Authors:
Hamid Dashtbani, PhD student at University of Würzburg
Traditional authentication methods such as certificates and cryptographic keys remain vulnerable to a range of attacks including spoofing, brute force, and replay attacks. Context-based authentication (CBA) is an authentication scheme of the CROSSCON project that provides a more comprehensive authentication plan for IoT devices based on their environment using Channel State Information (CSI) of the Wi-Fi devices to safely authenticate devices in a secure location.
Environment-based Authentication Using Wi-Fi CSI
At its core, CBA uses Wi-Fi CSI information of the devices and their surrounding environment to make smarter and more robust decisions regarding their authentication. Using the CSI information, we can create a digital fingerprint for all our devices and their surrounding secure environment. This digital fingerprint depends both on the devices and the specific location in which they are operating, providing a more robust and secure way of environment-based authentication.
How Context-based Authentication Works
At a high level, CBA first uses firmware -level access to the Wi-Fi chipset to collect CSI data from each device in the surrounding environment. This CSI data is affected by both the environment and the device itself and contains information such as the amplitude, phase, multi-path properties, and distortions of the Wi-Fi signal, reflecting both the properties of the transmitters and the physical layout of the environment. The digital fingerprints are recorded and registered during setup and are securely stored by a remote verifier. During authentication, fresh CSI samples are collected and transmitted to the remote verifier where a machine learning model authenticates the device by comparing the stored digital fingerprints and the freshly recorded CSI samples.
Why Context-based Authentication Matters
Traditional authentication use static information such as credentials and cryptographic keys which are vulnerable to theft, phishing attacks, and leakage. On the other hand, by using CSI data, CBA combines intrinsic device-level and environment dependent features to construct a more robust digital fingerprints. Replicating this digital fingerprint is not trivial since the adversary has to simulate and forge both the environment and device conditions. In addition to the aforementioned benefits, CBA remains lightweight, requiring passive analysis of CSI signals and a highly efficient and small machine learning model which perfectly aligns with CROSSCON’s vision of stronger security for heterogeneous IoT systems.