Skip to main content Accessibility help

We use cookies to distinguish you from other users and to provide you with a better experience on our websites. Close this message to accept cookies or find out how to manage your cookie settings.

Close cookie message
×
Hostname: page-component-6bf8c574d5-zc66z Total loading time: 0 Render date: 2025-03-09T15:53:53.203Z Has data issue: false hasContentIssue false

14 - Wireless Physical-Layer Authentication for the Internet of Things

from Part III - Secret Key Generation and Authentication

Published online by Cambridge University Press:  28 June 2017

By
G. Caparra ,
M. Centenaro ,
N. Laurenti ,
S. Tomasin  and
L. Vangelista
Edited by
Rafael F. Schaefer ,
Holger Boche ,
Ashish Khisti  and
H. Vincent Poor
G. Caparra
Affiliation:
Department of Information Engineering, University of Padova
M. Centenaro
Affiliation:
Department of Information Engineering, University of Padova
N. Laurenti
Affiliation:
Department of Information Engineering, University of Padova
S. Tomasin
Affiliation:
Department of Information Engineering, University of Padova
L. Vangelista
Affiliation:
Department of Information Engineering, University of Padova
Rafael F. Schaefer
Affiliation:
Technische Universität Berlin
Holger Boche
Affiliation:
Technische Universität München
Ashish Khisti
Affiliation:
University of Toronto
H. Vincent Poor
Affiliation:
Princeton University, New Jersey
Get access

Summary

Authentication of messages in an Internet of Things (IoT) is a key security feature that may involve heavy signaling and protocol procedures, not suitable for small devices with very limited computational capabilities and energy availability. In this chapter we address the problem of message authentication in an IoT context, by using physical-layer approaches. We propose a solution based on the use of trusted anchor nodes that estimate the channel from the transmitting node and report them to a concentrator node, which takes a decision on the message authenticity. Assuming that the anchor nodes have a limited energy availability, we analyze the lifespan of the authenticating network and propose both centralized and distributed approaches to determine which anchor nodes report the information to the concentrator. The authenticating network overhead is also discussed and a tradeoff between energy efficiency and signaling traffic is found.

IoT Authentication Overview

In the near future it is expected that many devices in common use will be connected to the Internet, thus enabling enhanced features and applications, from flexible home automation to customization of body area networks. Huge security challenges must be faced in this new scenario.We will focus on the authentication problem, i.e., the problem of determining whether a message has been truly transmitted by a specific device. In other words, we want to make sure that no malicious node is transmitting messages in place of a legitimate node.

In an IoT scenario the dramatically large number of nodes calls for simple authentication techniques. As will be discussed in more detail in Section 14.2, the most popular IoT standards address the problem of authentication only with approaches based on cryptography that require complex processing procedures and the exchange (and refresh) of keys among the devices. An open-minded approach, trying to include new techniques, e.g., at the physical layer, could contribute strongly to the solution of the problem.

Therefore, here we investigate solutions that exploit the features of wireless transmissions and can integrate well other authentication procedures implemented in the higher layers.

Type
Chapter
Information
Information Theoretic Security and Privacy of Information Systems , pp. 390 - 418
Publisher: Cambridge University Press
Print publication year: 2017

