Xingya Zhao
ABSTRACT
Full-duplex devices can compromise the integrity of wireless channel measurements through signal relaying and several attacks have been proposed based on this vulnerability. Existing source authentication methods relying on previously-collected signatures face significant challenges in detecting these attacks because a relay attacker can gradually inject the channels so that the manipulated channels will fall within the tolerance range of the authentication methods and are mistaken as new signatures. In this paper, we propose RelayShield, a system for detecting malicious relays and recovering the legitimate transmitter-receiver channels from the manipulated channels. RelayShield requires only one channel measurement at the receiver. It analyzes signal path information resolved from input channels to detect relays and recover channels. RelayShield achieves over 95% detection accuracy with channels collected in two typical indoor environments. The recovered channels can support a wide range of applications, including secret generation protocols and sensing systems.
Supplemental Material
- Amani Al-Shawabka, Francesco Restuccia, Salvatore D'Oro, Tong Jian, Bruno Costa Rendon, Nasim Soltani, Jennifer Dy, Stratis Ioannidis, Kaushik Chowdhury, and Tommaso Melodia. 2020. Exposing the fingerprint: Dissecting the impact of the wireless channel on radio fingerprinting. In IEEE INFOCOM 2020-IEEE Conference on Computer Communications. IEEE, 646--655.Google Scholar
Digital Library
- Tomoyuki Aono, Keisuke Higuchi, Takashi Ohira, Bokuji Komiyama, and Hideichi Sasaoka. 2005. Wireless secret key generation exploiting reactance-domain scalar response of multipath fading channels. IEEE Transactions on Antennas and Propagation 53, 11 (2005), 3776--3784.Google ScholarCross Ref
- Chrisil Arackaparambil, Sergey Bratus, Anna Shubina, and David Kotz. 2010. On the reliability of wireless fingerprinting using clock skews. In Proceedings of the third ACM conference on Wireless network security. 169--174.Google ScholarDigital Library
- Arjun Bakshi, Yifan Mao, Kannan Srinivasan, and Srinivasan Parthasarathy. 2019. Fast and efficient cross band channel prediction using machine learning. In The 25th Annual International Conference on Mobile Computing and Networking. 1--16.Google ScholarDigital Library
- Lars Baumgärtner, Alexandra Dmitrienko, Bernd Freisleben, Alexander Gruler, Jonas Höchst, Joshua Kühlberg, Mira Mezini, Richard Mitev, Markus Miettinen, Anel Muhamedagic, et al. 2020. Mind the gap: Security & privacy risks of contact tracing apps. In 2020 IEEE 19th international conference on trust, security and privacy in computing and communications (TrustCom). IEEE, 458--467.Google ScholarCross Ref
- Dinesh Bharadia and Sachin Katti. 2014. Fastforward: Fast and constructive full duplex relays. ACM SIGCOMM Computer Communication Review 44, 4 (2014), 199--210.Google ScholarDigital Library
- Stefan Brands and David Chaum. 1994. Distance-bounding protocols. In Advances in Cryptology-EUROCRYPT'93: Workshop on the Theory and Application of Cryptographic Techniques Lofthus, Norway, May 23--27, 1993 Proceedings 12. Springer, 344--359.Google ScholarCross Ref
- Vladimir Brik, Suman Banerjee, Marco Gruteser, and Sangho Oh. 2008. Wireless device identification with radiometric signatures. In Proceedings of the 14th ACM international conference on Mobile computing and networking. 116--127.Google ScholarDigital Library
- Murat Demirbas and Youngwhan Song. 2006. An RSSI-based Scheme for Sybil Attack Detection in Wireless Sensor Networks. In 2006 International Symposium on a World of Wireless, Mobile and Multimedia Networks. 565--570.Google Scholar
