ShieldScatter: Improving IoT Security with Backscatter Assistance

10/16/2018 ∙ by Zhiqing Luo, et al. ∙ Huazhong University of Science u0026 Technology The Hong Kong University of Science and Technology 0

The lightweight protocols and low-power radio technologies open up many opportunities to facilitate Internet-of-Things (IoT) into our daily life, while their minimalist design also makes IoT devices vulnerable to many active attacks due to the lack of sophisticated security protocols. Recent advances advocate the use of an antenna array to extract fine-grained physical-layer signatures to mitigate these active attacks. However, it adds burdens in terms of energy consumption and hardware cost that IoT devices cannot afford. To overcome this predicament, we present ShieldScatter, a lightweight system that attaches battery-free backscatter tags to single-antenna devices to shield the system from active attacks. The key insight of ShieldScatter is to intentionally create multi-path propagation signatures with the careful deployment of backscatter tags. These signatures can be used to construct a sensitive profile to identify the location of the signals' arrival, and thus detect the threat. We prototype ShieldScatter with USRPs and ambient backscatter tags to evaluate our system in various environments. The experimental results show that even when the attacker is located only 15 cm away from the legitimate device, ShieldScatter with merely three backscatter tags can mitigate 97 trigger false alarms on just 7

READ FULL TEXT VIEW PDF
POST COMMENT

Comments

There are no comments yet.

Authors

page 8

This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

1. Introduction

The continuous advancement in low power radios and lightweight protocols is driving the proliferation of Internet-of-Things (IoT) in our daily life. However, the other side of the coin is that IoT devices easily bear the risks by active attacks such as spoofing attack and Denial-of-Service (DoS) attack during devices pairing or data transmission. For example, considering the scenario shown in Figure 1, a legitimate user (e.g., a smart TV) is pairing or sharing data with an IoT access point (AP). An active attacker equipped with an omnidirectional or directional antenna impersonates the legitimate user and sends a fake command (e.g., DoS command or fake data) to the AP.

Figure 1. Illustration of active attack.

Traditional approaches mainly rely on the complex encryption algorithm, which will lead to computational resources and energy waste (Gehrmann et al., 2004; Dietrich and Dhamija, 2007) and are not feasible for simply designed IoT devices. Alternatively, fine-grained physical-layer signatures, such as angle of arrival (AoA) (Xiong and Jamieson, 2013), channel state information CSI  (Jiang et al., 2013) and received signal strength (RSS)  (Cai et al., 2011; Chandrasekaran et al., 2009) have recently received much attention to mitigating these threats. However, these systems require at least two or an antenna array (e.g., an eight-antenna array) to construct sensitive signatures, and thus are expensive and not applicable for the systems where the APs and IoT devices are equipped with only a small number of antennas. In addition, in an open space (e.g., the hall), the multi-path phenomenon is indistinctive, making it difficult to extract the fine-grained AoA signatures.

This paper presents ShieldScatter, a lightweight system to secure IoT device pairing and data transmission. Instead of relying on the expensive antenna array, ShieldScatter advocates the use of merely several ultra-low-cost and battery-free backscatter tags (Liu et al., 2013) to secure the IoT device. Our key insight is that backscatter tags communicating based on backscattering ambient signals, can be exploited to intentionally create fine-grained multi-path signatures. In particular, upon detecting any suspicious transmission, the legitimate user is asked to transmit the challenge-response based signals to the AP within the coherence time. At the same time, the AP controls the tags to backscatter the signals. We observe that even in dynamic channel environments, the propagation signatures created by the backscatter tags can be used to construct a unique profile to identify each user. This unique propagation signature profile then confirms whether these two signals are from the same devices and help defend against active attacks.

To realize the above idea, we entail the following challenges.

(1) How to employ backscatter tags to create sensitive propagation signatures without using an expensive antenna array or other powerful hardware? Most home devices employ only a small number of antennas for data transmission, which makes it inapplicable for them to construct accurate propagation signatures, such as AoA. To overcome this predicament, we consider leveraging the multi-path features of backscatter tags to generate distinct propagation signatures. In particular, we attach the tags around the AP. When initializing the system, the AP receives the signals. At the same time, the AP controls the tags to reflect wireless signals in turn. This intentional deployment can create artificial multi-path propagations that are sensitive to senders’ locations. If these two signals are from the same devices, the multi-path effects of the backscatter tags on these two signals will have strong similarity in the coherence time. Thus, these distinct propagation signatures can be used to identify the legitimate users.

(2) How to construct reliable signatures when unstable factors exist?

In home environments, walking people, environmental noise and an imperfect circuit design of the tags will lower the similarity of these two signals from the legitimate users. In order to construct reliable signatures, ShieldScatter extracts the representative features from the signals for the first step. Then, ShieldScatter aligns and compares the similarity of the features using dynamic time warping (DTW). Furthermore, a one-class support vector machine (SVM) classifier is used to distinguish and defend against signals from active attackers. If the signals are from the same devices, it will lead to strong similarity and short DTW distances, and then these signals will be clustered into the legitimate class. Otherwise, it will lead to large DTW distances and ShieldScatter can detect and defend against the attackers.

