Elsevier

Signal Processing

Volume 166, January 2020, 107272
Signal Processing

Physical layer authentication under intelligent spoofing in wireless sensor networks

https://doi.org/10.1016/j.sigpro.2019.107272Get rights and content

Highlights

  • Location based access networks are vulnerable to an intelligent spoofing attack.

  • We analyze this intelligent attack and investigate how it threats to the networks.

  • A cooperative PHY-layer authentication scheme is developed to prevent this attack.

  • The properties of the attack and authentication scheme are analyzed.

Abstract

Location based access in wireless sensor networks (WSN) are vulnerable to location spoofing attacks. In this paper, we investigate the physical layer (PHY-layer) authentication in the threat of an intelligent location spoofing attack. The intelligent attack can emulate the legitimate channel information and maximize its long-term cumulative reward. First, we analyze the feasibility of this intelligent attack and investigate how it threats to the networks. Specifically, we derive the optimal transmit power allocation and find the worst case for the defenders, namely optimal intelligent attack, in which the attacker can learn the intelligent attack action based on the beamforming with optimal transmit power allocation. To defend against such an intelligent attack with high accuracy and low overhead, we develop a cooperative PHY-layer authentication scheme. Then, we provide an in-depth analysis on the belief and derive the belief bounds and the closed-form expression for the belief threshold. Furthermore, considering the whole computation complexity and the double counting problem in a loopy graph, we propose the cooperative neighbour selection algorithm to accelerate belief convergence and reduce the overhead. Finally, the simulation results reveal that the proposed method can significantly improve the defense performance compared with the state-of-art methods.

Introduction

Today, wireless sensor networks (WSN) have played an important role in Internet of mission critical things (IoMCT), i.e., battlefield, border patrol, search and rescue, etc. The location verification in WSN is key to location based security IoMCT services [1], [2]. For example, as the location based access obviates the need to establish shared secrets in advance, it can apace authenticate a transmitter via the received signal strength (RSS). However, the open air nature of wireless systems makes it vulnerable to physical layer (PHY-layer) security threats [3]. One serious threat is called location spoofing attack, which makes the attack impersonate the legitimate location to access networks. Such an attack can further cause denial-of-service (DoS), session hijacking, man-in-the-middle (MITM) attacks, which makes PHY-layer authentication extremely challenging.

Many location spoofing detection or robust localization algorithms have been developed to address the location spoofing threats. The key idea is to distinguish radio transmitters by exploiting uncorrelated PHY-layer spatial information between the legitimate users and the adversary, such as RSS [4], [5], [6], [7] and channel state information (CSI) [8], [9], [10], [11]. In [6], the optimal strategies to attack an RSS based wireless location verification system (LVS), have been analyzed for the spatially correlated shadowing channel. Similarly, the optimal attack strategy and the optimal LVS performance have been investigated in Rician fading channel [7]. To withstand the location spoofing attack, a robust localization algorithm has been developed in [12]. Compared with RSS, the CSI contains more location characteristic information [8], thus can improve the localization and spoofing detection performance. In [8], a user authentication approach has been developed by exploiting power spectral densities, where the optimal test threshold for a specified false alarm probability is derived. In [11], a CSI based authentication scheme with optimal attack strategy has been proposed over multiple input multiple output correlated fading channel. In addition, machine learning techniques have emerged to integrate with RSS or CSI scheme to further optimize spoofing detection performance [13], [14], [15], [16]. In complex dynamic communication models, i.e., the hydraulic systems inspired communication models [17], the optimal solutions can be obtained by using metaheuristic algorithms [18], [19].

However, the existing work mainly focuses on optimizing the attack strategies and the detection performances with respect to a “blunt” location spoofing attack. The term “blunt” refers to attack action, i.e., whether launch attack, without changing with the communication environments. Nowadays, the machine learning is emerging not only to enhance WSN security [20], [21], but also to threaten WSN security. With the rapid development of artificial intelligence, the attackers can be smarter and more harmful than we have ever considered. For example, different from obtaining the conventional instantaneous reward, the attacker can use machine learning, i.e., Q-learning, to choose attack action based on the communication environments and to maximize the reward based on a series of time events. This reward is called long-term cumulative reward [22]. By using Q-learning, the maximum long-term cumulative reward can be obtained by an attacker over a period of time.