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

[1] II Consortium, 2015. [Online]. Available: www.iiconsortium.org/
[2] ThingWorx, 2015. [Online]. Available: www.thingworx.com/
[3] “IEEE Standard 802.15.4,” IEEE, Tech. Rep., 2011.
[4] NIST, “Pub 800-38c, recommendation for block cipher modes of operation – the CCM mode for authentication and confidentiality,” U.S. Department of Commerce/N.I.S.T., Tech. Rep., 2004.
[5] ANSI, “ANSI X9.63-2001, public key cryptography for the financial services industry – key agreement and key transport using elliptic curve cryptography,” ANSI, Tech. Rep., 2001.
[6] C. E., Shannon, “Communication theory of secrecy systems,” Bell Syst. Tech. J., vol. 28, no. 4, pp. 656–715, Oct. 1949.Google Scholar
[7] A. D., Wyner, “The wire-tap channel,” Bell Syst. Tech. J., vol. 54, pp. 1355–1387, Oct. 1975.Google Scholar
[8] E. A., Jorswieck, S., Tomasin, and A., Sezgin, “Broadcasting into the uncertainty: Authentication and confidentiality by physical-layer processing,” Proc. IEEE, vol. 103, no. 10, pp. 1702–1724, Oct. 2015.Google Scholar
[9] T., Daniels, M., Mina, and S. F., Russell, “A signal fingerprinting paradigm for general physical layer and sensor network security and assurance,” in Proc. IEEE First Int. Conf. Security and Privacy for Emerging Areas in Commun. Networks, Athens, Greece, Sep. 2005, pp. 1–3.
[10] P., Baracca, N., Laurenti, and S., Tomasin, “Physical layer authentication over an OFDM fading wiretap channel,” in Proc. Int. ICST Conf. Performance Evaluation Methodologies and Tools, Paris, France, 2011, pp. 648–657.
[11] P., Baracca, N., Laurenti, and S., Tomasin, “Physical layer authentication over MIMO fading wiretap channels,” IEEE Trans. Wireless Commun., vol. 11, no. 7, pp. 2564–2573, Jul. 2012.Google Scholar
[12] A., Ferrante, N., Laurenti, C., Masiero, M., Pavon, and S., Tomasin, “On the error region for channel estimation based physical layer authentication over Rayleigh fading,” IEEE Trans. Inf. Forensics Security, vol. 10, no. 5, pp. 941–952, May 2015.Google Scholar
[13] S., Jiang, “Keyless authentication in a noisy model,” IEEE Trans. Inf. Forensics Security, vol. 9, no. 6, pp. 1024–1033, Jun. 2014.Google Scholar
[14] L., Xiao, L. J., Greenstein, N. B., Mandayam, and W., Trappe, “Fingerprints in the ether: using the physical layer for wireless authentication,” in Proc. IEEE Int. Conf. Commun., Glasgow, UK, Jun. 2007, pp. 4646–4651.
[15] L., Xiao, L. J., Greenstein, N. B., Mandayam, and W., Trappe, “A physical-layer technique to enhance authentication for mobile terminals,” in Proc. IEEE Int. Conf. Commun., Beijing, China, May 2008, pp. 1520–1524.
[16] L., Xiao, L. J., Greenstein, N. B., Mandayam, and W., Trappe, “Channel-based spoofing detection in frequency-selective Rayleigh channels,” IEEE Trans. Wireless Commun., vol. 8, no. 12, pp. 5948–5956, Dec. 2009.Google Scholar
[17] L., Xiao, A., Reznik, W., Trappe, C., Ye, Y., Shah, and L. J., Greenstein, “PHY-authentication protocol for spoofing detection in wireless networks,” in Proc. IEEE Global Commun. Conf., Miami, FL, USA, Dec. 2010, pp. 1–6.
[18] F., He, W., Wang, and H., Man, “REAM: rake receiver enhanced authentication method,” in Proc. IEEE Military Commun. Conf., San Jose, CA, USA, Oct. 2010, pp. 2205–2210.
[19] J., Liu, A., Refaey, X., Wang, and H., Tang, “Reliability enhancement for CIR-based physical layer authentication,” Security and Communication Networks, vol. 8, no. 4, pp. 661–671, 2015.Google Scholar
[20] D. B., Faria and D. R., Cheriton, “Detecting identity-based attacks in wireless networks using signalprints,” in Proc. ACMWorkshopWireless Security, Los Angeles, CA, USA, Sep. 2006, pp. 43–52.
[21] M., Demirbas and Y., Song, “An RSSI-based scheme for sybil attack detection in wireless sensor networks,” in Proc. IEEE Int. Symp. World of Wireless, Mobile and Multimedia Networks, Buffalo, NY, USA, Jun. 2006, p. 5.
[22] Y., Chen, W., Trappe, and R. P., Martin, “Detecting and localizing wireless spoofing attacks,” in Proc. IEEE Conf. Sensor, Mesh and Ad Hoc Commun. and Networks, San Diego, CA, USA, Jun. 2007, pp. 193–202.
[23] F., He, H., Man, D., Kivanc, and B., McNair, “EPSON: enhanced physical security in OFDM networks,” in Proc. IEEE Int. Conf. Commun., Dresden, Germany, Jun. 2009, pp. 1–5.
[24] O., Gungor, C., Koksal, and H. El, Gamal, “An information theoretic approach to RF fingerprinting,” in Proc. 47th Asilomar Conf. Signals, Systems, Computers, Pacific Grove, CA, USA, Nov. 2013, pp. 61–65.
[25] E. N., Gilbert, F. J., MacWilliams, and N. J. A., Sloane, “Codes which detect deception,” Bell Syst. Tech. J., vol. 53, no. 3, pp. 405–424, 1974.Google Scholar
[26] V., Fåk, “Repeated use of codes which detect deception,” IEEE Trans. Inf. Theory, vol. 25, pp. 233–234, Mar. 1979.Google Scholar
[27] G. J., Simmons, “Authentication theory/coding theory,” Lecture Notes in Computer Science, vol. 196, pp. 411–431, 1985.Google Scholar
[28] G. J., Simmons, “A survey of information authentication,” Proc. IEEE, vol. 76, no. 5, pp. 603–620, May 1988.Google Scholar
[29] A., Sgarro, “Information divergence bounds for authentication codes,” Lecture Notes in Computer Science, vol. 434, pp. 93–101, 1985.Google Scholar
[30] R., Johannesson and A., Sgarro, “Strengthening Simmons' bound on impersonation,” IEEE Trans. Inf. Theory, vol. 37, pp. 1182–1185, Jul. 1991.Google Scholar
[31] T., Johansson, “Lower bounds on the probability of deception in authentication with arbitration,” IEEE Trans. Inf. Theory, vol. 40, pp. 1573–1585, Sep. 1994.Google Scholar
[32] U. M., Maurer, “Authentication theory and hypothesis testing,” IEEE Trans. Inf. Theory, vol. 46, no. 4, pp. 1350–1356, Jul. 2000.Google Scholar
[33] P. L., Yu, J. S., Baras, and B. M., Sadler, “Physical-layer authentication,” IEEE Trans. Inf. Forensics Security, vol. 3, no. 1, pp. 38–51, Mar. 2008.Google Scholar
[34] P. L., Yu, J. S., Baras, and B. M., Sadler, “Power allocation tradeoffs in multicarrier authentication systems,” in Proc. IEEE Sarnoff Symp., Princeton, NJ, USA, Mar. 2009, pp. 1–5.
[35] E., Martinian, G. W., Wornell, and B., Chen, “Authentication with distortion criteria,” IEEE Trans. Inf. Theory, vol. 51, no. 7, pp. 2523–2542, Jul. 2005.Google Scholar
[36] Y., Liu and C. G., Boncelet, “The CRC-NTMAC for noisy message authentication,” IEEE Trans. Inf. Forensics Security, vol. 1, no. 4, pp. 517–523, Dec. 2006.Google Scholar
[37] C. G., Boncelet, “The NTMAC for authentication of noisy messages,” IEEE Trans. Inf. Forensics Security, vol. 1, no. 1, pp. 35–42, Mar. 2006.Google Scholar
[38] L., Lai, H. El, Gamal, and H. V., Poor, “Authentication over noisy channels,” IEEE Trans. Inf. Theory, vol. 55, no. 2, pp. 906–916, Feb. 2009.Google Scholar
[39] P. L., Yu and B. M., Sadler, “MIMO authentication via deliberate fingerprinting at the physical layer,” IEEE Trans. Inf. Forensics Security, vol. 6, no. 3, pp. 606–615, Sep. 2011.Google Scholar
[40] S., Kay, Fundamentals of Statistical Signal Processing: Detection Theory. Upper Saddle River, NJ: Prentice Hall, 1993.
[41] H. V., Khuong and H. Y., Kong, “General expression for pdf of a sum of independent exponential random variables,” IEEE Commun. Letters, vol. 10, no. 3, pp. 159–161, 2006.Google Scholar
[42] A., Biral, M., Centenaro, A., Zanella, L., Vangelista, and M., Zorzi, “The challenges of m2m massive access in wireless cellular networks,” Digital Communications and Networks, vol. 1, no. 1, pp. 1–19, 2015.Google Scholar

Save book to Kindle

To save this book to your Kindle, first ensure [email protected] is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about saving to your Kindle.

Note you can select to save to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be saved to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

Find out more about the Kindle Personal Document Service.

Available formats
×

Save book to Dropbox

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Dropbox.

Available formats
×

Save book to Google Drive

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Google Drive.

Available formats
×