- Loh Chin Choong Desmond, Cho Chia Yuan, Tan Chung Pheng, and Ri Seng Lee. 2008. Identifying unique devices through wireless fingerprinting. In Proceedings of the first ACM conference on Wireless network security. 46--55.Google ScholarDigital Library
- Saar Drimer, Steven J Murdoch, et al. 2007. Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks.. In USENIX security symposium, Vol. 312.Google Scholar
- Aurélien Francillon, Boris Danev, and Srdjan Capkun. 2011. Relay attacks on passive keyless entry and start systems in modern cars. In Proceedings of the Network and Distributed System Security Symposium (NDSS). Eidgenössische Technische Hochschule Zürich, Department of Computer Science.Google Scholar
- Lishoy Francis, Gerhard Hancke, Keith Mayes, and Konstantinos Markantonakis. 2010. Practical NFC peer-to-peer relay attack using mobile phones. In Radio Frequency Identification: Security and Privacy Issues: 6th International Workshop, RFIDSec 2010, Istanbul, Turkey, June 8--9, 2010, Revised Selected Papers 6. Springer, 35--49.Google ScholarCross Ref
- Gerhard P Hancke and Markus G Kuhn. 2005. An RFID distance bounding protocol. In First international conference on security and privacy for emerging areas in communications networks (SECURECOMM'05). IEEE, 67--73.Google ScholarDigital Library
- Jens Hermans, Roel Peeters, and Cristina Onete. 2013. Efficient, secure, private distance bounding without key updates. In Proceedings of the sixth ACMconference on Security and privacy in wireless and mobile networks. 207--218.Google ScholarDigital Library
- Grant Ho, Derek Leung, Pratyush Mishra, Ashkan Hosseini, Dawn Song, and David Wagner. 2016. Smart locks: Lessons for securing commodity internet of things devices. In Proceedings of the 11th ACM on Asia conference on computer and communications security. 461--472.Google ScholarDigital Library
- Weikun Hou, Xianbin Wang, Jean-Yves Chouinard, and Ahmed Refaey. 2014. Physical layer authentication for mobile systems with time-varying carrier frequency offsets. IEEE Transactions on Communications 62, 5 (2014), 1658--1667.Google ScholarCross Ref
- Zhiping Jiang, Jizhong Zhao, Xiang-Yang Li, Jinsong Han, and Wei Xi. 2013. Rejecting the attack: Source authentication for Wi-Fi management frames using CSI information. In 2013 Proceedings IEEE INFOCOM. IEEE, 2544--2552.Google ScholarCross Ref
- Hongbo Liu, Yang Wang, Jie Yang, and Yingying Chen. 2013. Fast and practical secret key extraction by exploiting channel response. In 2013 Proceedings IEEE INFOCOM. IEEE, 3048--3056.Google ScholarCross Ref
- Hongbo Liu, Jie Yang, Yan Wang, and Yingying Chen. 2012. Collaborative secret key extraction leveraging received signal strength in mobile wireless networks. In 2012 Proceedings IEEE INFOCOM. IEEE, 927--935.Google Scholar
- Yanpei Liu, Stark C Draper, and Akbar M Sayeed. 2012. Exploiting channel diversity in secret key generation from multipath fading randomness. IEEE Transactions on information forensics and security 7, 5 (2012), 1484--1497.Google ScholarDigital Library
- Suhas Mathur,Wade Trappe, Narayan Mandayam, Chunxuan Ye, and Alex Reznik. 2008. Radio-telepathy: Extracting a secret key from an unauthenticated wireless channel. In Proceedings of the 14th ACM international conference on Mobile computing and networking. 128--139.Google ScholarDigital Library
- Neal Patwari and Sneha K Kasera. 2007. Robust location distinction using temporal link signatures. In Proceedings of the 13th annual ACM international conference on Mobile computing and networking. 111--122.Google ScholarDigital Library
- Yue Qiao, Kannan Srinivasan, and Anish Arora. 2017. Channel spoofer: Defeating channel variability and unpredictability. In Proceedings of the 13th International Conference on emerging Networking EXperiments and Technologies. 402--413.Google ScholarDigital Library
