Skip to main content
SpringerLink
Log in

LocKey: Location-Based Key Extraction from the WiFi Environment in the User’s Vicinity

  • Conference paper
  • First Online:
Information Security Practice and Experience (ISPEC 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14341))

  • 293 Accesses

Abstract

We investigate extracting persistent information from semi-volatile signals in the user’s vicinity to extend existing authentication factors. We use WiFi as a representative of semi-volatile signals, as WiFi signals and WiFi receiver hardware are ubiquitous. WiFi hardware is mostly bound to a physical location and WiFi signals are semi-volatile by nature. By comparing different locations, we confirm our expectation that location-specific information is present in the received WiFi signals. In this work, we study whether and how this information can be transformed to satisfy the following properties of a cryptographic key so that we can use it as an extension of an authentication factor: it must be uniformly random, contain sufficient entropy, and the information must be secret. We further discuss two primary use cases in the authentication domain: using extracted low-entropy information (48 bits) for password hardening and using extracted high-entropy information (128 bits and 256 bits) as a location-specific key. Using the WiFi-signal composition as an authentication component increases the usability, introduces the factor of ‘location’ to the authentication claims, and introduces another layer of defense against key or password extraction attacks. Next to these advantages, it has intrinsic limitations, such as the need for the receiver to be in proximity to the signal and the reliance on WiFi signals, which are outside the user’s control. Despite these challenges, using signals in the proximity of a user works in situations with a fallback routine in place while increasing usability and transparency. LocKey is capable to extract low-entropy information at all locations measured, and high-entropy from 68% locations for 128-bit keys (48% of the locations respectively for 256-bit keys). We further show that with an initial measurement time of at most five minutes, we can reconstruct the key in at least 75% of the cases in less than 15, 30, and 40 s depending on the desired key strength.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://gitlab.com/lockey1/scandata.

References

  1. Agudo, I., Rios, R., Lopez, J.: A privacy-aware continuous authentication scheme for proximity-based access control. Comput. Secur. 39, 117–126 (2013)

    Article  Google Scholar 

  2. Aman, M.N., Basheer, M.H., Sikdar, B.: Two-factor authentication for IoT with location information. IEEE Internet Things J. 6(2), 3335–3351 (2018)

    Article  Google Scholar 

  3. Azimi-Sadjadi, B., Kiayias, A., Mercado, A., Yener, B.: Robust key generation from signal envelopes in wireless networks. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 401–410 (2007)

    Google Scholar 

  4. Barker, E., Dang, Q.: Nist special publication 800–57 part 1, revision 5: Recommendation for key management: Part 1-general, May 2020. Cited on, page 58 (2020)

    Google Scholar 

  5. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: The keccak sponge function family: Specifications summary (2011). http://keccak.noekeon.org/specs_summary.html

  6. Carter, J.L., Wegman, M.N.: Universal classes of hash functions. In: Proceedings of the Ninth Annual ACM Symposium on Theory of Computing, pp. 106–112 (1977)

    Google Scholar 

  7. Chandran, N., Goyal, V., Moriarty, R., Ostrovsky, R.: Position based cryptography. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 391–407. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03356-8_23

    Chapter  Google Scholar 

  8. Cho, Y., Bao, L., Goodrich, M.T.: LAAC: a location-aware access control protocol. In: 2006 3rd Annual International Conference on Mobile and Ubiquitous Systems-Workshops, pp. 1–7 (2006)

    Google Scholar 

  9. Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_31

    Chapter  Google Scholar 

  10. Fakhreddine, A., Tippenhauer, N.O., Giustiniano, D.: Design and large-scale evaluation of WiFi proximity metrics. In: European Wireless 2018; 24th European Wireless Conference, pp. 1–6. VDE (2018)

    Google Scholar 

  11. Foti, J.: Entity authentication using public key cryptography (1997)

    Google Scholar 

  12. GNOME. org.freedesktop.networkmanager.accesspoint (2021). https://developer.gnome.org/NetworkManager/1.2/gdbus-org.freedesktop.NetworkManager.AccessPoint.html

