Abstract
We investigate extracting persistent information from semi-volatile signals in the user’s vicinity to extend existing authentication factors. We use WiFi as a representative of semi-volatile signals, as WiFi signals and WiFi receiver hardware are ubiquitous. WiFi hardware is mostly bound to a physical location and WiFi signals are semi-volatile by nature. By comparing different locations, we confirm our expectation that location-specific information is present in the received WiFi signals. In this work, we study whether and how this information can be transformed to satisfy the following properties of a cryptographic key so that we can use it as an extension of an authentication factor: it must be uniformly random, contain sufficient entropy, and the information must be secret. We further discuss two primary use cases in the authentication domain: using extracted low-entropy information (48 bits) for password hardening and using extracted high-entropy information (128 bits and 256 bits) as a location-specific key. Using the WiFi-signal composition as an authentication component increases the usability, introduces the factor of ‘location’ to the authentication claims, and introduces another layer of defense against key or password extraction attacks. Next to these advantages, it has intrinsic limitations, such as the need for the receiver to be in proximity to the signal and the reliance on WiFi signals, which are outside the user’s control. Despite these challenges, using signals in the proximity of a user works in situations with a fallback routine in place while increasing usability and transparency. LocKey is capable to extract low-entropy information at all locations measured, and high-entropy from 68% locations for 128-bit keys (48% of the locations respectively for 256-bit keys). We further show that with an initial measurement time of at most five minutes, we can reconstruct the key in at least 75% of the cases in less than 15, 30, and 40 s depending on the desired key strength.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Agudo, I., Rios, R., Lopez, J.: A privacy-aware continuous authentication scheme for proximity-based access control. Comput. Secur. 39, 117–126 (2013)
Aman, M.N., Basheer, M.H., Sikdar, B.: Two-factor authentication for IoT with location information. IEEE Internet Things J. 6(2), 3335–3351 (2018)
Azimi-Sadjadi, B., Kiayias, A., Mercado, A., Yener, B.: Robust key generation from signal envelopes in wireless networks. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 401–410 (2007)
Barker, E., Dang, Q.: Nist special publication 800–57 part 1, revision 5: Recommendation for key management: Part 1-general, May 2020. Cited on, page 58 (2020)
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: The keccak sponge function family: Specifications summary (2011). http://keccak.noekeon.org/specs_summary.html
Carter, J.L., Wegman, M.N.: Universal classes of hash functions. In: Proceedings of the Ninth Annual ACM Symposium on Theory of Computing, pp. 106–112 (1977)
Chandran, N., Goyal, V., Moriarty, R., Ostrovsky, R.: Position based cryptography. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 391–407. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03356-8_23
Cho, Y., Bao, L., Goodrich, M.T.: LAAC: a location-aware access control protocol. In: 2006 3rd Annual International Conference on Mobile and Ubiquitous Systems-Workshops, pp. 1–7 (2006)
Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_31
Fakhreddine, A., Tippenhauer, N.O., Giustiniano, D.: Design and large-scale evaluation of WiFi proximity metrics. In: European Wireless 2018; 24th European Wireless Conference, pp. 1–6. VDE (2018)
Foti, J.: Entity authentication using public key cryptography (1997)
GNOME. org.freedesktop.networkmanager.accesspoint (2021). https://developer.gnome.org/NetworkManager/1.2/gdbus-org.freedesktop.NetworkManager.AccessPoint.html
Hocquenghem, A.: Codes correcteurs d’erreurs. Chiffers 2, 147–156 (1959)
IEEE Standard. Wireless lan medium access control (mac)and physical layer (phy) specifications (2007). https://www.iith.ac.in/~tbr/teaching/docs/802.11-2007.pdf
Intel. Dual band wireless-ac 8265 (2021). https://ark.intel.com/content/www/us/en/ark/products/94150/intel-dual-band-wireless-ac-8265.html
ISO 27000. Information technology, security techniques, information security management systems, overview andvocabulary (2018)
Jagadeesan, A., Thillaikkarasi, T., Duraiswamy, K.: Cryptographic key generation from multiple biometric modalities: fusing minutiae with iris feature. Int. J. Comput. Appl. 2(6), 16–26 (2010)
Jakubeit, P., Peter, A., van Steen, M.: The measurable environment as nonintrusive authentication factor on the example of WiFi beacon frames. In: Saracino, A., Mori, P. (eds.) ETAA 2022. LNCS, vol. 13782, pp. 48–69. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-25467-3_4
Jeong, W., et al.: SDR receiver using commodity wifi via physical-layer signal reconstruction. In: Proceedings of the 26th Annual International Conference on Mobile Computing and Networking, pp. 1–14 (2020)
Juels, A., Sudan, M.: A fuzzy vault scheme. Des. Codes Crypt. 38(2), 237–257 (2006)
Li, G., Bours, P.: Studying WiFi and accelerometer data based authentication method on mobile phones. In: Proceedings of the 2018 2nd international Conference on Biometric Engineering and Applications, pp. 18–23 (2018)
Lohr, C.: A WebGL-based raytraced voxel engine with transparency of WiFi signal over a 360mm x 360mm x 180mm area (2016). https://cnlohr.github.io/voxeltastic/
Turner, J.M.: The keyed-hash message authentication code (HMAC). Federal Inf. Process. Standards Publ. 198(1), 1–13 (2008)
WP29. Opinion 01/2017 on the proposed regulation for the eprivacy regulation (2002/58/ec). (2017). http://ec.europa.eu/newsroom/document.cfm?doc_id=44103
Yang, W., Sun, Y., Zhan, L., Ji, Y.: Low mismatch key agreement based on wavelet-transform trend and fuzzy vault in body area network. Int. J. Distrib. Sens. Netw. 9(6), 912873 (2013)
Yang, C., Shao, H.-R.: WiFi-based indoor positioning. IEEE Commun. Mag. 53(3), 150–157 (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Jakubeit, P., Peter, A., van Steen, M. (2023). LocKey: Location-Based Key Extraction from the WiFi Environment in the User’s Vicinity. In: Meng, W., Yan, Z., Piuri, V. (eds) Information Security Practice and Experience. ISPEC 2023. Lecture Notes in Computer Science, vol 14341. Springer, Singapore. https://doi.org/10.1007/978-981-99-7032-2_24
Download citation
DOI: https://doi.org/10.1007/978-981-99-7032-2_24
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-7031-5
Online ISBN: 978-981-99-7032-2
eBook Packages: Computer ScienceComputer Science (R0)