Next2You: Robust Copresence Detection Based on Channel State Information

The proliferation of the Internet of Things (IoT) requires establishing and maintaining secure communication between smart devices to ensure user privacy and trustworthiness of IoT systems. Zero-interaction pairing (ZIP) and zero-interaction authentication (ZIA) are recent techniques that allow pairing or authenticating devices without user involvement utilizing devices’ physical context (e.g., ambient audio). Compared to centralized security solutions for the IoT such as public-key infrastructure (PKI) and conventional user-assisted pairing and authentication methods (e.g., entering a password), ZIP and ZIA schemes promise improved user experience, as they do not require users to participate in pairing or authentication procedures, and easy deployment, as they rely on on-board sensors of smart devices. However, we find that proposed ZIP and ZIA schemes are still immature, requiring improvements in three areas: security, usability, and deployability. In this thesis, we advance the domain of ZIP and ZIA in these three areas as follows. First, we analyze state-of-the-art ZIP and ZIA schemes both theoretically and empirically using real-world data that we collect. Our findings reveal that these schemes show reduced security and usability under realistic conditions, and we identify reasons why this reduction occurs. Second, we improve on ZIP, proposing a novel ZIP architecture called FastZIP combining a recently introduced Fuzzy Password-Authenticated Key Exchange (fPAKE) protocol, which has stronger security properties than the cryptographic primitives used by the state-of-the-art ZIP schemes, and sensor fusion, which allows building robust context from multiple sensor modalities, each capturing a distinct physical phenomenon. We demonstrate, collecting real-world data using off-the-shelf devices, that FastZIP has higher security guarantees than state-of-the-art ZIP schemes against brute-force offline and predictable context attacks (e.g., context replay) and significantly shorter pairing time, improving the usability of our scheme. Third, we develop a new copresence detection method named Next2You; copresence detection is a core part of any ZIA scheme. Next2You utilizes channel state information (CSI), which captures a unique wireless context of an environment (e.g., a room), and neural networks. Through our real-world experiments using off-the-shelf smartphones, we demonstrate that Next2You outperforms state-of-the-art copresence detection methods in two ways: (1) it achieves accurate copresence detection in challenging cases of low-entropy context (e.g., empty room with few events occurring) and insufficiently separated environments (e.g., adjacent rooms), thus is more secure and (2) Next2You requires devices to only have ubiquitous Wi-Fi chipsets, without a need for extra sensors (e.g., microphones), improving the deployability of our method. Fourth, we publicly release the collected context data and codebase of the above contributions, enhancing the reproducibility in the domain of ZIP and ZIA.

Internet of Things (IoT) security becomes of great importance, as IoT is the foundation for many emerging services. To safeguard IoT security, cryptosystems at upper layer relying on sophisticated key management alone can face many challenges due to the massive deployment of resource constrained machine-type communication (MTC) devices. Physical layer (PHY) security can complement and enhance IoT security, by exploiting the characteristics of the bottom layer. In PHY security, channel state information (CSI) estimated through reverse pilot training is essential for the sender to select appropriate beamforming/precoder, which however is also vulnerable to adversaries. An adversary can actively launch pilot contamination attacks to affect the channel estimation and improve its signal reception quality. In this paper, we propose a relay-aided vectorized (RAV) secure transmission scheme, to safeguard the downlink communication in IoT networks under potential pilot contamination attacks. The proposed scheme does not distinguish the pilot sequences sent from an adversary and the receiver; and the sender utilizes what it receives to estimate the CSI for beamforming/precoder design. Then, a set of data symbols are presuperposed using a random complex matrix to form signal vectors to send. Through cooperation with a relay, the signal vectors can be recovered by the intended receiver whereas the adversary or the relay cannot, as proved through security analysis. The simulation results also demonstrate that the bit error rate (BER) of the adversary is 0.5 regardless of its channel quality, indicating perfect secrecy is achieved.