The intelligent location spoofing attack investigated in this paper is an attack that can emulate the legitimate channel information via beamforming and maximize its long-term cumulative reward. Specifically, the intelligent attacker can find the worst case for the defenders, namely optimal intelligent attack. That is, the intelligent attacker can falsify the legitimate CSI and RSS via beamforming with optimal transmit power allocation. Then, based on this optimal power allocation, the intelligent attacker further learns the intelligent attack action to maximize its long-term cumulative reward. Thereby, the channel information is forged and attack action is shifty, this intelligent location spoofing attack will have a significant impact to the normal operation of WSN. In related work [23], one perfect location spoofing attack has been investigated, which can perfectly mimic the location of legitimate user. However, compared with the aforementioned intelligent location spoofing attack, this attack is not smart enough, i.e., the attack action cannot shift with the communication environments. Besides, the work of [23] focuses more on how to design one attack but inadequately tackles on how to defend against it. It is important to study the attack defense strategies. Inherently, once the performance and characteristics of a new attack are found, the emphasis is to propose the defense strategies with respect to this new attack. Thereby, motivated by the importance to study the attack defense strategy, we develop a PHY-layer authentication scheme under the threats of the investigated intelligent location spoofing attack and provide some detailed analysis.

In developing the aforementioned PHY-layer authentication scheme, some key factors should be concerned. First, since WSN is resource-limited, the PHY-layer authentication scheme should be with low overhead to prolong the life of the network. Then, the WSN are generally multi-hop networks with various topologies, which motivates us to consider a decentralized scheme to reduce maintenance cost [24]. Moreover, the PHY-layer authentication problem can be transformed into the signal detection problem, and cooperative detection can effectively improve the signal detection performance [25], [26], [27]. Whereas, there is lack of adequate attention to bring cooperation in PHY-layer authentication [4], [5], [6], [7], [8], [9], [10], [11].

Inspired by the above mentioned work [23], [24], [25], [26], [27], we propose a cooperative distributed PHY-layer authentication scheme to address intelligent location spoofing attack. To the best of our knowledge, the answers to the following questions are still missing:

  • Is it possible to have an intelligent location spoofing attack to threaten WSN?

  • How to address such intelligent location spoofing threats in PHY-layer authentication?

The key contributions of this paper are summarized as follows:

  • We study a new intelligent location spoofing attack, which can maximize the long-term cumulative reward. The feasibility of intelligent attack is analyzed and the optimal intelligent attack is exposed. Specifically,

    • 1.

      The beamforming is derived based on maximum likelihood estimator (MLE);

    • 2.

      The maximum long-term cumulative reward is obtained via Q-learning;

    • 3.

      The optimal transmit power allocation is derived by optimizing the Kullback-Leibler (KL) divergence.

  • To address the intelligent attack, we propose a cooperative PHY-layer authentication scheme via belief forecasting propagation. The developed scheme only needs to communicate a short belief message with each other rather than a long message, which leads to little transmission overhead. Specifically:

    • 1.

      We design the local function and the compatibility function for Markov random field (MRF);

    • 2.

      We derive the belief bounds and obtain the closed-form expression for belief threshold;

    • 3.

      We propose the cooperative neighbour selection algorithm to accelerate the belief convergence and reduce the overhead.

The rest of the paper is organized as follows. In Section 2, we present the system model. In Section 3, the details of the investigated intelligent location spoofing attack are discussed. In Section 4, we propose the cooperative PHY-layer authentication scheme with respect to the intelligent attack discussed in Section 3. Simulations are presented in Section 5 and future work are discussed in Section 6. We summarize this paper in Section 7.

Section snippets

System model

In this section, we first introduce the channel model and then present the attack model. For ease of reference, important notations are summarized in Table 1.

Intelligent attack

In this section, we analyze the feasibility of intelligent attack which can emulate the legitimate channel information via beamforming and maximize long-term cumulative reward via Q-learning. Then, we investigate an optimal intelligent attack.

