users’ and are not computer experts Sensed data could include: room temperatures; sleeping patterns; food consumption; medication consumption; electricity/gas/water usage, occupant movement or position, door/window state, occupant heart rate/blood pressure/body temperature/breathing rate/weight …. * (U.S. Census Bureau, International Data Base) http://www.census.gov/ipc/www/world.html 2006
6	Authentication is Required for the ‘Aging in Place’ Application Security and Privacy are important; authentication is a basic requirement in a home monitoring system A would-be burglar can determine the presence (or potentially even the exact location) of a monitored subject An insurance company can compile health information without patient knowledge or consent
7	Our Contributions We propose a method to bind RF fingerprints to more standard existing cryptographic mechanisms (binding the physical layer to the ‘data layer’) Based on a method proposed by Burmester and Desmedt in 1998 for establishing a group conference key Allows neighbour discovery to take place Practical implementation issues for WSNs are considered: Distributed solution proposed (no online or centralized Trusted Authority is required) ‘Noisy’ RF fingerprints can still be used for authentication Attacks on authentication using RF Fingerprints are briefly presented
8	Requirements No key pre-configuration should be required by the user or by the manufacturer Little or no user involvement should be required New nodes need to be added as old ones stop working (e.g. may be needed because of dead batteries or failure, since WSN nodes could be cheap items) No direct connection to Trusted Authority should be required Forward Secrecy should be provided
9	Assumptions Simplex RF hardware is used (can either transmit or receive radio signals but not both) Nodes are assumed to be physically vulnerable and can be compromised Attacker can be present in the network from the beginning of network formation Attacker’s computing platform can be much more powerful than that of the WSN nodes We still consider attack difficulty and the benefit to the attacker of a successful attack (ETSI attack model)
10	Authentication Definition: Act of establishing that a claim (e.g. of identity) that is being made about an entity is true. Objective: “Lively, Assured and Confidential communication” Based on: What you have (possessed items: e.g. special card/hardware) What you know (stored/remembered items: e.g. cryptographic key information or passwords) What you are (physical attributes that are hard to modify: e.g. RF fingerprints)
11	Related Work – WSN Authentication and RF Fingerprints Key establishment in wireless networks Mostly based on key pre-distribution Other methods measure feasibility of time or space properties of node signals Use of physical attributes for authentication in wireless networks physical proofs of presence from nodes (e.g. based on physical contact or based on other auxiliary channels that are fully trusted) Impossibility results for distributed consensus A ‘majority’ of honest nodes is required to reach consensus (or even stronger requirements) Distributed credentials are also affected by this result RF fingerprints Recently advocated for WSNs Not measured as being perfectly consistent or reliable (no study of resiliency to attack) Burmester/Desmedt present a method for shared conference key establishment
12	Basic Channel Model Attacker has different radio channels than the one between the legitimate transmitter and receiver Channel differences can be used to advantage by honest nodes to identify changes in the legitimate channel Some researchers have shown how to extract common random reference strings from a radio channel Channels are different between other nodes, including non-attacking ones Noise: Environmental sources Attacker-induced (e.g. jamming and more subtle types) Electrical and thermal sources inside nodes
13	RF Fingerprints RF Fingerprints are susceptible to noise Any biometric indicator suffers from the same problem Noise could be channel-dependent Noise could be time-varying Researchers have shown that RF Fingerprints can have good accuracy under laboratory conditions 98% matching accuracy against templates stored in a database (previous training data required for this level of accuracy). No detailed analysis of relative contributions of noise sources Researchers have advocated their use for infrastructure-type WLANs and also recently for WSN’s No implementations on real hardware yet
14	Idea – Binding Physical Layer to Data Layer
15	Neighbour Discovery with RF Fingerprints Objective: Determine neighbours within RF range and record their RF Fingerprints and a cryptographic identifier Steps: Initiator sends request with a signed nonce and a cryptographic ID of form: All neighbours within RF range acknowledge with their own cryptographic IDs and nonces End Result: Nodes end up with recorded RF Fingerprint values for all of their neighbours and the corresponding cryptographic identifiers for each ‘Neighbours’ must be fully connected with each other and we assume that a majority of honest nodes exist, permitting consensus to be reached
16	Conference Key Creation (1) Objective: Establish confidential communications between active participants Alternatively, determine a new group of neighbours for which such agreement is possible Initiator calculates a partial key: xxxxxx yyyy is the ID of the next ‘highest’ neighbour (based on numerical ordering) Initiator sends partial key and his list of neighbours and their hashed RF Fingerprint values (hash is a commitment) In doing so, the neighbours of the initiator are provided with a second RF Fingerprint sample, which they duly note and check for consistency with their first sample. Neighbours then respond with their own partial keys and their own lists of neighbours and corresponding hashed RF Fingerprint values All neighbours note each other’s second RF Fingerprint samples and check them for consistency with their first samples