Advancements in computer networks has led to the inter-connectivity of different types of smart devices over the internet. Such a diversified connected network is often termed as internet of things or IoT. Off late, an ancillary of the IoT framework called the fogging or fog computing has gained tremendous prominence. . Fog computing decentralizes the infrastructure without depending on centralizing it, such as with cloud computing. Fog computing is a paradigm proposed that integrates the IoT and the cloud concept to support user mobility, low latency, and location awareness. Due to the de- centralized nature of the Fog architecture, the sharing of data among different smart devices is susceptible to security threats. In this paper, a comprehensive review on fog computing and the allied performance metrics such as coverage, error rate and throughput have been discussed. Moreover, a channel load sensing techniques utilizing the channel state information (CSI) has also been proposed with the aim to enhance the throughput and error rate of the system. Keywords: Internet of Things (IoT), Fog Computing, End Device, Error Rate, Throughput, Channel State Information.

In view of the nonideality of communication links in the Internet of Things (IoT) originating from transceiver hardware impairments, in this article, we introduce a general framework for hardware impairments-aware multiantenna transceiver design, which considers different availabilities of CSI at the transmitter (CSIT) and the receiver (CSIR). The well-known Kronecker model is applied to characterize stochastic channel state information (CSI) errors. For each case, we aim to minimize the (average) total mean square error (MSE) of all data streams subject to the practical per-antenna power constraints. To address the nonconvexity of the formulated problem, we propose an efficient majorization–minimization (MM)-based iterative algorithm to transform the original problem into a series of convex subproblems with semiclosed-form optimal solutions. For low-complexity implementation, we also develop an alternative scheme for directly finding a high-quality suboptimal solution by considering both worst case hardware impairments and worst case CSI errors. In particular, since an explicit expression of the average total MSE for the perfect CSIR and imperfect CSIT case is hard to derive, we instead optimize its effective upper and lower bounds. The prospective applications of our work in the two currently popular multiple-input–multiple-output (MIMO) IoT scenarios are then discussed. Furthermore, we fundamentally reveal the MSE floor effect caused by both hardware distortion and CSI imperfection in the high-SNR regime. Numerical results illustrate the excellent average total MSE and average bit error rate (BER) performance of our proposed algorithms over the adopted benchmark schemes.

Radio frequency (RF) fingerprinting, as an emerging physical layer security technology, demonstrates significant potential in the field of Internet of Things (IoT) security. However, most existing methods operate under a ‘closed-set’ assumption, failing to effectively address the continuous emergence of unknown devices in real-world scenarios. To tackle this challenge, this paper proposes an open-set radio frequency fingerprint identification (RFFI) method based on Multi-Task Prototype Learning (MTPL). The core of this method is a multi-task learning framework that simultaneously performs discriminative classification, generative reconstruction, and prototype clustering tasks through a deep network that integrates an encoder, a decoder, and a classifier. Specifically, the classification task aims to learn discriminative features with class separability, the generative reconstruction task aims to preserve intrinsic signal characteristics and enhance detection capability for out-of-distribution samples, and the prototype clustering task aims to promote compact intra-class distributions for known classes by minimizing the distance between samples and their class prototypes. This synergistic multi-task optimization mechanism effectively shapes a feature space highly conducive to open-set recognition. After training, instead of relying on direct classifier outputs, we propose to adopt extreme value theory (EVT) to statistically model the tail distribution of the minimum distances between known class samples and their prototypes, thereby adaptively determining a robust open-set discrimination threshold. Comprehensive experiments on a real-world dataset with 16 Wi-Fi devices show that the proposed method outperforms five mainstream open-set recognition methods, including SoftMax thresholding, OpenMax, and MLOSR, achieving a mean AUROC of 0.9918. This result is approximately 1.7 percentage points higher than the second-best method, demonstrating the effectiveness and superiority of the proposed approach for building secure and robust wireless authentication systems. This validates the effectiveness and superiority of our approach in building secure and robust wireless authentication systems.