- Kasper Bonne Rasmussen and Srdjan Capkun. 2010. Realization of RF Distance Bounding.. In USENIX security symposium. 389--402.Google Scholar
- Michael Roland, Josef Langer, and Josef Scharinger. 2013. Applying relay attacks to GoogleWallet. In 2013 5th InternationalWorkshop on Near Field Communication (NFC). IEEE, 1--6.Google Scholar
- Kunal Sankhe, Mauro Belgiovine, Fan Zhou, Shamnaz Riyaz, Stratis Ioannidis, and Kaushik Chowdhury. 2019. ORACLE: Optimized radio classification through convolutional neural networks. In IEEE INFOCOM 2019-IEEE Conference on Computer Communications. IEEE, 370--378.Google ScholarDigital Library
- Paul Staat, Kai Jansen, Christian Zenger, Harald Elders-Boll, and Christof Paar. 2022. Analog Physical-Layer Relay Attacks with Application to Bluetooth and Phase-Based Ranging. arXiv preprint arXiv:2202.06554 (2022).Google Scholar
- Yu-Chih Tung, Kang G Shin, and Kyu-Han Kim. 2016. Analog man-in-the-middle attack against link-based packet source identification. In Proceedings of the 17th ACM International Symposium on Mobile Ad Hoc Networking and Computing. 331--340.Google ScholarDigital Library
- Deepak Vasisht, Swarun Kumar, Hariharan Rahul, and Dina Katabi. 2016. Eliminating channel feedback in next-generation cellular networks. In Proceedings of the 2016 ACM SIGCOMM Conference. 398--411.Google ScholarDigital Library
- Yan Wang, Jian Liu, Yingying Chen, Marco Gruteser, Jie Yang, and Hongbo Liu. 2014. E-eyes: device-free location-oriented activity identification using finegrained WiFi signatures. In Proceedings of the 20th annual international conference on Mobile computing and networking. 617--628.Google ScholarDigital Library
- Liang Xiao, Larry J Greenstein, Narayan B Mandayam, and Wade Trappe. 2008. Using the physical layer for wireless authentication in time-variant channels. IEEE Transactions on Wireless Communications 7, 7 (2008), 2571--2579.Google ScholarDigital Library
- Yaxiong Xie, Jie Xiong, Mo Li, and Kyle Jamieson. 2019. mD-Track: Leveraging multi-dimensionality for passive indoor Wi-Fi tracking. In The 25th Annual International Conference on Mobile Computing and Networking. 1--16.Google ScholarDigital Library
- Jie Xiong and Kyle Jamieson. 2013. Securearray: Improving WiFi security with fine-grained physical-layer information. In Proceedings of the 19th annual international conference on Mobile computing & networking. 441--452.Google ScholarDigital Library
Index Terms
- Malicious Relay Detection and Legitimate Channel Recovery
Recommendations
Channel Spoofer: Defeating Channel Variability and Unpredictability
CoNEXT '17: Proceedings of the 13th International Conference on emerging Networking EXperiments and TechnologiesA vast literature on secret sharing protocols now exists based on the folk theorem that the wireless channel between communicating parties Alice and Bob cannot be controlled or predicted by a third party in a fine-grain way. We find that the folk ...
Interference mitigation in Z-channel and relay-assisted Z-channel: a diversity gain region perspective
This work considers the interference management in Z-channel and full-duplex decode-and-forward (FD DF) relay-assisted Z-channel. In the case of Z-channel, closed-form expressions for the achievable diversity gain regions (DGRs) with both single-user (...
Physical layer security based on NOMA and AJ for MISOSE channels with an untrusted relay
AbstractPhysical layer security based on non-orthogonal multiple access (NOMA) and artificial jamming (AJ) is considered in a one-way amplify-and-forward (AF) relay network with an untrusted relay. In the first phase of the two-phase operation ...
Highlights- NOMA and AJ can imporve secrecy performance in MISOSE channels with an untrusted AF relay.
Comments