Human-centric Internet of Things (IoT) has recently gained increasing popularity in both industrial and academic fields by adding users as a new dimension to connectivity and enabling intriguing user-centered applications, such as remote healthcare and real-time activity tracking [2, 3]. The minimalist design paradigm of IoT devices appears to be two sides of the same coin: it allows ultra-low-power communications while rendering communication links vulnerable to malevolent attackers. Since on-body IoT devices are generally attached to users’ bodies to continuously record fine-grained vital signs, security breaches of these devices pose a serious threat to users’ everyday privacy [4, 5] and safety [6, 7].
Despite growing attempts and extensive endeavors, it is still challenging to thwart invaders for hardware-constrained on-body IoT devices [8, 9, 10]. Recent efforts have demonstrated the feasibility of exploiting radio characteristics in body area networks (BANs) to facilitate device verification [11, 12]. Moreover, dedicated sensors, such as accelerometers  and gyroscopes , have been leveraged to authenticate wearable devices. However, hardly any of them have obtained prevalent adoption. They either require the assistance of specialized user motions [11, 12], or are confined to fitness-related wearables [13, 14]. To embrace the coming wave of human-centric IoT, it is critical for a device authentication solution to support various on-body IoT devices without specified user motions in diverse environments.
The salient physical layer (PHY) signatures naturally underlying different BANs present us with an exciting opportunity. As depicted in Fig. 1, for off-body wireless links, where a transmitter (Tx) and a receiver (Rx) are placed on different human bodies, radio signals are mainly comprised of direct line-of-sight (LOS) and multi-path components. On the other hand, for on-body links, where a Tx-Rx pair is carried on the same body, radio signals are governed by creeping waves [15, 16, 17, 18]. The distinct radio propagation patterns potentially enable a general security solution relying on prevalent wireless chips. However, radio signals in BANs are severely affected by IoT users’ body motions and surrounding environments. As a consequence, on- and off-body signals can exhibit significantly different patterns under a specific user motion in a specific ambient environment, and their patterns tend to vary dramatically under a different motion in a new environment. Furthermore, the frequent change of users’ motion and location in daily life makes it a highly challenging task to manually select features to represent propagation patterns from real-world radio traces.
To address this challenge, we propose a motion and environment invariant authentication framework for on-body IoT devices by exploiting distinct BAN radio propagation signatures. The basic ideas lying in the proposed system are effectively constructing representative radio propagation profiles from received signals, and leveraging a neural network to essentially recognize propagation patterns and thus verify on-body IoT devices anytime and anywhere.
We realize the above ideas by answering the following two questions.
1) How to obtain effective information on radio propagation patterns from received signals?
The received radio signals from real-world environments typically comprise massive noisy components due to complex environmental dynamics and unwanted radio interference, which makes it unlikely to recognize radio propagation patterns directly from such noisy signals. Therefore, it is crucial to extract fine-grained radio features from raw signals. In our experiments, we observe that distinctive radio propagation signatures can be represented in the time and frequency domains of received signal strength (RSS) segments. Based on this observation, we construct effective radio propagation profiles that contain representative time and frequency domain features from RSS segments for subsequent propagation pattern recognition.
2) How to learn a neural network that generalizes well in unseen scenarios?
Radio features extracted from RSS segments generally convey substantial information that is specific to ongoing user motions and surrounding environments. As a result, a neural network that is trained under a specific motion in a specific environment will undoubtedly not work well when being applied to verify devices under another motion in a different environment. To overcome this predicament, we develop an adversarial multi-player network for robust device authentication. Particularly, our network includes four functional components: aFeature Extractor, an On-Off Predictor, a Domain Discriminator and an Environment Classifier
. To learn transferable features, we implement an adversarial training criterion, where the predictor works together with the extractor to learn radio propagation patterns, and both the discriminator and classifier, meanwhile, force the extractor to selectively eliminate motion and environment specific features from itself. After this training process, the extractor and predictor are expected to be resilient to unseen user motions and environments.
Summary of results. We implement a working prototype of our authentication system with three Universal Software Radio Peripheral (USRP) devices and conduct extensive experiments under frequently appearing body motions in multiple indoor and outdoor environments. The experimental results show that our system achieves an accuracy of 91.6%, with an area under the receiver operating characteristic curve (AUROC) of 0.96. Specifically, it can successfully recognize 90.6% of legitimate devices and at the same time mitigate 92.8% of active attacks.
Contributions. The main contributions of this work are summarized as follows.
We propose a general authentication system that secures various on-body IoT devices without specified user motions in diverse environments. The crux of the proposed system is to construct reliable radio propagation profiles from RSS segments and to develop an adversarial multi-player neural network for essentially identifying on-body IoT devices.
We theoretically analyze our adversarial network and prove that at equilibrium, the learned feature representation contains all information about BAN radio propagation patterns, and becomes invariant to motion variances and environment changes.
We build a prototype of our system on USRP devices and conduct extensive experiments with various frequently appearing body motions in a variety of indoor and outdoor environments. The experimental results demonstrate the effectiveness and generalizability of our system.
The remainder of this paper is organized as follows. The literature review is provided in Section II. In Section III, we illustrate the distinct radio signatures in different BAN channels. In Section IV, we sketch the main design of our device authentication system and its integration with upper-layer protocols. Next, Section V details the construction of radio propagation profiles. Then, Section VI elaborates on our adversarial multi-player network for verifying on-body IoT devices. Section VII shows the evaluation results. Finally, the paper is concluded in Section VIII.
Ii Related Work
Device/user authentication. Spurred by the prevalence of wearable devices, user/device authentication has already drawn significant interest in the academic community . Dedicated sensors, including accelerometers , biometric  and acoustic sensors , are widely used to infer identities of wearable devices. Moreover, motion sensors  are also leveraged to check if wearable devices share unique movement patterns when device carriers are in the walking state. However, sensor-based approaches limit themselves to fitness-related wearables or to sports scenarios. In contrast, our system takes advantage of pervasive wireless chips embedded in IoT devices and enables device verification under static and dynamic user body motions.