Summary of result. We prototype ShieldScatter with USRPs and ambient backscatter tags to evaluate our system in various environments. The experimental results show that even when the attacker is located only 15 cm away from the legitimate device, ShieldScatter with merely three backscatter tags can mitigate 97% of spoofing attack attempts while at the same time trigger false alarms on just 7% of legitimate traffic.

Contributions. First, we propose ShieldScatter to use the multi-path propagation signatures intentionally created by backscatter tags to secure the IoT devices. Second, we use multiple backscatter tags to create unique multi-path signatures, which avoids the employment of an expensive antenna array to obtain fine-grained signatures and can work in the absence of multipath. Finally, our results show that our system is robust even when active attacker is close to the legitimate user.

2. Motivation

In this section, we first discuss the potential threats to the IoT devices and argue that a lightweight mechanism designed for securing these devices is critical. Next, we investigate the fine-grained signatures of physical-layer radio propagations used to defend against active attacks, which motivates our design of using backscatter tags to secure IoT devices.

2.1. Threat Model

Recently, the link establishment and data sharing between smart home IoT devices have become more and more indispensable. However, they are easily attacked by the active attackers. For example, as shown in Figure 2, the legitimate user is pairing with an AP based on the challenge-response protocols. When initializing pairing, the legitimate user who intends to share information with an AP sends a message (Message 1) for request. If the AP receives this message, it sends an acknowledgement message (Message 2) back. Finally, the legitimate user receives Message 2 and feeds back the message (Message 3). However, during this process, a powerful attacker who has all the priori knowledge of the protocol and the legitimate user (e.g., the coding scheme, carrier frequency and signal strength) can use an omnidirectional antennas to detect the initialization of the communication. Then, it enables a directional antenna to inject fake data (e.g., the DoS command or spoofing data) to attack the AP, and thus the AP receives the command from the attacker, which leads to the rejection or unauthorized access to the AP.

ShieldScatter considers that the attacker will not be triggered to attack the IoT devices all the time. In other words, only if the attacker detects a legitimate user trying to connect or share the data with the AP (e.g., detecting Message 1), then the attacker will initialize the attack. Besides, ShieldScatter only defends against active attacks and makes no exploration of protecting against passive attacks such as eavesdropping attacks and information leakage.

Figure 2. The active attacker sends DoS command or fake data to the AP when the IoT device is pairing or exchanging data with the AP.

2.2. Propagation Signatures

Existing approaches to secure these active attacks by relying on extracting fine-grained propagation signatures from the physical-layer information. In particular, as shown in Figure 3(a), SecureArray (Xiong and Jamieson, 2013) extracts the AoA signatures from the received signal with an antennas array. If the received signals are from the same location within the coherence time, the radio propagation will experience the same multipath, which accordingly leads to strong similarity for the AoA signatures (e.g., the red and blue dashed). Then, based on the similarity of the AoA signatures, active attacks can be detected.

However, in smart homes, the devices may lack multiple antennas, and thus the methods of extracting fine-grained signatures with an antenna array will be inapplicable. Inspired by SecureArray that uses multi-path signatures to secure the devices, we observe that low-cost and battery-free backscatter tags can also generate such multi-path propagation signatures without using an expensive antenna array. According to (Liu et al., 2013), as shown in Figure 1, backscatter is a new communication primitive where a tag transmits data by intermittently reflecting ambient signals. Accordingly, the multipath created by the tags can be used to construct a sensitive profile to protect the IoT devices.

(a) AoA signatures.
(b) Backscatter signal energy.
Figure 3. If the signals are from the same devices, the AoA signatures have high similarity between them. Otherwise, the AoA signatures will be different. When we use three tags to create multipath, the average energy of each tags has the similar performance as AoA signatures.

In order to verify this idea, we employ three tags to attach around the AP at a distance of a half-wavelength and use two USRPs to emulate legitimate user and active attackers, respectively. Then, the AP controls the tags to reflect the signals in turn. Finally, we extract backscatter signals using the sliding windows and compare the average energy of each tag. The result is shown in Figure 3(b). We observe if the signals are from the same device, the average energy of the tags will have high similarity (e.g., the red and blue dashed). Whereas, if the signals are from different devices, even though the attacker is in the same direction from the AP, the distances from the tags to the user are not the same as the distances from the tags to the attacker, and thus it will lead to significant differences with respect to the amplitudes of the tags (e.g., the green dashed). This result presents a similar performance to AoA signatures and it motivates us to design ShieldScatter, a lightweight system to secure the IoT devices by using backscatter tags. ShieldScatter intentionally creates multi-path signatures by controlling the tags to reflect the ambient signals in turn. Besides, in order to construct a reliable profile to detect the threat, ShieldScatter also fetches other representative features and combines with a one-class SVM based classifier to identify the attackers.