Cooperative PHY-layer authentication

In this section, we propose the cooperative PHY-layer authentication scheme with respect to the intelligent location spoofing attack discussed in Section 4, which is shown in Fig. 2. In the following, our analysis is based on the optimal intelligent attack, which is the worst case for defenders. Specifically, we formulate the cooperative detection model as MRF and provide the location function and the compatibility function. Then, we develop the complete scheme and analyze the performance.

Simulations and performance analysis

We verify the theoretical analysis and show the performance of the proposed cooperative authentication scheme by simulations. In the simulations, we set the transmit power pb=30 dBm, the number of samples N=200, the noise variance σ=10 dBm, the path loss exponent η=2 [39]. We set the WSN coverage radius to be 2 km, the location of the sink node to be (0,0), the location of the attack to be (0.5,0.5). We set state transition probability to be P(1|0)=P(0|1)=0.4, P(1|1)=P(0|0)=0.6, initial

Future work

In this paper, we mainly focus on the static WSN scenario. It has many important applications in mission critical internet of things, such as border patrol. In such a scenario, the sensor are fixed deployment on the border to monitor border security. The mobile WSN also has widely applications in practice. Thus, in the future works, we will investigate the cooperative PHY-layer authentication scheme in mobile WSN. In addition, the non-Gaussian noise generally exists in nonlinear stochastic

Conclusion

In this paper, we have proposed a cooperative PHY-layer authentication scheme to defend against an intelligent location spoofing attack in WSN. To attack, we have analyzed the feasibility of it and found the optimal intelligent attack. To protect, we have modeled the networks as a MRF and have designed the local function and the compatibility function. We have obtained the expressions for the detection probability and false alarm probability. We have obtained the belief bounds and the

Declaration of Competing Interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Acknowledgements

This work was supported in part by the National Natural Science Foundation of China (NSFC) under Grant 61701317, Young Elite Scientists Sponsorship Program by CAST under Grant 2018QNRC001, the Guangdong Natural Science Foundation under Grant 2017A030310371, the Shenzhen Basic Research Program under JCYJ20170302150006125, the Tencent “Rhinoceros Birds” - Scientific Research Foundation for Young Teachers of Shenzhen University, and The Start-up Fund of Peacock Project. The authors thank Prof.

References (42)

  • V. Stojanovic et al.

    Optimal experiment design for identification of ARX models with constrained output in non-gaussian noise

    Appl. Math. Modell.

    (2016)
  • N. Sastry et al.

    Secure verification of location claims

    Proc. ACM Workshop on Wireless Security

    (2003)
  • S. Capkun et al.

    Integrity regions: authentication through presence in wireless networks

    IEEE Trans. Mobile Comput.

    (2010)
  • Y.S. Shiu et al.

    Physical layer security in wireless networks: a tutorial

    IEEE Wirel. Commun.

    (2011)
  • Y. Chen et al.

    Detecting and localizing identity-based attacks in wireless and sensor networks

    IEEE Trans. Veh. Tech.

    (2010)
  • S. Yan et al.

    Optimal information-theoretic wireless location verification

    IEEE Trans. Veh. Tech.

    (2014)
  • S. Yan et al.

    Location verification systems under spatially correlated shadowing

    IEEE Trans. Wireless Commun.

    (2016)
  • S. Yan et al.

    Location verification systems for VANETs in Rician fading channels

    IEEE Trans. Veh. Tech.

    (2016)
  • J.K. Tugnait

    Wireless user authentication via comparison of power spectral densities

    IEEE J. Sel. Areas Commun.

    (2013)
  • H. Liu et al.

    Practical user authentication leveraging channel state information (CSI)

    Proc. ACM Symp. Inf., Comput. Commun. Security

    (2014)
  • L. Xiao et al.

    Channel-based spoofing detection in frequency-selective rayleigh channels

    IEEE Trans. Wirel. Commun.

    (2009)
  • P. Baracca et al.

    Physical layer authentication over MIMO fading wiretap channels

    IEEE Trans. Wirel. Commun.

    (2012)
  • X. Li et al.

    Designing localization algorithms robust to signal strength attacks

    Proc. IEEE INFOCOM

    (2011)
  • L. Xiao et al.

    PHY-layer authentication with multiple landmarks with reduced overhead

    IEEE Trans. Wireless Commun.

