RF Fingerprints for Secure Authentication in WSN

D. Knox and T. Kunz

Systems and Computer Engineering

Carleton University

WSN Authentication

Wireless Sensor Network (WSN)

Partially connected network of self-powered (e.g. battery-powered) embedded processor nodes with wireless communications interfaces and application-specific sensors

Data traffic: Security and privacy concerns exist in some WSN applications

e.g. personal medical data in a health monitoring system

Need to determine which WSN nodes are legitimate

Prevent nodes accessing sensed data without authorization.

Configuration of authentication should be as ‘automatic’ as possible

RF Fingerprints for WSN Authentication

RF Fingerprints

Unique characteristics of different wireless signals can be used to identify specific nodes (the equivalent of human fingerprints for a radio signal)

Some characterization work already done by other researchers, but some problems still need to be solved (e.g. ‘noisy’ characterization process and they have only been studied recently for implementation in ad hoc networks)

Our Research Interest: What can be done and what needs to be done to use RF Fingerprints for WSN Node Authentication?

Presentation Outline

Context for our work

Application Assumptions and Requirements

Related Work for WSN Authentication and RF Fingerprints

Our main Contributions:

Definition of a process to bind the physical layer to higher cryptographic layers in a WSN

WSN Authentication Attacks

Conclusions and Future Work

Motivation – “Aging in Place”

World’s population is aging fast

fertility rates are decreasing across the ‘Developed World’

In 1995, 6.5% of the world’s population was over 65*

In 2025, 10.7% of the world’s population will be over 65*

Elderly people can be monitored by trusted third parties (e.g. these could be their own children or professional health care providers) in their own homes

new WSN technology provides a convenient and practical health-related monitoring service

Monitored subjects are the on-site ‘users’ and are not computer experts

Sensed data could include: room temperatures; sleeping patterns; food consumption; medication consumption; electricity/gas/water usage, occupant movement or position, door/window state, occupant heart rate/blood pressure/body temperature/breathing rate/weight ….

* (U.S. Census Bureau, International Data Base) http://www.census.gov/ipc/www/world.html 2006

Authentication is Required for the ‘Aging in Place’ Application

Security and Privacy are important; authentication is a basic requirement in a home monitoring system

A would-be burglar can determine the presence (or potentially even the exact location) of a monitored subject

An insurance company can compile health information without patient knowledge or consent

Our Contributions

We propose a method to bind RF fingerprints to more standard existing cryptographic mechanisms (binding the physical layer to the ‘data layer’)

Based on a method proposed by Burmester and Desmedt in 1998 for establishing a group conference key

Allows neighbour discovery to take place

Practical implementation issues for WSNs are considered:

Distributed solution proposed (no online or centralized Trusted Authority is required)

‘Noisy’ RF fingerprints can still be used for authentication

Attacks on authentication using RF Fingerprints are briefly presented

Requirements

No key pre-configuration should be required by the user or by the manufacturer

Little or no user involvement should be required

New nodes need to be added as old ones stop working (e.g. may be needed because of dead batteries or failure, since WSN nodes could be cheap items)

No direct connection to Trusted Authority should be required

Forward Secrecy should be provided

Assumptions

Simplex RF hardware is used (can either transmit or receive radio signals but not both)

Nodes are assumed to be physically vulnerable and can be compromised

Attacker can be present in the network from the beginning of network formation

Attacker’s computing platform can be much more powerful than that of the WSN nodes

We still consider attack difficulty and the benefit to the attacker of a successful attack (ETSI attack model)

Authentication

Definition: Act of establishing that a claim (e.g. of identity) that is being made about an entity is true.

Objective: “Lively, Assured and Confidential communication”

Based on:

What you have (possessed items: e.g. special card/hardware)

What you know (stored/remembered items: e.g. cryptographic key information or passwords)

What you are (physical attributes that are hard to modify: e.g. RF fingerprints)

Related Work – WSN Authentication and RF Fingerprints

Key establishment in wireless networks

Mostly based on key pre-distribution

Other methods measure feasibility of time or space properties of node signals

Use of physical attributes for authentication in wireless networks

physical proofs of presence from nodes (e.g. based on physical contact or based on other auxiliary channels that are fully trusted)

Impossibility results for distributed consensus

A ‘majority’ of honest nodes is required to reach consensus (or even stronger requirements)

Distributed credentials are also affected by this result

RF fingerprints

Recently advocated for WSNs

Not measured as being perfectly consistent or reliable (no study of resiliency to attack)