Besides, we should notice that the signal transmission should be completed within the coherence time. This is because the wireless channel is easily affected by the environmental states. However, when in coherence time, the channel can be treated as stable even in dynamic environments. The coherence time can be defined as, , where represents the carrier wavelength and indicates the maximum velocity of legitimate user (Steele and Hanzo, 1999; Xiong and Jamieson, 2013).

Figure 4. System overview.

3. System Design

In this section, we first present an overview of ShieldScatter which consists of four key steps. Then, we elaborate on each step and provide the technical details in the following subsections.

3.1. System Overview

The basic idea of ShieldScatter is to construct sensitive multi-path propagation signatures using several backscatter tags attached around the AP instead of an expensive antenna array. In particular, as shown in Figure 2, when the legitimate user is pairing with the AP, it is easily attacked by the fake transmission (e.g., by launching a deauthentication message). To defend against this attack, upon detecting the suspicious transmission, the AP is asked to control the tags to work in turn during this processing. Then, by comparing the signatures from the same device (e,g., Message 1 and Message 3) or from different devices (e,g., Message 3 and the suspicious command), ShieldScatter carries out the security system to verify whether the suspicious messages are from the legitimate device and then defend against active attacks, which will be elaborated in Section 3.6.

To detect the attacks, as illustrated in Figure 4, at a high level ShieldScatter needs to go through the following four steps. First, based on the collected data at the AP, ShieldScatter detects and segments the signals that includes the backscatter signal. Second, ShieldScatter extracts representative features from the segments. Third, to construct a reliable propagation profile, ShieldScatter compares the features by computing the distances with DTW. Finally, based on the profiles with respect to the DTW distances, ShieldScatter can identify and defend against the attacks with a one-class SVM classifier.

3.2. Backscatter Detection and Segmentation

Recall that ShieldScatter constructs sensitive multi-path propagation signatures by controlling the backscatter tags to work in turn. However, because of the latency of the tag initialization, the received signals always contain the component without backscatter, which makes the multi-path signatures not distinct in this component. Thus, to ensure to extract reliable feature from the received signals, ShieldScatter needs to detect and segments the received signals for the first step.

(a) Backscatter decoding.
(b) Energy envelope detection.
Figure 5. ShieldScatter detects and segments backscatter component by combining backscatter decoding and energy envelope detection.
(a) Original signals.
(b) Smoothing signals.
(c) Maximum.
Figure 6. Features extracted from the same device.
(a) Original signals.
(b) Smoothing signals.
(c) Maximum.
Figure 7. Features extracted from the different devices.

In our system, in order to segment the signals, we first decode the received signals using a moving average method as (Liu et al., 2013) where we use a sliding window with a length of 50 samples to smooth the signal. After smoothing, ShieldScatter decodes the message of backscatter signals as shown in Figure 5(a). In order to determine the segment, ShieldScatter follows the principle: if the AP can continuously decode the backscatter signals, then the corresponding original signals samples from the starting point to the ending point are considered as the segment that contains the backscatter signal. Accordingly, we mark the starting point and the ending point as and , respectively.

After that, ShieldScatter can achieve a raw signal segmentation to detect the backscatter. However, because of the imperfect circuit design and noise, it is not accurate enough to segment the signals. Thus, to improve the accuracy of the signal segmentation, we employ an energy envelope detecting method for assistance. Specifically, a sliding window upon the received signal amplitude is used to detect the backscatter, where we calculate the average energy within this sliding window by

(1)

where is the length of the sliding window, and is the amplitude of the sample at sample index . After calculating the energy of the signals, we can easily yield the energy envelope as shown in Figure 5

(b). It is obvious that the energy envelope changes greatly when the backscatter tags are working. Besides, we also find that the backscatter signal always locates at the center of samples without backscatter, which inspires us that the energy envelope will experience a large variance when backscatter is working. Thus, in order to determine the starting point to ending point of the segment that contains the backscatter signal, we calculate the variance of the energy envelope by

(2)

where represents we calculate the variance in every samples and represents the variance at index . Then, we determine the starting point and ending point of signals containing backscatter following the constraint

(3)

where represent the total number of , and represents the starting point and the ending point of the segment, respectively. is the dynamic threshold. According to our experimental study, we set the threshold as where is the minimum energy of all the tags and it can be obtained by the backscatter decoding.

Finally, we combine the method of backscatter decoding and energy envelope detecting to determine the segment by

(4)

where and represent the final decision for the starting point and the ending point of the segment, respectively.

3.3. Feature Extraction

Before constructing reliable multi-path propagation profiles, ShieldScatter should fetch representative features from the segments. According to the ambient backscatter theories [12], the backscatter signal is an additional multipath generated by the tag. This additional multipath can either constructively or destructively interfere with the ambient signal. All of these multipath mainly affect the amplitude of the ambient signal. Thus, to construct reliable signatures, from the obtained segments, ShieldScatter selects the features with respect to the signal amplitude.

