Go to DBLP homepageGuessing on Dominant Paths: Understanding the Limitation of Wireless Authentication Using Channel State Information
Abstract: The channel state information (CSI) has been extensively studied in the literature to facilitate authentication in wireless networks. The less focused is a systematic attack model to evaluate CSI-based authentication. Existing studies generally adopt either a random attack model that existing designs are resilient to or a specific-knowledge model that assumes certain inside knowledge for the attacker. This paper proposes a new, realistic attack model against CSI-based authentication. In this model, an attacker Eve tries to actively guess a user Alice’s CSI, and precode her signals to impersonate Alice to the verifier Bob who uses CSI to authenticate users. To make the CSI guessing effective and low-cost, we use theoretical analysis and CSI dataset validation to show that there is no need to guess CSI values in all signal propagation paths. Specifically, Eve can adopt a Dominant Path Construction (DomPathCon) strategy that only focuses on guessing the CSI values on the first few paths with the highest channel response amplitude (called dominant paths). Comprehensive experimental results show that DomPathCon is effective and achieves up to 61% attack success rates under different wireless network settings, which exposes new limitations of CSI-based authentication. We also propose designs to mitigate the adverse impact of DomPathCon.
Loading