Defeat Your Enemy Hiding behind Public WiFi: WiGuard Can Protect Your Sensitive Information from CSI-Based Attack

Jie Zhang,Zhanyong Tang,Wei Wang,Xiaoqing Gong,Dingyi Fang,Zheng Wang,Meng Li

doi:10.3390/app8040515

Jie Zhang, Zhanyong Tang + Show 5 more

Open Access

https://doi.org/10.3390/app8040515

Copy DOI

Journal: Applied sciences	Publication Date: Mar 28, 2018
Citations: 2	License type: CC BY 4.0

Affiliation: Northwest University, Lancaster University

Abstract

Channel state information (CSI) has been recently shown to be useful in performing security attacks in public WiFi environments. By analyzing how CSI is affected by finger motions, CSI-based attacks can effectively reconstruct text-based passwords and locking patterns. This paper presents WiGuard, a novel system to protect sensitive on-screen input information in a public place. Our approach carefully exploits WiFi channel interference to introduce noise to attacker’s CSI measurements to reduce the success rate of CSI-based attacks. Our approach automatically detects when a CSI-based attack happens. We evaluate our approach by applying it to protect text-based passwords and pattern locks on mobile devices. Experimental results show that our approach is able to reduce the success rate of CSI-based attacks from 92–42% for text-based passwords and from 82–22% for pattern lock.

Highlights

Smartphones and tablets are usually used in public places and connected to public WiFi
We reproduce the experiments of WiPass [6] and WiKey [5], and the results demonstrate that the channel interference can defeat the Channel state information (CSI)-based attack
The adjacent channel interference experiments are done, and first, the safe wireless transmitter and the target public access point (AP) work on different channels, the safe wireless transmitters will switch their channel to interfere with the target public AP

Summary

Introduction

Smartphones and tablets are usually used in public places (such as cafes, hotels, shopping malls, airports) and connected to public WiFi. it is not safe to use mobile devices in such an environment, because by analyzing the influence of user’s finger movements on channel state information (CSI) when the user enters the password, the attackers can steal user’s sensitive information, such as passwords, PINs, security codes, etc. It is not safe to use mobile devices in such an environment, because by analyzing the influence of user’s finger movements on channel state information (CSI) when the user enters the password, the attackers can steal user’s sensitive information, such as passwords, PINs, security codes, etc We call this kind of attack a “CSI-based attack” [1]. The attacker looks unsuspicious, so that the user will not perceive him/her

Methods

Results

Conclusion