Burmester/Desmedt present a method for shared conference key establishment

Basic Channel Model

Attacker has different radio channels than the one between the legitimate transmitter and receiver

Channel differences can be used to advantage by honest nodes to identify changes in the legitimate channel

Some researchers have shown how to extract common random reference strings from a radio channel

Channels are different between other nodes, including non-attacking ones

Noise:

Environmental sources

Attacker-induced (e.g. jamming and more subtle types)

Electrical and thermal sources inside nodes

RF Fingerprints

RF Fingerprints are susceptible to noise

Any biometric indicator suffers from the same problem

Noise could be channel-dependent

Noise could be time-varying

Researchers have shown that RF Fingerprints can have good accuracy under laboratory conditions

98% matching accuracy against templates stored in a database (previous training data required for this level of accuracy).

No detailed analysis of relative contributions of noise sources

Researchers have advocated their use for infrastructure-type WLANs and also recently for WSN’s

No implementations on real hardware yet

Idea – Binding Physical Layer to Data Layer

Neighbour Discovery with RF Fingerprints

Objective: Determine neighbours within RF range and record their RF Fingerprints and a cryptographic identifier

Steps:

Initiator sends request with a signed nonce and a cryptographic ID of form:

All neighbours within RF range acknowledge with their own cryptographic IDs and nonces

End Result: Nodes end up with recorded RF Fingerprint values for all of their neighbours and the corresponding cryptographic identifiers for each

‘Neighbours’ must be fully connected with each other and we assume that a majority of honest nodes exist, permitting consensus to be reached

Conference Key Creation (1)

Objective: Establish confidential communications between active participants

Alternatively, determine a new group of neighbours for which such agreement is possible

Initiator calculates a partial key: xxxxxx

yyyy is the ID of the next ‘highest’ neighbour (based on numerical ordering)

Initiator sends partial key and his list of neighbours and their hashed RF Fingerprint values (hash is a commitment)

In doing so, the neighbours of the initiator are provided with a second RF Fingerprint sample, which they duly note and check for consistency with their first sample.

Neighbours then respond with their own partial keys and their own lists of neighbours and corresponding hashed RF Fingerprint values

All neighbours note each other’s second RF Fingerprint samples and check them for consistency with their first samples

Conference Key Creation (2)

The initiator then generates a (tentative) group of neighbours to be used for the credential and calculates the group shared key as:

All other nodes in the (tentative) group can calculate the same shared key value, provided all parties in the group have been honest.

Dishonest parties attempting to actively derail the protocol at this stage must be excluded from the tentative group in a subsequent iteration

Steps 1 to 5 are repeated until a stable group key is established

Dishonest parties could participate honestly and then share key values with other dishonest parties.

The RF fingerprints of the dishonest sharers have been captured and recorded, inhibiting their ability to assume new cryptographic IDs in other groups

Trust values for all members of the group in question decrease when this happens, since anyone of them could have been the ‘mole’ sharing the group’s secrets.

RF Fingerprint data is associated with all of the nodes in question, facilitating their subsequent detection

RF Fingerprint Exchange

Objective: Exchange RF Fingerprint information in a confidential fashion only with active participants to improve accuracy and consistency

Encryption serves more to commit (in a non-repudiable fashion) participants using both their secret keys and their RF Fingerprints simultaneously

Encrypted communications serves a similar purpose for their guarantors

Nodes encrypt communications using the shared conference key value

Nodes broadcast the (first round) FP values that were gathered for each neighbour

All nodes check to make sure that the values are consistent with their hashes

Nodes also record a third (and final) RF Fingerprint value

Secure RF Fingerprint Aggregation

Objective: In a secure fashion, agree on the RF Fingerprint value and the permitted error tolerance for the RF Fingerprint measurement

At each node, we now have:

A defined group of fully-connected participants who followed the previous protocol steps

A shared group key, whose knowledge requires group membership

Three RF Fingerprint samples for each neighbour in the group

An error tolerance threshold (calculated now and used now for consistency purposes)

Linked cryptographic keys and RF Fingerprints for all group members

The initiator node can create an aggregated credential using all of this information and distributes it to the group for validation

The other nodes verify that their RF Fingerprint measurements are within the specified error tolerance threshold and then sign it (or provide an error tolerance value for which they could sign and then abort with their reason)

Steps 1 to 2 are repeated until the initiator has a set of signers with tight enough error tolerance.