Besides assistance from auxiliary sensors, underlying PHY signatures in BANs are also examined for verifying wearable devices. There have been many studies on the channel measurements of BANs [15, 16, 23, 24], which reveal essential differences between on- and off-body radio propagations. RSS variances are calculated to identify wearable devices in healthcare applications. Furthermore, creeping waves are also exploited in  to secure on-body devices, wherein small- and large-scale RSS variations are extracted to indicate on- or off-body radio propagations. Compared with the prior work, our system presents two main differences. First, along with time domain radio features, frequency domain features are abstracted to give a comprehensive description of on- and off-body radio propagations. Second, our work develops a customized adversarial network to essentially extract underlying propagation patterns and obtains a better generalization performance under various user motions in diverse environments.
, machine learning approaches have been widely applied in wireless sensing tasks. In29]. In 
, a deep learning based user authentication scheme is proposed by using Wi-Fi signals, which capture unique human physiological and behavioral characteristics that are inherited from daily activities. Furthermore, relying on wireless signals, 2D and 3D human poses are estimated through walls and occlusions with the usage of cross-modal networks in[31, 32], respectively. In this work, we extract PHY signatures existing in radio signals and input them into a neural network to determine whether the signals are transmitted from on-body wireless devices.
Adversarial learning. Our system adopts an adversarial neural network for wireless device authentication. The adversarial network is originally proposed to estimate the density of an unknown distribution of digital images in . Thereafter, it is applied to promote the generalization performance of deep neural networks for predictive tasks. A semi-supervised model  is trained through a domain adversarial training for image classification. Moreover, an adversarial multi-task model  is developed for robust speech recognition. In , a conditional adversarial model is introduced for sleep stage prediction. In this work, a customized adversarial network is developed to eliminate irrelevant information on user motions and surrounding environments, and ultimately to boost the performance of on-body IoT device authentication.
Iii Exploiting PHY Signatures in BAN Channels
Iii-a Threat Model
On-body devices, which are colocated with the wearable device on the same body, are considered to be legitimate. In contrast, attackers are off-body devices, which are not carried by the same user. They may locate at another user or somewhere else to actively broadcast malicious messages. We do not consider attacks from on-body devices, because it is normal for a user to check the ownership of an IoT device before wearing it. Moreover, we do not take into account passive attacks, i.e., eavesdropping attacks. In addition, attackers may be equipped with advanced hardware and have been aware of the transmission technology and deployed security mechanism. In this situation, they can forge the MAC addresses of valid devices and inject fake data into the network.
Iii-B Theoretical Explanation of Distinct On- and Off-Body Radio Propagations
Since the human body is basically a low-loss dielectric at microwaves frequencies, including Wi-Fi and Bluetooth frequency bands, radio propagations between two on-body devices are significantly influenced by the user’s body. Previous measurements [16, 15] have demonstrated that creeping waves, which are diffracted by human tissues and spread out along the human body, play a predominant role in on-body electromagnetic wave propagations. According to creeping wave theory , the electric field over the conducting surface for the vertical polarization on the elliptical path can be expressed as
where is the distance between Tx and Rx antennas, the vacuum wave impedance, the transmission power, the gain of the Tx antenna, and the wave number in the free space. Moreover, represents the attenuation factor that indicates the loss on the surface, and it is a function of and , i.e., the semi-major and semi-minor axises of the ellipse respectively, the exit point angle at Tx, and the trapping point angle at Rx. Furthermore, compared with the vertically polarized component, the horizontal component suffers more attenuation. Thus, the orientations of on-body antennas also have a great impact on the path loss of creeping waves.
Eq. 1 suggests that the body surface and the positions and orientations of Tx and Rx antennas, rather than environmental dynamics, dominate the attenuation of on-body propagations. Specifically, when two transceivers are both deployed on the same human body, any body movement can change the body surface as well as antenna positions, which consequently cause variations in the Tx-Rx distance and the attenuation factor . As a result, on-body signals would be stable in a static motion status, and they will fluctuate dramatically when the body moves.
On the contrary, radio waves between a pair of devices that are not placed on the same body typically propagate in a different manner. Off-body signals are usually reflected by surrounding floor, walls and furniture (small-scale fading) and disturbed by Tx-Rx distance changes  (large-scale fading). Compared with on-body signals, off-body signals are mainly comprised of LOS and multi-path components, and are less sensitive to the changes of the body surface and antenna positions. Therefore, we see that distinct propagation patterns exist between on- and off-body radio waves.
Iii-C Feasibility Study
Based on the above analysis, we conduct a motivational experiment to demonstrate the feasibility of exploiting radio propagation features to verify on-body IoT devices. In the experiment, two USRP devices are carried by a volunteer to work as a pair of on-body Tx and Rx. The left device is placed on another volunteer, acting as an off-body Tx. We collect on- and off-body signals in three different scenarios, i.e., standing and walking in an indoor environment, respectively, and standing in an outdoor environment. Fig. 2
depicts the RSS and cumulative distribution function (CDF) of the collected signals. We observe that compared with off-body signals, on-body signals are more stable when the user stands still, while having a lager RSS variance in the walking status. This observation testifies that on-body propagations are highly sensitive to user body motions. Moreover, off-body signals always fall into the high frequency range with a higher probability in comparison with on-body signals in each scenario, which verifies that off-body propagations are more susceptible to environmental dynamics.
The above experimental observations verify that differentiable radio propagation patterns exist between on- and off-body channels in each scenario. This supports our premise that we can rely upon PHY signatures to authenticate various on-body IoT devices.
Iv Adversarial Network Based Device Authentication
Iv-a Design Rationale
It is, however, non-trivial to reliably capture propagation patterns from real-world radio traces. As shown in Fig. 2, although on- and off-body signals show distinguishable propagation patterns in each scenario, their patterns are remarkably different between the three scenarios. Consequently, an authentication model that is trained under a specific user motion in a specific environment will typically not generalize well in different scenarios.