The Internet of Things (IoT) is increasingly used for critical applications and securing the IoT has become a major concern. Among other issues it is important to ensure that tampering with IoT devices is detected. Many IoT devices use WiFi for communication and Channel State Information (CSI) based tamper detection is a valid option. Each 802.11n WiFi frame contains a preamble which allows a receiver to estimate the impact of the wireless channel, the transmitter and the receiver on the signal. The estimation result - the CSI - is used by a receiver to extract the transmitted information. However, as the CSI depends on the communication environment and the transmitter hardware, it can be used as well for security purposes. If an attacker tampers with a transmitter it will have an effect on the CSI measured at a receiver. Unfortunately not only tamper events lead to CSI fluctuations; movement of people in the communication environment has an impact too. We propose to analyse CSI values of a transmission simultaneously at multiple receivers to improve distinction of tamper and movement events. A moving person is expected to have an impact on some but not all communication links between transmitter and the receivers. A tamper event impacts on all links between transmitter and the receivers. The paper describes the necessary algorithms for the proposed tamper detection method. In particular we analyse the tamper detection capability in practical deployments with varying intensity of people movement. In our experiments the proposed system deployed in a busy office environment was capable to detect 53% of tamper events (TPR = 53%) while creating zero false alarms (FPR = 0%).

Internet of Things (IoT) has overwhelmed the industries creating interdependence among the devices, automation of the system, and data sharing. Security issues have however come into place and in most cases the traditional measures might not be sufficient. The decentralized and transparent manner that is one of the blockchain technology applications might hold the answer in ensuring security of IoT systems, as it has been used in device authentication. With the help of an immutable ledger, offered by blockchain, the IoT devices can be registered, authenticated, and verified in a secure way, without involving central authorities, which limits the chances of a cyberattack. The concept of blockchain and IoT combination to offer scalable, secure, and efficient authentication system and its opportunities, disadvantages, and advantages in ensuring the data integrity of interconnected devices is described in the paper.

The Internet of Things (IoT) revolution is rapidly altering our vision of collecting and analyzing real time data to optimize applications and services related to transportation, environmental monitoring, security, among others. However, the wide adoption of IoT technology faces critical challenges such as lack of compatibility and interoperability among IoT systems, need of dedicated infrastructure, inability to scale to thousands of devices, immature standards, insecure identification and authentication etc. This dissertation presents our progressive efforts to overcome some of these challenges by designing scalable, energy-efficient as well as tamper-proof authentication and signaling mechanisms. The key contributions of this dissertation include four novel techniques i) 'FreeIoT', a city-scale IoT control signalling over LTE, ii) 'ORACLE', a deep learning based secure device authentication, iii) 'ISK', covert signaling by deep learning of controlled radio imperfections, and iv) 'CSIscan', a control signalling in WiFi for efficient access point (AP) discovery. FreeIoT provides city-scale control signaling for IoT sensors over LTE without installing any additional infrastructure. FreeIoT encodes control messages by changing the spatial positioning of Almost Blank Subframes (ABS) within a standard-compliant LTE frame. ABS was originally defined in the standard to allow coexistence between the macro-cell eNB and nearby small cells, which FreeIoT leverages as a side channel for IoT signaling. We implement a proof of concept testbed to validate the operation of FreeIoT using a software defined LTE eNB and custom-designed RF energy harvesting circuit interfaced with off-the-shelf sensors. For secure device authentication, we design ORACLE, an approach for detecting a unique radio from a large pool of bit-similar devices (same hardware, protocol, physical address, MAC ID) using only IQ samples at the physical layer. We extensively evaluate the performance of the fingerprinting approach on large-scale datasets of WiFi- transmissions collected ``in the wild'', as well as a dataset of nominally-identical (i.e., equal baseband signals) WiFi devices. For covert wireless communications, we present impairment shift keying (ISK) that authenticates a device or exchanges private information between devices. ISK introduces small yet controlled modifications to the radio transmitter hardware, which distorts regular standards-compliant waveforms, such as WiFi, with only 1% increase in bit error rate. A deep convolutional neural network is trained to learn these overlay signal variations, which serves as a low-overhead classifier returning a binary 0 or 1 per detected impairment pattern. By mapping device-specific injected impairment patterns to signal variations, ISK validates device IDs with only few inphase (I) and quadrature (Q) samples. Finally, we propose CSIscan that embeds discovery related information within AP's ongoing regular transmissions for its efficient discovery. CSIscan intelligently distorts the transmitted physical layer OFDM frame by inducing perturbations in the preamble. A deep learning framework allocates the optimal level of distortion on a per-subcarrier basis that keeps resulting bit error rate to less than 1%, while also allowing decoding the overlay bits via changes in the perceived channel state information (CSI).

