Abstract
Secure and scalable device provisioning is a notorious challenge in Wi-Fi. WPA2/WPA3 solutions take user interaction and a strong passphrase for granted. However, the often weak passphrases are subject to guessing attacks. Notably, there has been a significant rise of cyberattacks on Wi-Fi home or small office networks during the COVID-19 pandemic. This paper addresses the device provisioning problem in Wi-Fi (personal mode) and proposes ComPass protocol to supplement WPA2/WPA3. ComPass replaces the pre-installed or user-selected passphrases with automatically generated ones. For this, ComPass employs Physical Layer Security and extracts credentials from common random physical layer parameters between devices. Two major features make ComPass unique and superior compared to previous proposals: First, it employs phase information (rather than amplitude or signal strength) to generate the passphrase so that it is robust, scaleable, and impossible to guess. Our analysis showed that ComPass generated passphrases have 3 times more entropy than human generated passphrases (113-bits vs. 34-bits). Second, ComPass selects parameters such that two devices bind only within a certain proximity (\(\le \)3m), hence providing practically useful in-build PLS-based authentication. ComPass is available as a kernel module or as full firmware.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Biswas, B., Herbert, V.: Efficient Root Finding of Polynomials over Fields of Characteristic 2. https://hal.archives-ouvertes.fr/hal-00626997/ (2009)
Bose, R.C., Ray-Chaudhuri, D.K.: On a class of error correcting binary group codes. Inf. Control 3(1), 68–79 (1960)
Chien, R.: Cyclic decoding procedures for Bose-Chaudhuri-Hocquenghem codes. IEEE Trans. Inf. Theor. 10(4), 357–363 (1964)
Djelic, I., Borgerding, M.: User BCH (Bose-Chaudhuri-Hocquenghem) encode/decode library based on BCH module from Linux kernel. https://github.com/mborgerding/bch_codec (2015)
Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38(1), 97–139 (2008)
Dworkin, M.J.: SHA-3 standard: permutation-based hash and extendable-output functions. NIST Pubs (2015). https://doi.org/10.6028/NIST.FIPS.202
EVERIS-NTT DATA Company: KeePass Code Review Results Report. https://joinup.ec.europa.eu/collection/eu-fossa-2/project-deliveries (2016)
Gringoli, F., Schulz, M., Link, J., Hollick, M.: Free your CSI: a channel state information extraction platform for modern Wi-Fi chipsets. In: Proceedings of the 13th International Workshop on Wireless Network Testbeds, Experimental Evaluation & Characterization (2019)
Halperin, D., Hu, W., Sheth, A., Wetherall, D.: Tool release: Gathering 802.11 n traces with channel state information. ACM SIGCOMM Comput. Commun. Rev. 41(1), 53–53 (2011)
Harkins, D., Kumari, W.: Opportunistic Wireless Encryption. RFC 8110 (2017). https://doi.org/10.17487/RFC8110. https://www.rfc-editor.org/rfc/rfc8110.html
Harmon, K., Johnson, S., Reyzin, L.: An implementation of syndrome encoding and decoding for binary BCH codes, secure sketches and fuzzy extractors. https://www.cs.bu.edu/~reyzin/code/fuzzy.html (2008)
Hocquenghem, A.: Codes correcteurs d’erreurs. Chiffres 2(2), 147–56 (1959)
IEEE: IEEE Std 802.11-2016 Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications (2016). https://doi.org/10.1109/IEEESTD.2016.7786995
INTERPOL: COVID-19 Cybercrime Analysis Report. https://www.interpol.int/en/News-and-Events/News/2020/INTERPOL-report-shows-alarming-rate-of-cyberattacks-during-COVID-19 (2020)
Jung, P., Wunder, G.: On time-variant distortions in multicarrier transmission with application to frequency offsets and phase noise. IEEE Trans. Commun. 53(9), 1561–1570 (2005)
Kaliski, B.: PKCS #5: Password-based cryptography specification version 2.0. RFC 2898 (2000). https://doi.org/10.17487/RFC2898. https://www.rfc-editor.org/rfc/rfc2898.html
Kilgallin, J., Vasko, R.: Factoring RSA keys in the IoT era. In: IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (2019)