Intuitively, ShieldScatter can directly use the received raw data (we call it as original signals in this paper) for comparison. However, the existing ambient noise will lower the similarity of the comparison, and thus only the original signal is not enough to construct a reliable propagation profile. Thus, in our system, besides original signal, five other significant features with respect to the signal amplitude, including smoothing signal, energy envelope, variance of the signals, maximum and minimum, are also extracted to construct our unique and sensitive multi-path propagation signatures to profile each legitimate user. Specifically, in order to acquire smoothing signal, ShieldScatter filters the original signals by using a sliding window. As for energy envelope, variance, maximum and minimum, ShieldScatter extracts these features by computing the average energy envelope, variance, maximum, and the minimum in every 50 data samples of the original signals. Accordingly, ShieldScatter can obtain six feature series for each of the segments obtained in Section 3.2. As shown in Figure 6 and Figure 7, the feature series are extracted from the signals of the same and different devices within the coherence time, respectively. It is obvious that the features are similar when the signals are from the same devices. Otherwise, if the signals are from different devices, the features extracted from these two signals are quite different. Accordingly, these representative features can be used to construct reliable profile and secure the legitimate user.

3.4. DTW Distance Searching

After acquiring the feature series from the segments, ShieldScatter needs to compare the features to detect active attackers. Thus, a reliable method to evaluate the similarity of the extracted features of the corresponding segments is needed. Intuitively, a simplest method is to calculate the correlation of every two corresponding feature series directly. However, because of the noise and imperfect circuit design of the backscatter tags, even though the methods combining the decoded and energy envelope have been exploited to detect and segment the signal, they still cannot guarantee an absolutely accurate partition of the received signal. Besides, since the transmitting signals are sinusoidal waves and our tags reflect the signal in a periodic way, the imperfect segmentation of the signals leads to the shifting of the features, which can be seen in Figure 6. Thus, simply computing the correlation to compare the feature series will lower the similarity and are not applicable to our system. Instead, a method that can mitigate the unfavorable effects caused by misalignment is more desirable for comparison in our design.

Figure 8. ShieldScatter searches the shortest distance to compare the similarity between the extracted features with DTW.

Inspired by PinIt (Wang and Katabi, 2013) and the method for the word matching in speech recognition, they have similar nature of signatures shifting. In order to mitigate the effect of misalignment, a most commonly used method DTW can be adopted to overcome this predicament. Thus, we compare the similarity of the features to construct the propagation profiles by using DTW distance computing (Salvador and Chan, 2007) as follows: supposed given the two feature series and of the corresponding segments (e.g., the feature maximum of Message 3 and the suspicious message in Figure 2), the goal of DTW is to find the minimum cost of the mapping sum from the feature series to . In particular, the cost of DTW from each sample of to the arbitrary sample in is defined by using the Euclidean distance

(5)

Then, based on the Euclidean distance between each two samples of these two feature series, a dynamic programming algorithm is used for DTW to search for the warp path distance. To understand the shortest path searching in ShieldScatter, we define the two feature series and of the features

(6)
(7)

where and represent the length of the these two series, respectively. Then, based on these two series, we construct a network matrix as shown in Figure 8, where each matrix in indicates the Euclidean distance corresponding to and . In order to search the best way to align and , DTW first starts from the point . Then, DTW searches the shortest way following these rules: (1) the next step in any matrix should be , or , which guarantees the monotonicity of the constraint for DTW; (2) the total cost of the distances should be the lowest. We define DTW in mathematical expressions as

(9)
s.t.

where represents the route matrix, and the starting-point and ending-point, respectively. indicates the horizontal axis coordinates at the step, and the two constraint conditions have guaranteed the boundary and monotonicity for the route selection in DTW.

Figure 9. The profiles of the legitimate user can be mapped into a feature space and separated from the attacking samples.

In our system, in order to reduce computational complexity, we compute the DTW distances by dividing the feature series into different chunks instead of directly computing using the entire original signal and smoothing signal, ShieldScatter segments the feature series equally into 128 chunks. Then, ShieldScatter computes the DTW distance in each corresponding chunk. As for energy envelope, variance, maximum and minimum, ShieldScatter divides them into 58 chunks and computes the DTW distances, respectively. Accordingly, we can finally obtain a propagation profile with respect to the DTW distance, which is a vector with the size of 488. Compared with the method of calculating correlation directly, DTW mitigates the effects caused by misalignment.

3.5. One-Class SVM Classification

Based on the similarity comparison of the extracted features, we obtain a propagation profile vector with the size of 488 for every processing. As mentioned, the signals from same devices will experience the same multipath caused by the intentional deployment tags, which will lead to high similarity and short DTW distance for the features. Otherwise, the DTW distances will be significant difference. Thus, we can transfer our problem of detecting the suspicious signals into the problem of distinguishing the propagation profile vectors so as to defend against the attacking signals.

