AeroKey: Using Ambient Electromagnetic Radiation for Secure and Usable Wireless Device Authentication
AeroKey represents a novel context-based authentication scheme for establishing secure wireless networks of personal devices using ambient electromagnetic radiation (EMR) as a source of randomness. AeroKey extracts entropy from low-frequency ambient EMR generated by ambient electrical appliances and powerlines that are ubiquitous indoors. Above figure is a conceptual illustration of the operation. A pair of AeroKey-enabled devices first independently measure the ambient EMR using readily available analog-to-digital converters (ADCs) without costly hardware-assisted signal conditioning. Then, from a digitized sequence of the EMR measurements, two devices generate bit sequences which will be identical only within a small area called personal authenticated region (PAR), around the user. The two devices can make use of this identical bit sequences to form a basis of a symmetric key to authenticate each other.
To explore the spatiality of the EMR signal, we extract the superimposed noise components and compare them between various locations within the home and lab environments. Figure (a) illustrates the measurement hardware (Arduino Due with a conducting wire connected to an input pin of the ADC) as well as the images of the experiment environments. In Figure (b),(c) and (d), we show the correlation heatmap of the extracted noise components between the two devices (Host and Client) at varying locations. In typical living room environment as the distance between the devices increases, the correlation gradually decreases from 0.7 at 50 cm down to 0.5 at 150 cm apart. The decrease in the correlation is observable in all directions with increase in the distance, which leads to demonstrate the spatial difference of the EMR noise between the two distinct locations. If the devices are separated by the wall, the correlation experiences slight decrease compared to an open environment, exhibiting correlation of 0.5 at 50 cm. This is because the observed signal between two devices is slightly different due to the distance variation from the surrounding appliances and the noise signal that gets attenuated by the wall. In Figure (d), we illustrate the effect of the powerline to the observed signal by conducting an experiment in the lab, where we can visually identify the exposed powerline. Although all the devices are located close (within 20 cm) to the same powerline, the correlation decreases between devices due to the surrounding electrical loads producing varying noise signal at different locations. This leads to demonstrate that the EMR at a specific location is spatially unique, which allows AeroKey to authenticate only closely located devices.
The noise signal, mainly used to extract spatiotemporally unique evidence bit sequences, represents the index-wise subtraction of mean signals from two consecutive timestamps. Afterwards, AeroKey leverages the gradient of the amplitudes of noise signals to extract bit sequences. Each noise signal is segmented into each bins of the same length. Next, we determine the slope of each bin, by curve-fitting the slope of its noise signal as a linear function, which is subsequently converted into a bit: a bit 1 for a positive slope or a bit 0 for a negative slope. To minimize bit discrepancies due to small differences in the noise around zero, we only use the bins with the absolute value of the slope higher than a quantization threshold; otherwise, the bins are discarded. Above Figure illustrates an example of the bit quantization process. In this example, Device A extracts six bits from bins 1, 2, 3, 4, 6, and 8, and Device B extracts four bits from bins 1, 3, 6, and 8, where the absolute value of the slope is greater or less than positive and negative threshold. As a result, a bit sequence "0001" is extracted from bins 1, 3, 6, and 8 that both devices agree to use.
Figure (a) and (b) illustrate the floorplan of the deployment environments, locations and distances between each device pairs. Additionally, we present bit agreement rates (BAR), bit extraction rates and true acceptance rates (TAR) between each device pairs. In both environments, the BAR decreases as the distance increases and, higher threshold (th) leads to higher BAR. In the home, with th=0.015, BAR is maintained above 90% between devices located within 50 cm apart. If the distance increases to 100 cm, relatively high BAR is still maintained at 85.9%. Authentication attempts in the lab are more reliable than the attempts made in the home due to a fewer number of active electric loads and human activities. Within a 20 cm to 50 cm range, the devices exhibit relatively higher BAR of over 93.4% which leads to high TAR of nearly 100% for devices within a distance of 20, and 50 cm, respectively. While the home environment achieves slightly less BAR and TAR than the lab, the bit extraction rate remains relatively equivalent. Additionally, the distance increase between the devices has no significant effect on the extraction rate since the noise signal remains relatively correlated. Overall, under both environments with 20% error tolerance and identical parameter settings, AeroKey reliably authenticates all proximate devices with mean TAR of 98.3% within 100cm.
Passive Attack: An adversary, just outside the boundary of a PAR, attempts to authenticate in the home and lab environments in the presence of regular loads. We also investigate the effects of active high-wattage loads by activating a fan, a temperature chamber, or a smoke absorber placed within 10~cm of the victim device.
Replay attack: The adversary with the knowledge of a future PAR and exact authenticating timestamp directly uses pre-measured EMR signals in the exact place at the same hour and minute of the day to authenticate itself in the home and lab environments.
Replay injection attack: Replay injection attack is similar to replay attack, but the adversary activates high-wattage loads (fan, temperature chamber, and smoke absorber) within 10~cm of victim device in the lab environment.
Active injection attack: An adversary activates high-wattage signal generator (with load) just outside the boundary of a PAR to force a common environmental bits as the adversarial device located close to the generator. Unlike replay injection attack, the victim and the adversarial devices are time synchronized.
ML-raw attack: An adversary with knowledge of the future PAR collects series of raw EMR signals over the course of one entire day and trains an ML model to use one raw 60 Hz period (input) to predict following subsequent 60 Hz (output) period.
ML-key attack: An adversary with the knowledge of the future PAR trains an ML model to predict the first two bits of evidence bits. The training occurs for one day and uses the trained model to predict the first two bits of legitimate evidence bits the next day in the home and lab environment.
The distribution of the BAR achieved from all the attacks is shown in above Figure. Overall, the passive attacks are the most successful in obtaining relatively higher portions of legitimate bits, because the timestamp of the attacks is synchronized to the legitimate authenticating devices. Nevertheless, in the home and lab environment, low EER of at most 3.4% is achieved from the passive attack which demonstrates AeroKey's security robustness from various attacks.
To accurately estimate realistic overall authentication time accounting for computation, we implement AeroKey on four different devices: Google Pixel 2 (2.35-GHz), Google Pixel 3 (2.5-GHz), Raspberry Pi 4 (1.5-GHz) and Arduino Due (84-MHz). As above Figure (a) shows, Pixel 3 achieves the fastest mean authentication time of 23.2 s. While Pixel 2 and Raspberry Pi 4 exhibit a similar mean time of 23.9 s and 24.2 s, respectively, Arduino due exhibits the slowest mean authentication time of 24.4 s due to the relatively slower processor speed. The execution time of each AeroKey stage running on Arduino Due is illustrated in Figure (b). The MEAS (measurement) stage accounts for a majority of the authentication time (22.0 s), which is identical across all devices. The SYNC (synchronization) and PPFE (pre-processing and feature extraction) stage takes 0.9 s and 1.4 s, respectively, due to the intensive computation and filtering algorithms. The remaining stages make up a negligible portion of less than 0.1 s in total.
Overall, the results suggest that the authentication can take place within 24.5 s on various processors.
Kyuin Lee, Yucheng Yang, Omkar Prabhune, Aishwarya Lekshmi Chithra, Jack West, Kassem Fawaz, Neil Klingensmith, Suman Banerjee, and Younghyun Kim, "AeroKey: Using Ambient Electromagnetic Radiation for Secure and Usable Wireless Device Authentication," To be appeared in Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT), Vol. 6, No. 1, 2022 (To be presented at the ACM International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp) 2022)