RF Fingerprint Credential - Usage

Objective: Generate a credential using the aggregated RF Fingerprint information for a given subject node

Credential is generated by a specific set of nodes in a particular neighbourhood

Identification information for those nodes is included in the credential

Resulting Credential can be ‘shown’ by the subject node outside the neighbourhood within which it was generated

RF Fingerprints of the referees are also included in the Credential

RF Fingerprints of the referees can only be verified by other neighbours, but not required to be in the same neighbourhood as the one used for credential generation.

A reputation or trust system is required to monitor the behaviour of nodes, but this system requires the identifying information from the credentials.

The method for showing the credential is not discussed in the paper.

Advantages and Disadvantages

RF Fingerprints and a cryptographic identity are bound together in a credential

Signer identities captured as part of credential issuing process

Parallelism possible here; multiple credentials could be created in the final round of the protocol

RF Fingerprint values are averaged using measurements made over multiple distinct noisy channels

Adversary must be a member of a group to learn RF Fingerprint values and then share them.

No advantage, since the adversary must be close enough to measure RF Fingerprint values directly.

Can NOT stop attackers from colluding

If detected, CAN identify them (and their collusion activities) using their RF Fingerprints

Certain topologies (i.e. sparse ones) do not have some of these benefits

Indeed, certain cases where credentials cannot be produced (i.e. non fully-connected subnetworks or honest node minority situations)

Attacks and Defenses

Sybil attack

Without Trusted Authorities, credential forgery prevented using requirement that RF Fingerprints ‘demonstrated’ during the showing process.

Masquerading

Attacking nodes needs knowledge of secrets and compatible RF Fingerprints

Signal-Summing (for corruption of RF Fingerprints)

Unsure whether such an attack is feasible; needs investigation

DOS/Jamming

RF Fingerprints can be used to identify the attacker, provided all communications are not blocked

False RF Fingerprint reporting

Our protocol is intended to prevent this

Fingerprint Forgery

We assume that this is not possible or very difficult; needs investigation

Conclusions and Future Work

Shown how RF Fingerprints can be used in a distributed WSN

Shown how to use physical layer RF Fingerprints to produce ‘data layer’ credentials

Protocol allows secure, resilient aggregation of RF Fingerprint measurements from multiple sources

Practicality needs to be demonstrated

Formal Security needs to be proved

Questions?

Thank you!

?


	D. Knox and T. Kunz
	Systems and Computer Engineering
	Carleton University


	Wireless Sensor Network (WSN)
		Partially connected network of self-powered (e.g. battery-powered) embedded processor nodes with wireless communications interfaces and application-specific sensors
	Data traffic: Security and privacy concerns exist in some WSN applications
		e.g. personal medical data in a health monitoring system
	Need to determine which WSN nodes are legitimate
		Prevent nodes accessing sensed data without authorization.
		Configuration of authentication should be as ‘automatic’ as possible


	RF Fingerprints
		Unique characteristics of different wireless signals can be used to identify specific nodes (the equivalent of human fingerprints for a radio signal)
		Some characterization work already done by other researchers, but some problems still need to be solved (e.g. ‘noisy’ characterization process and they have only been studied recently for implementation in ad hoc networks)
	Our Research Interest: What can be done and what needs to be done to use RF Fingerprints for WSN Node Authentication?


	Context for our work
		Application Assumptions and Requirements
		Related Work for WSN Authentication and RF Fingerprints
	Our main Contributions:
		Definition of a process to bind the physical layer to higher cryptographic layers in a WSN
		WSN Authentication Attacks
	Conclusions and Future Work


	World’s population is aging fast
		fertility rates are decreasing across the ‘Developed World’
		In 1995, 6.5% of the world’s population was over 65*
		In 2025, 10.7% of the world’s population will be over 65*
	Elderly people can be monitored by trusted third parties (e.g. these could be their own children or professional health care providers) in their own homes
		new WSN technology provides a convenient and practical health-related monitoring service
		Monitored subjects are the on-site ‘users’ and are not computer experts
		Sensed data could include: room temperatures; sleeping patterns; food consumption; medication consumption; electricity/gas/water usage, occupant movement or position, door/window state, occupant heart rate/blood pressure/body temperature/breathing rate/weight ….
	* (U.S. Census Bureau, International Data Base) http://www.census.gov/ipc/www/world.html 2006