At an intuitional level, in order to distinguish the propagation profile vectors, a most likely method is to set fixed thresholds for each value in the vector. Then, if all the values are lower than the corresponding thresholds, the signals can be considered as positive samples. However, this method is unreliable, since the received signals will be significantly affected by the environment noise in dynamic environments, which make it difficult to determine these fixed thresholds.

To distinguish the legitimate user and attacker profiles, ShieldScatter formulates our problem as a one-class classification model. In particular, as illustrated in Figure 9, given a large number of training profiles as , where is the number of profiles, and the profile vector of the profile . The size of each propagation profile vector with respect to the DTW distances is 488. As shown in Figure 9, in the original space (Schölkopf et al., 2001)

, if the profiles are positive and have short DTW distances, the profiles of these legitimate users will be similar and they will gather together closely. However, the samples that are from the attacker will be away from these positive profiles except for a few outliers that have short DTW distances. Thus, the goal of ShieldScatter is to find an optimal boundary to capture most of the positive samples and able to exclude the negative samples.

In order to define the optimal boundary, the strategy of one-class support vector machine (SVM) is to map the sample from the original space into a feature space using function . As shown in Figure 9

, in the feature space, the samples can be separated by a hyperplane with method of maximum margin, where this hyperplane is defined by some samples called support vectors in the training set. In order to seek out these support vectors, this problem can be formulated as

(11)
s.t.

where (0,1] is an upper bound on the fraction of the outliers and a lower bound on the fraction of support vectors. represents the Gaussian kernel, which is defined as

(12)
(13)

Then, the decision function of ShieldScatter is defined as

(14)

where is the sample of the testing profiles, the support vector and the function bias. Hence, the based on the hyperplane decided by the obtained support vectors, the testing profiles can be classified into either legitimate users or attackers.

3.6. Security Analysis

We finally integrates ShieldScatter with existing security protocols in the upper layers to enable device authentication and defend against active attacks. Sitting between upper-layer security protocols and PHY signal processing, ShieldScatter conforms to reasoning analogous to existing security protocols but differs in that ShieldScatter takes into account the propagation signatures to secure IoT authentication.

Deauthentication deadlock mitigation. There are various ways to launch DoS attacks. A typical type of DoS attacks takes the vulnerability before a secure link has been established. As shown in Figure 10(a), we consider that an authentication handshake is in progress. During the authentication handshakes, to deauthenticate the establishment, an attacker can inject an unauthorized deauthentication notification after receiving an acknowledgement (ACK) from the AP, which accordingly leads to a protocol deadlock.

(a) Deauthentication mitigation.
(b) Jamming and replay mitigation.
Figure 10. ShieldScatter integrates with existing security protocols in the upper layers to enable device authentication and defend against active attacks.

To defend against the deauthentication deadlock, ShieldScatter adds an additional propagation signature processing at the AP with slight protocol changes. Specifically, ShieldScatter controls the message transmission of handshake within the coherence time. Then, upon hearing the deauthentication command, ShieldScatter can compare the similarity between the deauthentication command and the following Message with the operations mentioned in Section 3. If the one-class SVM identifies that the deauthentication command is from the attacker, the AP will drop this data frame in the upper layer. Accordingly, ShieldScatter can easily defend against attacks.

Jamming and replay mitigation. An attacker can launch a jamming and replay attack by equipping multiple antennas. A multi-antenna attacker can jam the association packets reception with one directional antenna and records the packet with another antenna. The attacker then replays the recorded packets to the legitimate device.

As illustrated in Figure 10(b), we also take the handshake processing and deauthentication deadlock into account. During this process, an attacker first injects an unauthenticated deauthentication notification after receiving the ACK from the AP. When detecting the following Message, the attacker jams this reception at the AP with one directional antenna, while at the same time records Message with another directional antenna. The attacker then replays the recorded Message to the AP. Thus, both of deauthentication command and Message are from the attacker and the multi-path signatures will be the same. However, when the attacker jams the reception of Message, the multi-path signatures at each tag during jamming are the superposition of the legitimate user and attacker. This will lead to a large difference in the energy for each tag. Thus, ShieldScatter can easily detect this difference and defend against the attacks.

Figure 11. We employ two USRPs to act as the AP and legitimate user at a distance of 2.5 m. At the same time, several tags are deployed around the AP to create multi-path signatures. Besides, another two-antennas USRP is used to act as active attacker.

Channel spoofing mitigation. Using wireless physical layer information for location distinction has been explored for many years (Patwari and Kasera, 2007; Li et al., 2006; Liu et al., 2010). It has been discovered that the characteristics of the wireless channel will be uncorrelated every a half carrier wavelength over distance (He et al., 2013). However, the work in (Fang et al., 2014) has found new attacks against these approaches by emulating the multi-path signatures.