    (2018)
  • L. Xiao et al.

    PHY-layer spoofing detection with reinforcement learning in wireless networks

    IEEE Trans. Veh. Tech.

    (2016)
  • L. Xiao et al.

    Game theoretic study on channel-based authentication in MIMO systems

    IEEE Trans. Veh. Tech.

    (2017)
  • N. Wang et al.

    A physical layer authentication based on extreme learning machine

    IEEE Commun. Lett.

    (2017)
  • N. Nedic et al.

    Simulation of hydraulic check valve for forestry equipment

    Int. J. Heavy Veh. Syst.

    (2017)
  • D. Prsic et al.

    A nature inspired optimal control of pneumatic-driven parallel robot platform

    Proc. Inst. Mech. Eng. Part C J. Mech. Eng. Sci.

    (2016)
  • N. Nedic et al.

    Optimal cascade hydraulic control for a parallel robot platform by PSO

    Int. J. Adv. Manuf. Technol.

    (2014)
  • L. Xiao et al.

    IoT Security techniques based on machine learning: how do IoT devices use AI to enhance security?

    IEEE Signal Process. Mag.

    (2018)
  • Cited by (21)

    • Cyber-security and reinforcement learning — A brief survey

      2022, Engineering Applications of Artificial Intelligence
      Citation Excerpt :

      This extensive survey paper presents the IDS, IPS, IoT, and IAM applications where reinforcement learning is used. The latest applications of RL in descending order are IDS classifiers, anomaly detectors (Sethi et al., 2021, 2020; Tao et al., 2021; Gu et al., 2020; Puzanov et al., 2020; Bouhamed et al., 2021; Suwannalai and Polprasert, 2020; Heartfield et al., 2021; Ma and Shi, 2021; Otoum et al., 2021; Mohanty et al., 2021; Lopez-Martin et al., 2021), resource allocation, task scheduling (Dutta and Biswas, 2022; Muthanna et al., 2022; Nguyen et al., 2022; Krishnan and Lim, 2021; Nauman et al., 2021; Cong et al., 2021; Ali et al., 2020; Muteba et al., 2020; Gazori et al., 2020; Chowdhury et al., 2019; Gai and Qiu, 2018; Zhu et al., 2021b; He et al., 2020), computation offloading (Huang et al., 2020; Yang et al., 2020), FL, differential privacy (Chen et al., 2021; Wang et al., 2020; Ren et al., 2022; Ahmadi et al., 2021; Xu et al., 2021; Miao et al., 2021; Zhan et al., 2020), smart city (Goyal et al., 2021; Wang et al., 2021; Ren et al., 2021; Bu and Wang, 2019), PHY-layer authentication (Xiao et al., 2015, 2016; Tao et al., 2021; Xiao et al., 2017; Gao et al., 2020; Xiao et al., 2018b; Lu et al., 2020; Greenberg et al., 2020; Xiao et al., 2021). This paper examined several databases used to train RL-based IDS and IPS systems.

    • Multiuser physical layer security mechanism in the wireless communication system of the IIOT

      2022, Computers and Security
      Citation Excerpt :

      In the industrial mobile scenario, when multiple terminal nodes access to the network at the same time, if the received signal can not be accurately identified from which node, it is easy for malicious nodes to forge the legal node identity and exchange information with the access network, thus affecting the normal operation of the system. According to the National Security Administration of the United States, 26% of the safety accidents occur in factories every year, and 35% of the safety accidents occur with energy and power systems (Gao et al., 2020). The consequences of security problems in the industrial mobile scenario are more serious than those in the mobile communication scenario.

    • Physical-layer authentication based on adaptive Kalman filter for V2X communication

      2020, Vehicular Communications
      Citation Excerpt :

      Safety-related messages such as BSMs don't have a two-way authentication, so this scheme cannot be used. Gao and Ni [15] developed a cooperative PHY-layer authentication scheme based on RSSI, but it needs cooperation from other receivers. Receivers exchange information to authenticate the sender, so it cannot meet the real-time of BSMs.

    View all citing articles on Scopus

    Fully documented templates are available in the elsarticle package on CTAN.

    View full text