To deal with such dilemma, we resort to adversarial neural networks, which have recently surfaced as a popular tool to discover transferable features in the deep learning field and have proven their advantages in many real-world applications [34, 36, 35]. Being a branch of deep learning approaches, adversarial networks facilitate automatic extraction of complex and latent feature representations by adopting a hierarchical structure 
. More importantly, different from traditional approaches that learn transferable features, such as autoencoders, adversarial networks have the ability to eliminate irrelevant features in learned representations with an adversarial training criterion. Specifically, in the application of on-body authentication, user body motions and surrounding environments can easily incur different levels of variances and dynamics in RSS measurements. Once these noisy measurements are fed into a model for training, motion and environment specific features will be learned, which consequently hampers its authentication performance at the testing phase. Therefore, we reap the benefits of adversarial networks to exclude irrelevant features induced by motions and environments and further recognize underlying on- and off-body propagation patterns in real-world scenarios. Towards this end, we propose an adversarial network based authentication system to seamlessly authenticate various on-body IoT devices.
Iv-B Design Overview
Our system takes advantage of an adversarial network to extract distinct radio propagation patterns for on-body device authentication. Fig. 3 illustrates the framework of our authentication system. It takes as input RSS time series and outputs the corresponding device authentication results. It is worth noting that to verify RSS measurements of various low-end embedded IoT devices, our authentication system runs on gateway devices, such as smartphones, which have sufficient capability to perform low-latency and accurate learning based inferences .
The core of our authentication system includes two components – Propagation Profile Characterization and Propagation Pattern Recognition.
Propagation profile characterization. First, this component divides the RSS time series into multiple basic segments. Then, representative time and frequency domain features are extracted for fine-grained characterization of potential propagation patterns. Finally, the extracted features are integrated into radio propagation profiles for future pattern recognition by the adversarial network.
Propagation pattern recognition. Upon receiving a propagation profile, the adversarial network first utilizes a functional block to abstract a feature representation in terms of on- and off-body propagations. Subsequently, the network infers the identity of a connected IoT device through an on-off prediction block. Moreover, an adversarial block is added to eliminate motion and environment specific features in the feature representation in the training phase. All blocks are learned through an adversarial training process to promote the emergence of features that are resilient to motion variances and environment changes.
Iv-C Integration with Upper-Layer Security Protocols
Based on PHY signatures, our authentication system can integrate with existing security protocols in the upper layers to shield human-centric IoT networks from active attackers. Integrating our system with the 802.11 protocol, the final cross-layer protocol not only follows similar reasoning with upper-layer security standards but also takes the propagation patterns in PHY into consideration. Specifically, we shed light on how our system can be exploited to secure IoT device pairing and data transmission against authenticated spoofing attacks and authentication deadlock attacks, respectively.
Authenticated spoofing mitigation. In many cases, users’ authenticated login credentials and MAC addresses are susceptible to malicious attackers. Once deciphering this confidential information, an attacker can associate with a gateway device by masquerading a legitimate device and thereafter launch a variety of spoofing attacks on the IoT system. For instance, it can either inject fake messages into the system or steal users’ personalized profiles from it.
Our system can mitigate these types of attacks by consolidating upper-layer security protocols with PHY propagation verification in the device association process as described in Fig. 4. Specifically, when hearing an association request message from a surrounding device, the gateway device sends back an acknowledgment frame (ACK) to request propagation pattern verification. In response to the ACK, the surrounding device must transmit a series of empty packets to the gateway device. Subsequently, the gateway device decides whether the transmitter is carried by the same user based on our authentication system. If the propagation pattern is recognized to be on-body, the gateway device regards it as an authorized IoT device and starts subsequent communication links. Otherwise, the gateway device deems it as a malicious attacker and denies the association request.
Authentication deadlock mitigation. Authentication deadlock attack is one of Denial-of-Service (DoS) attacks. In 802.11 protocols, a legitimate IoT device must be authenticated and associated with a gateway device before data transmission process. During data transmission between the IoT device and gateway device, an attacker injects an Open System Authentication Request frame to the gateway device in the name of the IoT device. This attack will consequently lead to an authentication deadlock, causing the gateway device to delete the authenticated association with the IoT device and thus cannot transmit or receive any frames for the victim device for a few minutes .
Our security protocol defends against authentication deadlock attacks with slight changes in existing upper-layer protocols as shown in Fig. 5.Upon receiving an authentication request during data transmission, the gateway device detects that the received request nominally comes from an device that is actually in the authenticated state, and thus it can consider this authentication frame as suspicious [42, 43, 44]. Then, the gateway device will not delete the authenticated association immediately but allow the IoT device to send a challenge frame denying that the request is from itself. After that, the gateway device sends an ACK frame to the requesting node to start a propagation verification for incoming empty signals. If the propagation pattern mismatches the on-body one, the gateway device decides to drop the authentication request and continues with the previous data transmission.
V Propagation Profile Characterization
V-a Signal Segmentation
Our system first partitions RSS measurements into multiple segments. As an RSS segment is a basic unit for device authentication, the segment interval needs to be carefully determined. If the interval is too long, on- and off-body signals will be probably both included in the same segment. If it is too short, the system will be unable to recognize any segment. We empirically find that a time interval of 5s is capable of correctly differentiating over of on- and off-body IoT devices.
V-B Time Domain Feature Extraction
Since on- and off-body signals have different levels of impact from body motions, large- and small-scale fading, we first decompose each RSS segment into multi-scale variations by using filters. As creeping waves are sensitive to body motions and their frequencies fall into relatively low frequency bands with a high probability , a band-pass filter is leveraged to extract motion-induced variations. Based on our experimental observations, most fluctuations caused by body motions fall between 0.5 Hz and 15 Hz. Variations in the residual low and high frequency bands are also extracted by a low-pass filter and a high-pass filter, respectively, as large- and small-scale variations.