The advantage of Shieldscatter is that this method make it difficult for the attackers to select the real multi-path signatures created by the backscatter tags. Specifically, in our system, ShieldScatter can randomly control the order of tags, as long as it guarantees that the order of the tags is the same in every process. Even though the attacker has emulated all the multi-path signatures, it still cannot decide which multi-path signature is the true one in each time when attacking. Thus, ShieldScatter is more reliable than the methods that simply compare the channel correlation.

4. Implementation

As shown in Figure 11, the prototype of ShieldScatter is implemented using multiple backscatter tags and three GNURadio/USRP B210 nodes. The backscatter tags are implemented according to (Liu et al., 2013). We tailor the antenna design to allow tags to work at 900 MHz which is a commonly used frequency for IoT devices. All the tags are deployed around the AP at a distance of 15 cm (i.e., half of the wavelength). In our experiment, both tags transmit data with a bitrate of 10 kbps. Besides, one USRP node equipped with two antennas acts as an active attacker, who monitors RSS variations with one of the antennas while transmitting fake data using the other antenna. The other two USRP nodes are used as the legitimate user and AP, respectively and each of them contains only one antenna. In our experiment, we require the legitimate user and AP to complete the challenge-response protocol in 100 ms so as to maintain the channel to be stable.

Figure 12. Floor plan of our evaluation environment. A and B represent the places of legitimate user and AP, respectively.

5. Evaluation

In our experiment, we evaluate the performance of ShieldScatter in both static and dynamic environments as shown in Figure 12. We employ two USPRs to emulate a legitimate user and an AP which are deployed at a distance of 2.5 m. Specifically, we place the user at different locations (e.g., the blue blocks) and the AP at location B, respectively. Besides, another USRP that contains two antennas is deployed at different locations (e.g., the red dot in Figure 12) to act as an active attacker. In static environment, we conduct our experiment and collect the signals during the day and at night. Besides, we also evaluate the performance in common home environments where we consider the legitimate user and AP are in both line-of-sight (LoS) and none line-of-sight (NLoS) scenarios. In order to construct a NLoS environment, we deploy different kinds of obstacles between the legitimate users and AP. As for dynamic environment, two people are asked to walk around when we perform the experiments.

Figure 13. The performance with respect to the varying parameter .

In our experiment, a total number of 1,700 propagation signatures are collected within a month for ShieldScatter in both static and dynamic environments. Then, ShieldScatter extracts the features to construct the profiles for all of these data samples. 577 of the propagation profiles are used to train and construct our one-class SVM model and the rest of the profiles are used to test the performance of ShieldScatter.

Metrics. We employ the following metrics to evaluate the performance of our system.

  • True positive rate. True positive (TP) rate is defined to be the ratio of the number of propagation profiles in which the samples from the legitimate user is correctly detected to the total number of samples.

  • False positive rate. False positive (FP) rate is the ratio of the number of propagation profiles in which the samples from the active attackers is falsely recognized as being the legitimate user to the total number of samples.

5.1. Parameter Determination

The first step in our experiment is to determine the parameter for the one-class SVM model. As mentioned before, is a significant parameter to constrain the bound of outliers and support vectors, and the range of is . In order to determine the parameter , we exploit 500 groups of positive data samples and 77 groups of negative samples for input to training the one-class model ranging from 0 to 1 for the parameter . As shown in Figure 13, it is obvious that the accuracy of correctly detecting the legitimate user decreases with the parameter . However, the accuracy of detecting the active attackers increases when the parameter grows. That is because when parameter increases, the bound between the legitimate samples and attacker samples tightens. Sequentially, the outliers (i.e., the attacker) are excluded from the positive samples. However, the larger the parameter increases, the smaller the boundary becomes. In that case, some positive samples are recognized as the outliers and excluded from the positive samples. Thus, in order to determine the optimal for the one-class SVM model, we make a tradeoff between them. As shown in the Figure 13, we select the parameter at intersection point between these two curves. Accordingly, we can achieve the accuracy of 93.7% for legitimate users and active attacker detection when the parameter is set as 0.16.

5.2. Static Environment

Based on the determination of parameter , we evaluate the performance of ShieldScatter in the static environment, where we keep the legitimate user, the AP, and the attackers static. Then, we evaluate ShieldScatter with respect to the distance between the legitimate user and active attackers, the effects in both LoS and NLoS scenarios, and the number of backscatter tags attached around the AP.

Figure 14. The performance with respect to the varying distances between the attacker and legitimate user in static environment.
Figure 15. The performance when the channel is sheltered by different obstacles.

Distance between legitimate user and attackers. Usually, the attacker will be far away from the legitimate user. However, if the attacker is small enough and has the ability to get close to legitimate users, it will be a challenge for the IoT devices. Thus, in order to defend against the attackers that are close to the legitimate users, we first evaluate the performance of our system combined with the different distance between the legitimate users and active attackers. In particular, we evaluate the performance in different distances and different directions between the legitimate users and AP ranging from 10 cm to 2 m. After that, we collect the data to construct the profiles as input to test our system.

As shown in Figure 14, it is obvious that when the attacker is far away from the legitimate user, ShieldScatter can achieve an average TP rate of 93.6% and FP rate of 3%. However, if the legitimate user is close to the attacker, especially when the distances are lower than 15 cm, the FP rate increases dramatically. That is because if the attacker is close enough to the legitimate user, the multi-paths of them caused by the backscatter tags are extremely similar. However, in our experiment, even when the distance is closer to 15 cm, we can still achieve an average FP rate lower than 10%, which is acceptable for the daily smart home loT devices.

Figure 16. The performance with respect to the varying number of backscatter tags.

Effects of LoS and NLoS scenarios. For smart home devices, a common situation is that the direct path will be sheltered in some cases. For example, different obstacles will shield the path between the legitimate user and the AP, which accordingly has significant impacts on the backscatter signals. Thus, in order to overcome this predicament, we next evaluate the performance of ShieldScatter in both line-of-sight (LoS) and non-line-of-sight (NLoS) scenarios. Specifically, in order to emulate situations of LoS and NLoS, we exploit the different kinds of common obstacles in daily life, such as wood, plastic, metal and the human body, to shield the direct path between the legitimate user and the AP. Then, we test the performance of our system.

As shown in Figure 15, we can yield an average TP rate of 93.65% and FP rate lower than 3.1% in the LoS scenarios. However, if there are obstacles shielding the path between them, the accuracy of legitimate user detection slightly decreases, especially for the metal medium. That is because the metal, a conducting medium, has a shielding effect on the radio propagation. However, we can still achieve an average TP rate of 92% and FP rate lower than 5%, which is acceptable and we can confirm that ShieldScatter is reliable even though the channel is sheltered by the daily obstacles.

Number of backscatter tags. In our experiment, the number of the backscatter tags used to deploy around the AP and construct multi-path signatures is an important factor for the radio propagation. Thus, we then evaluate the performance when using a different number of backscatter tags attached around the AP.

As shown in Figure 16, we can observe that if we just attach one or two backscatter tags on the AP, ShieldScatter can achieve an average FP rate higher than 10%. It is because the active attacker can easily calculate the distance and power between the legitimate user and the AP. Then the attacker can carefully select the transmitting power and locations for attacking. However, if we deploy three tags, the attacker is harder to keep the arrived power for each tag being similar to the power from the legitimate user. Hence, we can achieve an average TP rate as high as 93.7% and FP rate lower than 3%. In addition, if we exploit too many tags (e.g., 4 tags), it leads to strict constraints to the received signal, and accordingly achieve a lower FP rate and lower TP rate. Therefore, three backscatter tags are a appropriate choice in our system.

Figure 17. The performance with respect to the varying distances between the attacker and legitimate user in dynamic environment.

5.3. Dynamic Environment

People walking around. ShieldScatter considers another practical environment for the daily smart home devices, that is, the scenario where some people are walking around. As shown in Figure 12, in order to emulate the dynamic environment, two volunteers are asked to walk around the devices, approach the user, go across the channel and carry out the daily activities. Then, we evaluate the performance with respect to different distances between the legitimate user and attacker.

As shown in Figure 17, compared with the results in static environment, when the environment is dynamic, the TP and FP rates of ShieldScatter have slight fluctuation caused by environment noise. However, when we exploit the filter to remove the noise caused by the dynamic effects, ShieldScatter can still maintain an average TP rate higher than 91%, which is acceptable for the smart home IoT devices. Besides, ShieldScatetr achieves an average FP rate lower than 1.9%, when the distance is larger than 20 cm. That is because the channel fluctuation makes it more difficult for the attacker to emulate the power for each tag. Thus, our system can remain reliable even in the dynamic environment.

Slight movement of the legitimate user. ShieldScatter takes into account the case that the smart home devices are slightly moved. Specifically, as shown in Figure 12, the legitimate user is first placed at location A, and then it is moved to a different place as the blue blocks. Then, we evaluate the performance of our system with respect to the distance between the location A and the user.

As shown in Figure 18, we can achieve an average FP rate lower than 3% when the user is moved to different locations. On the other hand, when the legitimate user is placed at location A, we can achieve a TP rate of 93%. Then, if we move the user within a short distance (e.g., within 30 cm), the TP rate remains stable. When the user moves to a longer distance, the TP rate would decrease. However, we can still achieve a TP rate larger than 87% even though the movement distance is 50 cm. Therefore, slight movements of the legitimate user are allowed in our system.

Figure 18. The performance when the legitimate user is slightly moved.
Figure 19. The performance with respect to the varying number of data samples to train the model.