  13. Hocquenghem, A.: Codes correcteurs d’erreurs. Chiffers 2, 147–156 (1959)

    Google Scholar 

  14. IEEE Standard. Wireless lan medium access control (mac)and physical layer (phy) specifications (2007). https://www.iith.ac.in/~tbr/teaching/docs/802.11-2007.pdf

  15. Intel. Dual band wireless-ac 8265 (2021). https://ark.intel.com/content/www/us/en/ark/products/94150/intel-dual-band-wireless-ac-8265.html

  16. ISO 27000. Information technology, security techniques, information security management systems, overview andvocabulary (2018)

    Google Scholar 

  17. Jagadeesan, A., Thillaikkarasi, T., Duraiswamy, K.: Cryptographic key generation from multiple biometric modalities: fusing minutiae with iris feature. Int. J. Comput. Appl. 2(6), 16–26 (2010)

    Google Scholar 

  18. Jakubeit, P., Peter, A., van Steen, M.: The measurable environment as nonintrusive authentication factor on the example of WiFi beacon frames. In: Saracino, A., Mori, P. (eds.) ETAA 2022. LNCS, vol. 13782, pp. 48–69. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-25467-3_4

    Chapter  Google Scholar 

  19. Jeong, W., et al.: SDR receiver using commodity wifi via physical-layer signal reconstruction. In: Proceedings of the 26th Annual International Conference on Mobile Computing and Networking, pp. 1–14 (2020)

    Google Scholar 

  20. Juels, A., Sudan, M.: A fuzzy vault scheme. Des. Codes Crypt. 38(2), 237–257 (2006)

    Article  MathSciNet  MATH  Google Scholar 

  21. Li, G., Bours, P.: Studying WiFi and accelerometer data based authentication method on mobile phones. In: Proceedings of the 2018 2nd international Conference on Biometric Engineering and Applications, pp. 18–23 (2018)

    Google Scholar 

  22. Lohr, C.: A WebGL-based raytraced voxel engine with transparency of WiFi signal over a 360mm x 360mm x 180mm area (2016). https://cnlohr.github.io/voxeltastic/

  23. Turner, J.M.: The keyed-hash message authentication code (HMAC). Federal Inf. Process. Standards Publ. 198(1), 1–13 (2008)

    Google Scholar 

  24. WP29. Opinion 01/2017 on the proposed regulation for the eprivacy regulation (2002/58/ec). (2017). http://ec.europa.eu/newsroom/document.cfm?doc_id=44103

  25. Yang, W., Sun, Y., Zhan, L., Ji, Y.: Low mismatch key agreement based on wavelet-transform trend and fuzzy vault in body area network. Int. J. Distrib. Sens. Netw. 9(6), 912873 (2013)

    Article  Google Scholar 

  26. Yang, C., Shao, H.-R.: WiFi-based indoor positioning. IEEE Commun. Mag. 53(3), 150–157 (2015)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Twente, Drienerlolaan 5, 7522, Enschede, NB, The Netherlands

    Philipp Jakubeit, Andreas Peter & Maarten van Steen

  2. University of Oldenburg, Ammerländer Heerstraße 114-118, 26129, Oldenburg, Germany

    Andreas Peter

Authors
  1. Philipp Jakubeit
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andreas Peter
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Maarten van Steen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Philipp Jakubeit .

Editor information

Editors and Affiliations

  1. Technical University of Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

  2. Xidian University, Xi'an, China

    Zheng Yan

  3. University of Milan, Milan, Italy

    Vincenzo Piuri

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Jakubeit, P., Peter, A., van Steen, M. (2023). LocKey: Location-Based Key Extraction from the WiFi Environment in the User’s Vicinity. In: Meng, W., Yan, Z., Piuri, V. (eds) Information Security Practice and Experience. ISPEC 2023. Lecture Notes in Computer Science, vol 14341. Springer, Singapore. https://doi.org/10.1007/978-981-99-7032-2_24

Download citation

  • DOI: https://doi.org/10.1007/978-981-99-7032-2_24

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-99-7031-5

  • Online ISBN: 978-981-99-7032-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation