Abstract
Channel state information (CSI) has been recently shown to be useful in performing security attacks in public WiFi environments. By analyzing how CSI is affected by finger motions, CSI-based attacks can effectively reconstruct text-based passwords and locking patterns. This paper presents WiGuard, a novel system to protect sensitive on-screen input information in a public place. Our approach carefully exploits WiFi channel interference to introduce noise to attacker’s CSI measurements to reduce the success rate of CSI-based attacks. Our approach automatically detects when a CSI-based attack happens. We evaluate our approach by applying it to protect text-based passwords and pattern locks on mobile devices. Experimental results show that our approach is able to reduce the success rate of CSI-based attacks from 92–42% for text-based passwords and from 82–22% for pattern lock.
Highlights
Smartphones and tablets are usually used in public places and connected to public WiFi
We reproduce the experiments of WiPass [6] and WiKey [5], and the results demonstrate that the channel interference can defeat the Channel state information (CSI)-based attack
The adjacent channel interference experiments are done, and first, the safe wireless transmitter and the target public access point (AP) work on different channels, the safe wireless transmitters will switch their channel to interfere with the target public AP
Summary
Smartphones and tablets are usually used in public places (such as cafes, hotels, shopping malls, airports) and connected to public WiFi. it is not safe to use mobile devices in such an environment, because by analyzing the influence of user’s finger movements on channel state information (CSI) when the user enters the password, the attackers can steal user’s sensitive information, such as passwords, PINs, security codes, etc. It is not safe to use mobile devices in such an environment, because by analyzing the influence of user’s finger movements on channel state information (CSI) when the user enters the password, the attackers can steal user’s sensitive information, such as passwords, PINs, security codes, etc We call this kind of attack a “CSI-based attack” [1]. The attacker looks unsuspicious, so that the user will not perceive him/her
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have