With multi-scale variations, we select six time domain features, including maximum, minimum, median, variance, kurtosis and skewness
, to characterize propagation signatures from each kind of variations. The maximum, minimum, median and variance are chosen to describe the impact from the human body, because dramatic body vibration typically contributes to rapid changes in the maximum, minimum and median and also results in a large variance. Kurtosis and skewness show the symmetry and asymmetry of radio signals, respectively, and can potentially capture propagation patterns due to the fact that both symmetric and asymmetric components are richly shared in radio waves. For finer-grained feature extraction, we divide each kind of variations into ten chunks and extract six features from each chunk. Therefore, a total of 180 feature points are extracted to describe radio propagation signatures from the time domain of an RSS segment. Fig.7 presents some time domain features extracted from motion-induced variations when an user stands still in a normal office setting. We can observe that these features are significantly different between on- and off-body signals, which encourages us to exploit these time domain features to characterize distinct BAN radio propagations.
V-C Frequency Domain Feature Extraction
Different power distributions on the frequency band between on- and off-body signals have been clearly presented in Fig. 2. Thus, besides time domain features, frequency domain features are also extracted to capture distinct signatures of different BAN radio propagations.
To abstract frequency domain features, we start by performing a Short-Time Fourier Transform (STFT) on each RSS segment to obtain its two-dimensional spectrogram. Specifically, with a signal sampling rate of 500 Hz, we conduct a 1000-point Fast Fourier Transform (FFT) within a 2s sliding window, shifting 1s each time to make full use of sampling data. To summarize information in the frequency domain, the frequency band of each spectrogram, i.e., [0,250] Hz, is partitioned into 40 intervals, each of which is associated with a frequency component of the segment. To effectively indicate propagation signatures, we equally segment the low frequency band, i.e., [0,15] Hz, into 30 intervals and the residual high frequency band into 10 intervals, and we sum up the magnitudes in each interval in every FFT result. In this way, we transform a two-dimensional spectrogram into a 440 matrix . Then we take two frequency domain features from : the component magnitude (or each element in ) and the proportion of each component (PC), such that , where . Finally, a total of 200 feature points are extracted from the frequency domain of an RSS segment.
Vi Propagation Pattern Recognition
Vi-a Adversarial Model
After the profile characterization, we consider the propagation pattern recognition as a binary classification task , where is the sample space and the target label set. Specifically, each is a radio propagation profile sample, and indicates the corresponding on- or off-body device. Moreover, for each , and denote a pair of auxiliary labels that refer to the motion and environment, respectively, that is sampled from.
For effective classification, we develop an adversarial multi-player neural network, as shown in Fig. 8. In particular, our model consists of four components – a Feature Extractor , an On-Off Predictor , a Motion Discriminator and an Environment Classifier .
Feature extractor .
We leverage a convolutional neural network (CNN) to aggregate information over time and frequency domain features to extract underlying radio propagation patterns. More specifically, eight 1D convolutional layers are stacked in our feature extractor. At each layer of, 128 convolutional kernels with the kernel size 1
3, stride 1 and padding 0 are used to filter valuable ingredients from the previous layer’s output. In addition, we use a max-pooling (MP) layer with the kernel size of 2 to reduce the representation size and a rectified linear unit (ReLU) to introduce nonlinearity into the model. Thus, at layer, a latent representation are computed as
where is the convolution operator, convolutional kernels and the output of layer . At last, given an input sample , the corresponding feature representation can be obtained by
where denotes the extractor’s trainable parameters.
On-off predictor . Based on a feature representation , we parameterize the on-off predictor as a fully-connected neural network. In particular, two fully-connected layers with Sigmoid and Softmax functions, respectively, are used to map into a two-dimensional probability vector in terms of on- and off-body devices, as follows
where is the predictor’s parameters. Once the probability vector is obtained, we can have a predicted target label for , as follows
Adversarial discriminator and classifier . Since ongoing body motions and surrounding environments have different impacts on radio signals, two adversaries and are adopted to remove their respective features in the feature representation . Specifically, body motions typically cause Tx-Rx distance changes or shadowing, resulting in large-scale variations of radio signals, however surrounding environments incur rich multipath propagations and small-scale variations. Thus, the information corresponding to motions and environments in can be considered to be independent. Note that the adversarial components will not increase the computational complexity when our system performs on-body authentication, because they are only needed in the training phase.
Since simply wiping out all dependencies between the feature extractor and adversaries could degrade the performance of target label prediction, our model adopts a conditional adversarial architecture  for better generalization performance. For this purpose, we concatenate the outputs of feature extractor and on-off predictor as the input of two adversaries. Hence, and predict body motions and environments with outputs and . In the proposed model, we also parameterize the discriminator and classifier as two fully-connected neural networks, which both have the same configurations with the predictor. Moreover, the parameters of and are denoted as and , respectively.
Adversarial training criterion. To obtain useful network parameters, we train our adversarial model on a set of training data, which obeys the distribution . For the predictor , the cross-entropy is used to calculate the discrepancy between the prediction and the true posterior distribution over , as follows
By minimizing , the parameters and can be updated.
Moreover, we define the loss of as the cross-entropy between its output and the true conditional distribution over , which is expressed as
Similarly, the loss of is given by
Note that to effectively train our multi-player model, the concatenation branch of the predictor’s output is a one-way link (i.e., the dashed blue arrow line in Fig. 8), along which gradients of the adversarial components don’t propagate back. Hence, the parameters , and can be refined through the optimization of and .
Now that we have defined all loss functions, we proceed to implement an adversarial training criterion on our multi-player model for robust device authentication under various body motions in different environments. The key idea is that to generalize well in unseen scenarios, a predictive model is able to discriminate well between on- and off-body devices, but it cannot distinguish scenarios associated with input samples. To achieve this goal, we use a minimax game between, , and in the training phase. Particularly, , and aim to minimize their own losses for good prediction performance. However, tries its best to maximize and to cheat its adversaries and , respectively, and at the same time, it cooperates with to minimize . Through this minimax game, the multi-player model can finally learn transferable features that are resilient to body motions and environments.