17	Conference Key Creation (2) The initiator then generates a (tentative) group of neighbours to be used for the credential and calculates the group shared key as: All other nodes in the (tentative) group can calculate the same shared key value, provided all parties in the group have been honest. Dishonest parties attempting to actively derail the protocol at this stage must be excluded from the tentative group in a subsequent iteration Steps 1 to 5 are repeated until a stable group key is established Dishonest parties could participate honestly and then share key values with other dishonest parties. The RF fingerprints of the dishonest sharers have been captured and recorded, inhibiting their ability to assume new cryptographic IDs in other groups Trust values for all members of the group in question decrease when this happens, since anyone of them could have been the ‘mole’ sharing the group’s secrets. RF Fingerprint data is associated with all of the nodes in question, facilitating their subsequent detection
18	RF Fingerprint Exchange Objective: Exchange RF Fingerprint information in a confidential fashion only with active participants to improve accuracy and consistency Encryption serves more to commit (in a non-repudiable fashion) participants using both their secret keys and their RF Fingerprints simultaneously Encrypted communications serves a similar purpose for their guarantors Nodes encrypt communications using the shared conference key value Nodes broadcast the (first round) FP values that were gathered for each neighbour All nodes check to make sure that the values are consistent with their hashes Nodes also record a third (and final) RF Fingerprint value
19	Secure RF Fingerprint Aggregation Objective: In a secure fashion, agree on the RF Fingerprint value and the permitted error tolerance for the RF Fingerprint measurement At each node, we now have: A defined group of fully-connected participants who followed the previous protocol steps A shared group key, whose knowledge requires group membership Three RF Fingerprint samples for each neighbour in the group An error tolerance threshold (calculated now and used now for consistency purposes) Linked cryptographic keys and RF Fingerprints for all group members The initiator node can create an aggregated credential using all of this information and distributes it to the group for validation The other nodes verify that their RF Fingerprint measurements are within the specified error tolerance threshold and then sign it (or provide an error tolerance value for which they could sign and then abort with their reason) Steps 1 to 2 are repeated until the initiator has a set of signers with tight enough error tolerance.
20	RF Fingerprint Credential - Usage Objective: Generate a credential using the aggregated RF Fingerprint information for a given subject node Credential is generated by a specific set of nodes in a particular neighbourhood Identification information for those nodes is included in the credential Resulting Credential can be ‘shown’ by the subject node outside the neighbourhood within which it was generated RF Fingerprints of the referees are also included in the Credential RF Fingerprints of the referees can only be verified by other neighbours, but not required to be in the same neighbourhood as the one used for credential generation. A reputation or trust system is required to monitor the behaviour of nodes, but this system requires the identifying information from the credentials. The method for showing the credential is not discussed in the paper.
21	Advantages and Disadvantages RF Fingerprints and a cryptographic identity are bound together in a credential Signer identities captured as part of credential issuing process Parallelism possible here; multiple credentials could be created in the final round of the protocol RF Fingerprint values are averaged using measurements made over multiple distinct noisy channels Adversary must be a member of a group to learn RF Fingerprint values and then share them. No advantage, since the adversary must be close enough to measure RF Fingerprint values directly. Can NOT stop attackers from colluding If detected, CAN identify them (and their collusion activities) using their RF Fingerprints Certain topologies (i.e. sparse ones) do not have some of these benefits Indeed, certain cases where credentials cannot be produced (i.e. non fully-connected subnetworks or honest node minority situations)
22	Attacks and Defenses Sybil attack Without Trusted Authorities, credential forgery prevented using requirement that RF Fingerprints ‘demonstrated’ during the showing process. Masquerading Attacking nodes needs knowledge of secrets and compatible RF Fingerprints Signal-Summing (for corruption of RF Fingerprints) Unsure whether such an attack is feasible; needs investigation DOS/Jamming RF Fingerprints can be used to identify the attacker, provided all communications are not blocked False RF Fingerprint reporting Our protocol is intended to prevent this Fingerprint Forgery We assume that this is not possible or very difficult; needs investigation
23	Conclusions and Future Work Shown how RF Fingerprints can be used in a distributed WSN Shown how to use physical layer RF Fingerprints to produce ‘data layer’ credentials Protocol allows secure, resilient aggregation of RF Fingerprint measurements from multiple sources Practicality needs to be demonstrated Formal Security needs to be proved
24	Questions? Thank you! ?