	Security and Privacy are important; authentication is a basic requirement in a home monitoring system
		A would-be burglar can determine the presence (or potentially even the exact location) of a monitored subject
		An insurance company can compile health information without patient knowledge or consent


	We propose a method to bind RF fingerprints to more standard existing cryptographic mechanisms (binding the physical layer to the ‘data layer’)
		Based on a method proposed by Burmester and Desmedt in 1998 for establishing a group conference key
		Allows neighbour discovery to take place
	Practical implementation issues for WSNs are considered:
		Distributed solution proposed (no online or centralized Trusted Authority is required)
		‘Noisy’ RF fingerprints can still be used for authentication
		Attacks on authentication using RF Fingerprints are briefly presented


	No key pre-configuration should be required by the user or by the manufacturer
	Little or no user involvement should be required
		New nodes need to be added as old ones stop working (e.g. may be needed because of dead batteries or failure, since WSN nodes could be cheap items)
	No direct connection to Trusted Authority should be required
	Forward Secrecy should be provided


	Simplex RF hardware is used (can either transmit or receive radio signals but not both)
	Nodes are assumed to be physically vulnerable and can be compromised
	Attacker can be present in the network from the beginning of network formation
	Attacker’s computing platform can be much more powerful than that of the WSN nodes
		We still consider attack difficulty and the benefit to the attacker of a successful attack (ETSI attack model)


	Definition: Act of establishing that a claim (e.g. of identity) that is being made about an entity is true.
	Objective: “Lively, Assured and Confidential communication”
	Based on:
		What you have (possessed items: e.g. special card/hardware)
		What you know (stored/remembered items: e.g. cryptographic key information or passwords)
		What you are (physical attributes that are hard to modify: e.g. RF fingerprints)


	Key establishment in wireless networks
		Mostly based on key pre-distribution
		Other methods measure feasibility of time or space properties of node signals
	Use of physical attributes for authentication in wireless networks
		physical proofs of presence from nodes (e.g. based on physical contact or based on other auxiliary channels that are fully trusted)
	Impossibility results for distributed consensus
		A ‘majority’ of honest nodes is required to reach consensus (or even stronger requirements)
		Distributed credentials are also affected by this result
	RF fingerprints
		Recently advocated for WSNs
		Not measured as being perfectly consistent or reliable (no study of resiliency to attack)
	Burmester/Desmedt present a method for shared conference key establishment


	Attacker has different radio channels than the one between the legitimate transmitter and receiver
		Channel differences can be used to advantage by honest nodes to identify changes in the legitimate channel
		Some researchers have shown how to extract common random reference strings from a radio channel
		Channels are different between other nodes, including non-attacking ones
	Noise:
		Environmental sources
		Attacker-induced (e.g. jamming and more subtle types)
		Electrical and thermal sources inside nodes


	RF Fingerprints are susceptible to noise
		Any biometric indicator suffers from the same problem
		Noise could be channel-dependent
		Noise could be time-varying
	Researchers have shown that RF Fingerprints can have good accuracy under laboratory conditions
		98% matching accuracy against templates stored in a database (previous training data required for this level of accuracy).
		No detailed analysis of relative contributions of noise sources
	Researchers have advocated their use for infrastructure-type WLANs and also recently for WSN’s
		No implementations on real hardware yet


	Objective: Determine neighbours within RF range and record their RF Fingerprints and a cryptographic identifier
	Steps:
		Initiator sends request with a signed nonce and a cryptographic ID of form:
		All neighbours within RF range acknowledge with their own cryptographic IDs and nonces
	End Result: Nodes end up with recorded RF Fingerprint values for all of their neighbours and the corresponding cryptographic identifiers for each
		‘Neighbours’ must be fully connected with each other and we assume that a majority of honest nodes exist, permitting consensus to be reached


	Objective: Establish confidential communications between active participants
		Alternatively, determine a new group of neighbours for which such agreement is possible
	Initiator calculates a partial key: xxxxxx
		yyyy is the ID of the next ‘highest’ neighbour (based on numerical ordering)
	Initiator sends partial key and his list of neighbours and their hashed RF Fingerprint values (hash is a commitment)
		In doing so, the neighbours of the initiator are provided with a second RF Fingerprint sample, which they duly note and check for consistency with their first sample.
	Neighbours then respond with their own partial keys and their own lists of neighbours and corresponding hashed RF Fingerprint values
		All neighbours note each other’s second RF Fingerprint samples and check them for consistency with their first samples