Vi-B Theoretical Analysis of Adversarial Model
In this subsection, we prove that the output of the on-off predictor becomes invariant to motion variances and environmental dynamics through the minimax game. Specifically, we first present the optimal predictor and adversaries in Proposition 1 and Proposition 2, respectively, without proving them, and refer the reader to  (Proposition 2) for details. Then, we illustrate the virtual training criterion, optimal extractor and optimal outputs, respectively, in Corollary 1, Proposition 3 and Corollary 2. Differing from the theoretical efforts in the prior work , our analysis focuses on a practical adversarial model.
(Optimal predictor) For a fixed extractor , the output of the optimal predictor over achieves
and the loss of is
where denotes the conditional entropy function.
Note that given , the equality (12) indicates the maximal predictive capability that a predictor can learn from the feature representation over .
(Optimal discriminator and classifier) Given any extractor and any predictor , the optimal discriminator and classifier have their losses, respectively, as
With the optimal predictor, discriminator and classifier, we proceed to simplify the minimax training criterion (11).
(Virtual training criterion) If , and have enough capacity and are trained to be optimal over , the minimax optimization (11) is equivalent to the minimization of a virtual value function , which is expressed as
Considering the optimal predictor in Proposition 1, we can rewrite the losses of the optimal discriminator and optimal classifier in Proposition 2, by substituting (12) into (14) and (15), respectively, as
Based on the virtual training criterion, we can obtain the optimal extractor by minimizing .
(Optimal extractor) If , , and have enough capability and are trained to be optimal over , any optimal extractor satisfies
When is fixed, , and . Therefore, we obtain a lower bound of , that is
We note that the lower bound is achievable by considering a special case, where , an extractor with the best representative ability over . In this case, we can check that the equality (23) holds. ∎
Proposition 3 indicates that when all players are trained to be optimal and our adversarial model reaches equilibrium, the extractor is able to extract all information about from the training samples and eliminate any information about and except what is also related to .
(Optimal outputs) If , , and have enough capacity and are trained to be optimal over , the outputs of our adversarial model achieve
Based on Proposition 1, . According to Proposition 3, , which implies that . Hence, .
Vi-C Adversarial Training Algorithm
Along the pipeline of theoretical analysis above, we design an adversarial training algorithm for our multi-player model. As depicted in Algorithm 1, it starts by updating the parameters of in each training iteration and then optimizes those of , and in the inner loop. Since it is quite challenging to stabilize components in an adversarial model, especially the one with a minimax loss to optimize [33, 46], we have in the inner loop for extra training to refine it. Furthermore, the model could minimize the value function by increasing the losses and improperly, which is known as model collapse phenomenon. To avoid this situation, we also update and in the inner loop, which aims at leading and to descend in right directions. Additionally, at the beginning of each inner iteration, an intermediate variable is assigned to be and thereafter concatenated with as input for two adversaries. These operations can effectively detach from and , and thus prevents gradients from propagating back to as aforementioned.
In our experiment, we build our multi-player network and implement the adversarial training algorithm using Python with PyTorch packages. The training data consists of about five thousand samples and is transformed with the z-score normalization before training. We empirically set the mini-batch size to 750, each hyperparameter to 0.5 and each learning rate to 0.001. Finally, we update the parameters, and with more than five thousand iterations.
Vii Evaluation in Real Environments
Vii-a Experimental Methodology
Implementation. We implement a proof-of-concept prototype of the proposed system with three GNURadio/USRP B210 devices. These devices are configured to communicate in the 2.4 GHz ISM band with a sampling rate of 500 Hz, which is feasible for most commercial wearable devices. Moreover, two USRP devices are placed on a volunteer, referred to as a legitimate user. Specifically, one of them locates at the left side of the user’s waist as an on-body receiver, and the other device is carried by the user’s right hand as an on-body transmitter. The remaining USRP device is held by another volunteer, referred to as a malicious user, and it is regarded as an off-body transmitter.
Data collection. We collect radio traces under different surrounding environments and user body motions. The experimental environments encompass three indoor settings, a laboratory, an office and a corridor, and two outdoor ones, a rooftop and a park. In each environment, the legitimate user, carrying the on-body transceivers, is asked to perform controlled and uncontrolled motions, respectively. In the controlled scenario, the legitimate user is confined to take five basic motions, including two static actions, sitting and standing, and three dynamic ones, arm moving, rotating and walking. In the uncontrolled scenario, the legitimate user can impose whatever body motions he or she likes. However, the malicious user, holding the off-body transmitter, is not restricted to any specified motion throughout the experiment and can walk freely in the proximity of 1-5 meters away from the legitimate user. When collecting data, we ask two users to take their own motions for one minute, during which we control one of the on- and off-body transmitters to broadcast signals and use the receiver to record corresponding radio traces. The above trial is repeated for 20 times in each motion setting, and the participants are given a rest period of around 30s between two consecutive trials. Finally, we conduct our experiment over seven days with five volunteers, including two females and three males, and yield radio traces of ten hours in total.
Dataset. We partition the collected on- and off-body traces into RSS segments and extract propagation profiles from these segments according to Section V. Then, we label the extracted on- and off-body profiles with respect to corresponding motions and environments and obtain a total of 7200 labeled samples for our adversarial network. Therein, 6000 samples are from the controlled user motion scenario, and 1200 samples are from the uncontrolled scenario. When training and testing our model, we randomly take out 4800 samples from the controlled scenario for training and combine the leftover 1200 ones and all 1200 samples from the uncontrolled scenario for testing. Moreover, the numbers of on- and off-body samples are equal in both the training and testing sets.
Evaluation metrics. To demonstrate the performance of the proposed system, we use accuracy, true positive (TP) rate and false positive (FP) rate as metrics, which are given as below.
Accuracy. Accuracy is defined as the ratio of the number of correctly classified RSS segments to the total number of on- and off-body segments.