Kivinen, T., Kojo, M.: More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE). RFC 3526 (2003). https://doi.org/10.17487/RFC3526. https://www.rfc-editor.org/rfc/rfc3526.html
Kotaru, M., Joshi, K., Bharadia, D., Katti, S.: SpotFi: decimeter level localization using WiFi. In: Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication, pp. 269–282 (2015)
Maurer, U.M.: Secret key agreement by public discussion from common information. IEEE Trans. Inf. Theor. 39(3), 733–742 (1993)
Meyer, F.: A single header-only C++ library for least squares fitting. https://github.com/Rookfighter/least-squares-cpp (2019)
Rappaport, T.: Wireless Communications: Principles and Practice, pp. 165–166 (2001)
Reaz, K., Wunder, G.: Wireless Channel-based Autonomous Key Management for IoT (AutoKEY) on WiSHFUL Testbed. http://www.wishful-project.eu/sites/default/files/AutoKEY-leaflet.pdf (2017)
Shannon, C.E.: Communication theory of secrecy systems. Bell Syst. Tech. J. 28(4), 656–715 (1949)
Thai, C.D.T., Lee, J., Prakash, J., Quek, T.Q.: Secret group-key generation at physical layer for multi-antenna mesh topology. IEEE Trans. Inf. Forensics Secur. 14(1), 18–33 (2018)
Vanhoef, M., Piessens, F.: Key reinstallation attacks: forcing nonce reuse in WPA2. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, ACM (2017)
Vasisht, D., Kumar, S., Katabi, D.: Decimeter-level localization with a single WiFi access point. In: 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI 16), pp. 165–178 (2016)
Vieböck, S.: Wi-Fi Protected Setup (WPS) PIN brute force vulnerability. CERT Vulnerability Note VU#723755. https://www.kb.cert.org/vuls/id/723755/
Wang, Q., Xu, K., Ren, K.: Cooperative secret key generation from phase estimation in narrowband fading channels. IEEE J. Sel. Areas Commun. 30(9), 1666–1674 (2012)
Wheeler, D.L.: zxcvbn: low-budget password strength estimation. In: 25th USENIX Security Symposium, pp. 157–173 (2016)
Wi-Fi Alliance: Wi-Fi Easy Connect. https://www.wi-fi.org/discover-wi-fi/wi-fi-easy-connect. Accessed 23 Oct 2019
Wi-Fi Alliance: Opportunistic Wireless Encryption Specification. Specification v1.0 (2019)
Wi-Fi Alliance: Wi-Fi Protected Setup Version 2.0.2 (2020)
Wi-Fi Alliance: WPA3 Specification Version 3.0 (2020)
Wu, C., Yang, Z., Zhou, Z., Qian, K., Liu, Y., Liu, M.: PhaseU: Real-time LOS identification with WiFi. In: IEEE Conference on Computer Communications, pp. 2038–2046. IEEE (2015)
Wyner, A.D.: The Wire-Tap Channel. Bell Syst. Tech. J. 54(8), 1355–1387 (1975)
Xi, W., et al.: Instant and Robust Authentication and Key Agreement among Mobile Devices. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (2016)
Xie, Y., Li, Z., Li, M.: Precise Power Delay Profiling with Commodity WiFi. MobiCom 2015. ACM (2015). https://doi.org/10.1145/2789168.2790124
Zenger, C., Zimmer, J., Paar, C.: Security analysis of quantization schemes for channel-based key extraction. In: proceedings of the 12th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (2015)
Zenger, C.T., Chur, M.J., Posielek, J.F., Paar, C., Wunder, G.: A novel key generating architecture for wireless low-resource devices. In: 2014 International Workshop on Secure Internet of Things. IEEE (2014)
Zhu, H., Zhuo, Y., Liu, Q., Chang, S.: \(\pi \)-splicer: perceiving accurate CSI phases with commodity WiFi devices. IEEE Trans. Mobile Comput. 17(9), 2155–2165 (2018)
Zinoviev, V.: On the solution of equations of degree \( \le 10\) over finite fields \(GF (2^m)\). Rapports de recherche-INRIA (1996)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Reaz, K., Wunder, G. (2022). ComPass: Proximity Aware Common Passphrase Agreement Protocol for Wi-Fi Devices Using Physical Layer Security. In: Barolli, L., Yim, K., Chen, HC. (eds) Innovative Mobile and Internet Services in Ubiquitous Computing. IMIS 2021. Lecture Notes in Networks and Systems, vol 279. Springer, Cham. https://doi.org/10.1007/978-3-030-79728-7_26
Download citation
DOI: https://doi.org/10.1007/978-3-030-79728-7_26
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-79727-0
Online ISBN: 978-3-030-79728-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)