	The initiator then generates a (tentative) group of neighbours to be used for the credential and calculates the group shared key as:


	All other nodes in the (tentative) group can calculate the same shared key value, provided all parties in the group have been honest.
		Dishonest parties attempting to actively derail the protocol at this stage must be excluded from the tentative group in a subsequent iteration
	Steps 1 to 5 are repeated until a stable group key is established
	Dishonest parties could participate honestly and then share key values with other dishonest parties.
		The RF fingerprints of the dishonest sharers have been captured and recorded, inhibiting their ability to assume new cryptographic IDs in other groups
		Trust values for all members of the group in question decrease when this happens, since anyone of them could have been the ‘mole’ sharing the group’s secrets.
		RF Fingerprint data is associated with all of the nodes in question, facilitating their subsequent detection


	Objective: Exchange RF Fingerprint information in a confidential fashion only with active participants to improve accuracy and consistency
		Encryption serves more to commit (in a non-repudiable fashion) participants using both their secret keys and their RF Fingerprints simultaneously
		Encrypted communications serves a similar purpose for their guarantors
	Nodes encrypt communications using the shared conference key value
	Nodes broadcast the (first round) FP values that were gathered for each neighbour
	All nodes check to make sure that the values are consistent with their hashes
	Nodes also record a third (and final) RF Fingerprint value


Objective: In a secure fashion, agree on the RF Fingerprint value and the permitted error tolerance for the RF Fingerprint measurement
	At each node, we now have:
		A defined group of fully-connected participants who followed the previous protocol steps
		A shared group key, whose knowledge requires group membership
		Three RF Fingerprint samples for each neighbour in the group
			An error tolerance threshold (calculated now and used now for consistency purposes)
		Linked cryptographic keys and RF Fingerprints for all group members
The initiator node can create an aggregated credential using all of this information and distributes it to the group for validation
The other nodes verify that their RF Fingerprint measurements are within the specified error tolerance threshold and then sign it (or provide an error tolerance value for which they could sign and then abort with their reason)
Steps 1 to 2 are repeated until the initiator has a set of signers with tight enough error tolerance.


	Objective: Generate a credential using the aggregated RF Fingerprint information for a given subject node
	Credential is generated by a specific set of nodes in a particular neighbourhood
		Identification information for those nodes is included in the credential
	Resulting Credential can be ‘shown’ by the subject node outside the neighbourhood within which it was generated
	RF Fingerprints of the referees are also included in the Credential
		RF Fingerprints of the referees can only be verified by other neighbours, but not required to be in the same neighbourhood as the one used for credential generation.
		A reputation or trust system is required to monitor the behaviour of nodes, but this system requires the identifying information from the credentials.
	The method for showing the credential is not discussed in the paper.


	RF Fingerprints and a cryptographic identity are bound together in a credential
		Signer identities captured as part of credential issuing process
		Parallelism possible here; multiple credentials could be created in the final round of the protocol
	RF Fingerprint values are averaged using measurements made over multiple distinct noisy channels
	Adversary must be a member of a group to learn RF Fingerprint values and then share them.
		No advantage, since the adversary must be close enough to measure RF Fingerprint values directly.
	Can NOT stop attackers from colluding
		If detected, CAN identify them (and their collusion activities) using their RF Fingerprints
	Certain topologies (i.e. sparse ones) do not have some of these benefits
		Indeed, certain cases where credentials cannot be produced (i.e. non fully-connected subnetworks or honest node minority situations)


	Sybil attack
		Without Trusted Authorities, credential forgery prevented using requirement that RF Fingerprints ‘demonstrated’ during the showing process.
	Masquerading
		Attacking nodes needs knowledge of secrets and compatible RF Fingerprints
	Signal-Summing (for corruption of RF Fingerprints)
		Unsure whether such an attack is feasible; needs investigation
	DOS/Jamming
		RF Fingerprints can be used to identify the attacker, provided all communications are not blocked
	False RF Fingerprint reporting
		Our protocol is intended to prevent this
	Fingerprint Forgery
		We assume that this is not possible or very difficult; needs investigation


	Shown how RF Fingerprints can be used in a distributed WSN
		Shown how to use physical layer RF Fingerprints to produce ‘data layer’ credentials
	Protocol allows secure, resilient aggregation of RF Fingerprint measurements from multiple sources
	Practicality needs to be demonstrated
	Formal Security needs to be proved