TP rate. TP rate denotes to the ratio of the number of correctly detected on-body RSS segments to the total number of on-body segments.
FP rate. FP rate is computed as the ratio of the number of mistakenly recognized off-body RSS segments to the total number of off-body segments.
Vii-B Performance Results
|Accuracy||TP Rate||FP Rate|
|91.6% 2.4%||90.6% 1.9%||7.2% 2.8%|
We train our model on the collected training dataset and run the trained model on the testing dataset to obtain prediction results of all testing samples. Specifically, the training dataset only consists of samples from the five controlled motions in all environments. Besides controlled samples, the testing dataset contains samples from the uncontrolled scenarios, which are never used to train our model.
Overall performance. We first illustrate the overall performance of our authentication system. Specifically, based on all prediction results and their environment and motion labels, we can average accuracies, TP and FP rates in all motion-environment scenarios and obtain the results in Table I. As shown in Table I, our system is able to identify 91.6% of on- and off-body devices on average. Specifically, it can correctly recognize on-body devices with a ratio of 90.6% and successfully mitigate 92.8% of attack attempts from off-body devices. Since on-body authentication is a binary classification task, we further use the receiver operating characteristic (ROC) curve to measure how well our system can correctly discriminate on- and off-body samples from different scenarios. The ROC curve depicts TP rates against FP rates at various threshold settings and tells a classifier’s capability of distinguishing between two classes. For a good classifier, high TP and low FP rates are expected when the threshold is in . As depicted in Fig. 9, our system’s ROC curve first goes straight up and then becomes steady promptly as the FP rate increases. Besides, the area under the ROC curve (AUROC) reaches 0.96, which is close to 1, i.e., the AUROC of the ideal classifier. The above results indicate that our system achieves a good discrimination ability for on- and off-body samples under different motions and environments.
Performance under different motions. We then elaborate on the system’s performance under each frequently appearing motion. In general, each selected motion has a unique movement pattern of the human body and thus exhibits a different effect on BAN radio waves. We divide all prediction results into different motion groups based on the motion label and calculate the evaluation metrics in each group. As plotted in Fig. 10 (a), we observe that the proposed system achieves better performance for the static motions than for the dynamic ones. The same observations can be found in Fig. 10 (b). Therein, higher TP and lower FP rates are clearly present in the static states. It is due to that body motions have a great impact on the attenuation of on-body propagations as explained before, and there are fewer disturbances caused by body movements in radio signals when the user sits or stands still with IoT devices, which makes it much easier for the proposed system to recognize on- and off-body propagation patterns. Despite the above differences, the system still achieves average TP and FP rates of 92.0% and 6.0%, respectively, in the controlled user motion scenario.
Next, we compare the system performance in the uncontrolled user motion scenario with that in the controlled scenario. As illustrated in Fig. 11, the system shows performance degradation in terms of accuracy, TP and FP rates in the uncontrolled scenario. The reason for the performance degradation is that more irregular and complicated body movements are present when the user behaves casually with IoT devices, which makes the feature extractor to extract more noisy features about radio propagation patterns and thus hampers the prediction ability of the on-off predictor. More specifically, the system has a TP rate reduction of 3.0% and a FP rate increase of 2.0% for uncontrolled motions. This is due to the fact that, compared with off-body radio signals, on-body signals, dominated by creeping waves, are more sensitive to user motion dynamics, which results in more on-body RSS segments to be mistakenly classified as off-body ones.
Performance in various environments. We next validate the authentication performance of our system in various indoor and outdoor environments in Fig. 12. Basically, indoor radio propagations remarkably differ from outdoor propagations in terms of shadowing and multipath fading. We divide the prediction results into different environment groups based on the environment label and compute the evaluation metrics in each group. As shown in Fig. 12 (a), our system achieves almost the same accuracy in each environment. However, as illustrated in Fig. 12 (b), the differences between the indoor and outdoor environments can be reflected more clearly on FP rates. Roughly speaking, lower FP rates are found in the outdoor settings rather than in the indoor ones. This is because that there generally exists less multi-path variations in outdoor propagations, which consequentially leads to less off-body segments to be mistakenly recognized as on-body ones. However, according to Fig. 12
(b), the office setting shows the lower FP rate than those of the other indoor environments due to less disturbances caused by other people. The above observations indicate that off-body segments tend to be more susceptible to environmental dynamics. Moreover, environment noise in RSS segments is an important factor that influences the system’s performance. Generally, the lower the signal-to-noise ratio (SNR) is, the less distinguishability on- and off-body RSS segments have and the more difficult it is for a classifier to discriminate. To deal with environment noise, our system extracts representative time and frequency domain features from noisy RSS segments and further uses an environment discriminator to exclude environment specific information. As shown in Fig.12 (a), our system achieves an accuracy of over 90% in each environment, which shows the effectiveness of our system in the presence of real-world environment noise.
Effectiveness of minimax game. We further illustrate the benefits of adopting two adversaries in our multi-player model. Our adversarial discriminator and classifier aim at helping the feature extractor to discover transferable features and boosting the generalization ability of the on-off predictor. To illustrate these merits, we set up a version of our model with a pair of non-adversarial discriminator and classifier as a baseline. Note that in the baseline model, the update of the extractor’ parameters relies solely on the minimization of the predictor’s loss.
Fig. 13 (a) and (b) plot the training losses of discriminators and classifiers in our and baseline models, respectively. In each figure, the lower the value is, the more the information pertaining to body motions or ambient environments is learned. In Fig. 13 (a), we can see that the loss of the non-adversarial discriminator declines quickly and then stabilizes at a very low level. However, the loss of our adversarial discriminator first fluctuates dramatically and then finally converges to a high value. The same observations can be found in Fig. 13 (b). This is due to the fact that at the beginning of training process, the fluctuations of an adversarial loss are incurred by its minimax optimization, and they mitigate gradually as motion or environment specific features irrelevant to the predictor fade out in the extracted feature representation. The above results reveal that the extractor in our model abstracts more transferable features than that in the baseline. Furthermore, comparing the performance of two predictors in our and baseline models in Fig. 14, we find that both loss curves decrease at first and then increase after certain numbers of iterations. However, the adversarial curve rises up at a slower speed than the non-adversarial one, which suggests that the adversarial discriminator and classifier work as two regularizers for alleviating over-fitting and enable the promotion of the predictor’s generalization ability.