With the prevalence of commodity WiFi devices and development of the Internet of Things (IoT), the usage of WiFi has been extended from communication to context aware. Based on this, indoor localization has attracted increasing attention in the academic community, without the need for additional sensors and any active engagement from the users. However, the localization performance is vulnerable to the background noises due to relying on signals changes. To address this issue, in this article, we propose a passive 3-D indoor localization with a radio map for the mobile target by exploiting channel state information (CSI) of WiFi signals, realizing human–computer interaction (HCI). To this end, 3-D space is first divided into multiple independent regions and we construct a spatial radio map by traversing all the subspaces using CSI measurements. Next, to fully characterize the profiles of the locations of the mobile target, we reconstruct CSI time series to form a CSI tensor through integrating WiFi transmission links and a CANDECAMP/PARAFAC (CP) decomposition method is applied to this tensor for obtaining representative features. Then, the features-location data set is optimized by combining <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$t$ </tex-math></inline-formula> -distributed stochastic neighbor embedding (t-SNE) and information theory method to reconstruct a fine-grained fingerprint map for improving system performance. Finally, a recurrent neural network (RNN) model is introduced to learn the features data set optimized and then build a nonlinear correlation between input and output for realizing the purpose of accurate indoor localization. The proposed scheme is implemented on a set of commodity WiFi devices and evaluated in indoor scenarios. Based on real-world CSI data, our experimental results confirm the effectiveness of the proposed scheme in terms of localization accuracy and robustness against the noises.

The smart health care system collects users' health data, stores and shares it with other associated users in the platform. The ability to remotely access and manage smart medical equipment is handy, but it’s also perilous, because vulnerable devices may be used to spy on people or execute other criminal actions. This emphasizes the need of developing a reliable and secure authentication system. Recently, there has been a lot of interest in employing blockchain in the smart environment (e.g., Distributed Internet of Things (IoT)) for both maintaining trust and privacy-preserving. Although several proposals have been handled with blockchain-based IoT issues, there are still numerous challenges such as authentication, revocation, delays, anonymity, and impersonation. Motivated by these facts, in this work, we construct an efficient Decentralized Identifiers (DIDs)-Based Authentication Scheme for Smart Health Care. The model integrates DIDs in the Smart Health care system to provide a secure and efficient authentication service. We also demonstrate that the suggested system meets the security and privacy criteria, such as anonymity, traceability, and confidentiality, through implementation and assessment.

This paper investigates uplink massive MIMO communication scenarios in dynamic Internet of things (IoT) networks. In this paper, dynamic IoT mainly consists of the Internet of vehicles (IoV) and the original IoT network. Because the speed of vehicle is very fast, the number of users is constantly changing in the IoT network, which leads the structure of the IoT network to change. We mainly consider how to obtain the channel state information (CSI) of active users. Due to active users and inactive users, the system model is considered a sparse structure. This structure inspired us to give an algorithm suitable for the sparse structure and obtain more accurate channel state information of dynamic IoT networks, though these numerical results, under the premise of guaranteeing performance, can greatly reduce the complexity of the algorithm.