This paper proposes a new device authentication system that takes one step forward to embrace the advent of human-centric IoT by supporting various wearable devices anytime and anywhere. The key enabling technique is using an adversarial multi-player network to effectively recognize radio propagation patterns under diverse user motions in different environments. Moreover, integrating with upper-layer security protocols, our system is able to in depth secure on-body IoT device pairing and data transmission. We theoretically analyze our adversarial model and prove that at equilibrium, our model becomes invariant to motion variances and environment changes. We build a working prototype of our system using USRP devices and conduct extensive experiments with various static and dynamic user motions in typical indoor and outdoor settings. The experimental results show that our system can successfully identify 90.6% of legitimate devices and mitigate 92.8% of active attack attempts.
-  Y. Huang, M. Xu, W. Wang, H. Wang, T. Jiang, and Q. Zhang, “Towards motion invariant authentication for on-body IoT devices,” in Proc. IEEE ICC, 2019.
-  M. Chiang and T. Zhang, “Fog and IoT: An overview of research opportunities,” IEEE Internet of Things Journal, vol. 3, no. 6, pp. 854–864, 2016.
-  L. Tu, S. Wang, D. Zhang, F. Zhang, and T. He, “ViFi-MobiScanner: Observe human mobility via vehicular internet service,” IEEE Trans. Intell. Transp. Syst., pp. 1–13, 2019.
-  W. Wang and Q. Zhang, “Privacy-preserving collaborative spectrum sensing with multiple service providers,” IEEE Trans. Wireless Commun., vol. 14, no. 2, pp. 1011–1019, Feb 2015.
-  W. Wang, Y. Chen, and Q. Zhang, “Privacy-preserving location authentication in Wi-Fi networks using fine-grained physical layer signatures,” IEEE Trans. Wireless Commun., vol. 15, no. 2, pp. 1218–1225, 2016.
-  S. Gollakota, H. Hassanieh, B. Ransford, D. Katabi, and K. Fu, “They can hear your heartbeats: non-invasive security for implantable medical devices,” in Proc. ACM SIGCOMM, vol. 41, no. 4, 2011, pp. 2–13.
-  Z. Luo, W. Wang, J. Xiao, Q. Huang, T. jiang, and Q. Zhang, “Authenticating on-body backscatter by exploiting propagation signatures,” Proc. ACM Interact. Mob. Wearable Ubiquitous Technol., vol. 2, no. 3, pp. 123:1–123:22, Sep 2018.
-  W. Wang, S. He, L. Sun, T. Jiang, and Q. Zhang, “Cross-technology communications for heterogeneous IoT devices through artificial doppler shifts,” IEEE Trans. Wireless Commun., vol. 18, no. 2, pp. 796–806, Feb 2019.
-  S. Wang, Z. Yin, S. Wang, Y. Chen, Z. Li, S. M. Kim, and T. He, “Networking support for bidirectional cross-technology communication,” IEEE Trans. Mobile Comput., pp. 1–1, 2019.
-  S. M. Kim, S. Ishida, S. Wang, and T. He, “Free side-channel cross-technology communication in wireless networks,” IEEE/ACM Trans. Netw., vol. 25, no. 5, pp. 2974–2987, Oct 2017.
-  L. Shi, M. Li, S. Yu, and J. Yuan, “BANA: body area network authentication exploiting channel characteristics,” IEEE J. Sel. Areas Commun., vol. 31, no. 9, pp. 1803–1816, 2013.
-  Z. Li, Q. Pei, I. Markwood, Y. Liu, and H. Zhu, “Secret key establishment via RSS trajectory matching between wearable devices,” IEEE Trans. Inf. Forensics Security, vol. 13, no. 3, pp. 802–817, 2018.
-  G. Revadigar, C. Javali, W. Xu, A. V. Vasilakos, W. Hu, and S. Jha, “Accelerometer and fuzzy vault-based secure group key generation and sharing protocol for smart wearables,” IEEE Trans. Inf. Forensics Security, vol. 12, no. 10, pp. 2467–2482, 2017.
-  W. Xu, C. Javali, G. Revadigar, C. Luo, N. Bergmann, and W. Hu, “Gait-key: A gait-based shared secret key generation protocol for wearable devices,” ACM Trans. Sensor Networks, vol. 13, no. 1, p. 6, 2017.
-  F. Di Franco, C. Tachtatzis, B. Graham, D. Tracey, N. F. Timmons, and J. Morrison, “On-body to on-body channel characterization,” IEEE Sensors J., pp. 908–911, 2011.
-  J. Ryckaert, P. De Doncker, R. Meys, A. de Le Hoye, and S. Donnay, “Channel model for wireless communication around human body,” IET Electronics letters, vol. 40, no. 9, pp. 543–544, 2004.
-  S. M. Kim, S. Wang, and T. He, “Exploiting spatiotemporal correlation for wireless networks under interference,” IEEE/ACM Trans. Netw., vol. 25, no. 5, pp. 3132–3145, Oct 2017.
-  S. Wang, S. M. Kim, Y. Liu, G. Tan, and T. He, “CorLayer: A transparent link correlation layer for energy-efficient broadcast,” IEEE/ACM Transactions on Networking, vol. 23, no. 6, pp. 1970–1983, Dec 2015.
-  S. Tomasin, “Analysis of channel-based user authentication by key-less and key-based approaches,” IEEE Trans. Wireless Commun., vol. 17, no. 9, pp. 5700–5712, 2018.