The integration of the Internet of Things (IoT) connects a number of intelligent devices with minimum human interference that can interact with one another. IoT is rapidly emerging in the areas of computer science. However, new security problems are posed by the cross-cutting design of the multidisciplinary elements and IoT systems involved in deploying such schemes. Ineffective is the implementation of security protocols, i.e., authentication, encryption, application security, and access network for IoT systems and their essential weaknesses in security. Current security approaches can also be improved to protect the IoT environment effectively. In recent years, deep learning (DL)/machine learning (ML) has progressed significantly in various critical implementations. Therefore, DL/ML methods are essential to turn IoT system protection from simply enabling safe contact between IoT systems to intelligence systems in security. This review aims to include an extensive analysis of ML systems and state-of-the-art developments in DL methods to improve enhanced IoT device protection methods. On the other hand, various new insights in machine and deep learning for IoT securities illustrate how it could help future research. IoT protection risks relating to emerging or essential threats are identified, as well as future IoT device attacks and possible threats associated with each surface. We then carefully analyze DL and ML IoT protection approaches and present each approach’s benefits, possibilities, and weaknesses. This review discusses a number of potential challenges and limitations. The future works, recommendations, and suggestions of DL/ML in IoT security are also included.

In globalization of information, internet has played a vital role by providing an easy and fast access of information and systems to remote users. However, with ease for authentic users, it has made information resources accessible to unauthorized users too. To authorize legitimate user for the access of information and systems, authentication mechanisms are applied. Many users use their credentials or private information at public places to access their accounts that are protected by passwords. These passwords are usually text-based passwords and their security and effectiveness can be compromised. An attacker can steal text-based passwords using different techniques like shoulder surfing and various key logger software, that are freely available over internet. To improve the security, numerous sophisticated and secure authentication systems have been proposed that employ various biometric authentication systems, token-based authentication system etc. But these solutions providing such high-level security, require special modification in the design and hence, imply additional cost. Textual passwords that are easy to use but vulnerable to attacks like shoulder surfing, various image based, and textual graphical password schemes are proposed. However, none of the existing textual graphical passwords are resistant to shoulder surfing and more importantly to mobile key-logging. In this paper, an improved and robust textual graphical password scheme is proposed that uses sectors and colors and introducing randomization as the primary function for the character display and selection. This property makes the proposed scheme resistant to shoulder surfing and more importantly to mobile key-logging. It can be useful for authentication process of any smart held device application.

Enhancing eID card mobile-based authentication through 3D facial reconstruction

Received Signal Strength Indicator (RSSI)-based fingerprinting is currently viewed as an important technique for the positioning capabilities in the Internet of Things (IoT). However, in the case of practical measurement, the localization methods based on RSSI are easily affected by the temporal and spatial variation, which contributes to most of the estimation errors in current systems. In this paper, the feasibility of utilizing the Channel State Information (CSI) for localization is studied, after knowing that the CSI contains information about the channel between the sender and receiver at the level of individual data subcarriers. Unlike most of the previous work, the intended approach is to use the entire subcarrier magnitudes without averaging or any reduction of the obtained narrowband CSI. Moreover, the frequency hopping in the LoRa systems should be a profit for localization by getting access to a wider band. In order to obtain a reliable basis for this approach, an outdoor measurement campaign is performed in the area of the Campus Beaulieu in Rennes to estimate the CSI of transmitted LoRa signals from different locations. For this, it is necessary for the individual channels from each different position to be appropriately different from one another to achieve significant localization gain. Hence, a comparison is done investigating the attainable evolution in the CSI at each location based on the CSI slope versus its average amplitude. In the given results, the feasibility of using the proposed technique is asserted by the drastic stability of the CSI slope over time and space, in contrary to the CSI average amplitude. This manifests the robustness of the CSI to the signal fluctuations and its more valuable rendering than the RSSI.