-  C. Li, J. Hu, J. Pieprzyk, and W. Susilo, “A new biocryptosystem-oriented security analysis framework and implementation of multibiometric cryptosystems based on decision level fusion,” IEEE Trans. Inf. Forensics Security, vol. 10, no. 6, pp. 1193–1206, 2015.
-  T. Halevi and N. Saxena, “Acoustic eavesdropping attacks on constrained wireless device pairing,” IEEE Trans. Inf. Forensics Security, vol. 8, no. 3, pp. 563–577, 2013.
-  W. Xu, G. Revadigar, C. Luo, N. Bergmann, and W. Hu, “Walkie-talkie: Motion-assisted automatic key generation for secure on-body device communication,” in Proc. ACM/IEEE IPSN, 2016, pp. 1–12.
-  T. Alves, B. Poussot, and J.-M. Laheurte, “Analytical propagation modeling of BAN channels based on the creeping-wave theory,” IEEE Trans. Antennas Propag., vol. 59, no. 4, pp. 1269–1274, 2011.
-  Z. H. Hu, Y. I. Nechayev, P. S. Hall, C. C. Constantinou, and Y. Hao, “Measurements and statistical analysis of on-body channel fading at 2.45 GHz,” IEEE Antennas Wireless Propag. Lett., vol. 6, pp. 612–615, 2007.
-  W. Wang, L. Yang, Q. Zhang, and T. Jiang, “Securing on-body IoT devices by exploiting creeping wave propagation,” IEEE J. Sel. Areas Commun., vol. 36, no. 4, pp. 696–703, 2018.
-  X. Xiao, W. Wang, T. Chen, Y. Cao, T. Jiang, and Q. Zhang, “Sensor-augmented neural adaptive bitrate video streaming on uavs,” IEEE Trans. Multimedia, 2019.
-  S. He, W. Wang, H. Yang, Y. Cao, T. Jiang, and Q. Zhang, “State-aware rate adaptation for uavs by incorporating on-board sensors,” IEEE Trans. Veh. Technol., 2019.
-  T. C. Clancy, A. Khawar, and T. R. Newman, “Robust signal classification using unsupervised learning,” IEEE Trans. Wireless Commun., vol. 10, no. 4, pp. 1289–1299, 2011.
-  Y. Geng, J. Chen, R. Fu, G. Bao, and K. Pahlavan, “Enlighten wearable physiological monitoring systems: On-body RF characteristics based human motion classification using a support vector machine,” IEEE Trans. Mobile Comput., vol. 15, no. 3, pp. 656–671, 2016.
-  C. Shi, J. Liu, H. Liu, and Y. Chen, “Smart user authentication through actuation of daily activities leveraging WiFi-enabled IoT,” in Proc. ACM Mobihoc, 2017, pp. 5:1–5:10.
M. Zhao, T. Li, M. Abu Alsheikh, Y. Tian, H. Zhao, A. Torralba, and D. Katabi, “Through-wall human pose estimation using radio signals,” inProc. IEEE CVPR, 2018, pp. 7356–7365.
-  M. Zhao, Y. Tian, H. Zhao, M. A. Alsheikh, T. Li, R. Hristov, Z. Kabelac, D. Katabi, and A. Torralba, “RF-based 3D skeletons,” in Proc. ACM SIGCOMM, 2018, pp. 267–281.
-  I. Goodfellow, J. Pouget-Abadie, M. Mirza, B. Xu, D. Warde-Farley, S. Ozair, A. Courville, and Y. Bengio, “Generative adversarial nets,” in Proc. NIPS, 2014, pp. 2672–2680.
-  Y. Ganin, E. Ustinova, H. Ajakan, P. Germain, H. Larochelle, F. Laviolette, M. Marchand, and V. Lempitsky, “Domain-adversarial training of neural networks,” Journal of Machine Learning Research, vol. 17, no. 1, pp. 2030–2096, 2016.
-  Y. Shinohara, “Adversarial multi-task learning of deep neural networks for robust speech recognition.” in INTERSPEECH, 2016, pp. 2369–2372.
-  M. Zhao, S. Yue, D. Katabi, T. S. Jaakkola, and M. T. Bianchi, “Learning sleep stages from radio signals: A conditional adversarial architecture,” in Proc. ACM ICML, 2017, pp. 4100–4109.
-  D. Tse and P. Viswanath, Fundamentals of wireless communication. Cambridge university press, 2005.
-  I. Goodfellow, Y. Bengio, A. Courville, and Y. Bengio, Deep learning. MIT Press, 2016.
M. A. Kramer, “Nonlinear principal component analysis using autoassociative neural networks,”AIChE Journal, vol. 37, no. 2, pp. 233–243, 1991.
“MobileNetV2: The next generation of on-device computer vision networks,” Google Research, April 3, 2018. [Online]. Available:https://ai.googleblog.com/2018/04/mobilenetv2-next-generation-of-on.html
-  M. Eian and S. F. Mjølsnes, “The modeling and comparison of wireless network denial of service attacks,” in Proc. ACM MobiHeld, 2011, pp. 7:1–7:6.
-  J. Xiong and K. Jamieson, “Securearray: Improving WiFi security with fine-grained physical-layer information,” in Proc. ACM MobiCom, 2013, pp. 441–452.
-  M. Eian and S. F. Mjølsnes, “A formal analysis of IEEE 802.11 w deadlock vulnerabilities,” in Proc. IEEE INFOCOM, 2012, pp. 918–926.
-  R. Singh and T. P. Sharma, “On the IEEE 802.11 i security: a denial-of-service perspective,” Security and Communication Networks, vol. 8, no. 7, pp. 1378–1407, 2015.
-  Y. Xiong and F. Quek, “Hand motion gesture frequency properties and multimodal discourse analysis,” Springer International Journal of Computer Vision, vol. 69, no. 3, pp. 353–371, 2006.
-  T. Nguyen, T. Le, H. Vu, and D. Phung, “Dual discriminator generative adversarial nets,” in Proc. NIPS, 2017, pp. 2670–2680.