5.4. Impact Factors for SVM

In this section, we evaluate the following two key impact factors on our one-class SVM system.

Training size. In our experiment, ShieldScatter needs to exploit a training set to train a one-class SVM classifier. Then, based on well-trained classifier, we test the testing profiles to detect the legitimate user and defend against the suspicious signals. Thus, it is necessary to select appropriate number of the training set to train and construct the classifier for ShieldScatter. In particular, we train our model with respect to different number of profiles ranging from 50 to 1,000 samples.

As described in Figure 19, when the data samples used to train the one-class SVM model are less than 200, ShieldScatter can achieve average TP rate lower than 90%. However, when we adopt the training samples larger than 600, we can achieve a relatively reliable TP rate of 93.6% and FP rate lower than 3%. Consequently, we leverage 577 samples to train and construct our profile.

The ratio of positive to negative samples. Based on the priori knowledge about one-class SVM, the ratio of positive to negative samples that used to train the model is an important factor. Thus, we evaluate the performance combined with different ratio of between them. Additionally, a noticeable constraint for one-class SVM model that the ratio of positive to negative samples should be very large. In other words, one-class SVM model generally makes use of large number of positive and a few or even no negative samples to train the model. Thus, we study the performance of ShieldScatter with respect to the low ratio of positive to negative samples ranging from 0.05 to 0.5.

As presented in Figure 20, when the number of the negative samples is too small, for example, the ratio of positive to negative samples is lower than 0.05, ShieldScatter achieves an average TP rate lower than 90% and FP rate larger than 10%. This is because if the negative sample are too small, the suspicious signals on the bound are circled in legitimate user but the positive samples are moved out. Conversely, if the number of the negative samples are too large, the model is unable to distinguish the positive and negative samples, which will lead to lower detection accuracy for the model. Therefore, ShieldScatter selects the ratio of positive to negative samples as low as 0.154 for the model training.

Figure 20. The performance with respect to the varying ratios of positive to negative samples.

6. Related work

Backscatter communications. Backscatter communication has been considered as a promising communication mechanism in the future. Ambient backscatter originates from the RFID systems that makes use of RFID readers to provide power and communicate with battery-free tags (Wang et al., 2012). The difference between them is that backscatter can harvest ambient RF signal and enable two RF-powered devices to communicate by scattering and creating the path on the ambient signals  (Liu et al., 2013). Besides, in order to enable different RF-powered devices to communicate with each other, WiFi backscatter, FM backscatter and FS backscatter are proposed (Kellogg et al., 2014; Wang et al., 2017; Zhang et al., 2016), which makes backscatter communication become applicable for current IoT devices. In our study, ShieldScatter employs the backscatter tags as (Liu et al., 2013) to create significant multi-path propagation signatures and construct unique profile for the IoT device.

Physical-layer propagation signatures. Recent years, fine-grained physical-layer propagation signatures  (Liu and Ning, 2012; Wang et al., 2018; Xiao et al., 2009; Zhang et al., 2008)have been successfully used to secure wireless system. For example, SecureArray (Xiong and Jamieson, 2013) secures WiFi by using AoA information to construct sensitive signatures. Besides, some researchers seek for other signatures, such as received signal strength (RSS) for user authentication (Cai et al., 2011; Chandrasekaran et al., 2009). Proximate (Mathur et al., 2011) securely pairs two devices in proximity within a half-wavelength distance by comparing their RSS variations. Wanda (Pierson et al., 2016) employs two antennas to authenticate the devices in proximity according to the large RSS variations between the two antennas. However, these studies need two or more antennas to construct the signatures, which will be not appropriate for the smart home IoT devices that contain only one antenna. Different from the past works, ShieldScatter secures the IoT devices without additional antennas and it can still achieve high detecting accuracy with several low-cost backscatter tags for assistance.

Wireless localization. Accurate localization can help detect the signals and secure the IoT devices. SpotFi (Kotaru et al., 2015) can achieve high localization accuracy for the devices by combining AoA signatures with time of flight (ToF). WiTag (Kotaru et al., 2017) localizes the backscatter tags using commodity WiFi signals. Other localization systems, such as RFID, are also explored to localize the IoT devices (Wang et al., 2013; Wang and Katabi, 2013; Yang et al., 2014). PinIt (Wang and Katabi, 2013) deploys large number of RFID tags around the devices and then exploits multipath to localize the target that has the similar multipath profiles. All these RFID-based methods need a dedicated RFID reader to help communicate with the tags.

7. Conclusion

We present ShieldScatter, a lightweight system to secure IoT devices pairing and data transmission by intentionally creating multi-path signatures by using several low-cost backscatter tags that are attached to an AP or IoT device. ShieldScatter secures IoT devices without using an expensive antenna array or hardware modification to existing devices. We have evaluated the performance of ShieldScatter in both static and dynamic environments. Our results show that even the attacker is located only 15 cm away from the legitimate device, ShieldScatter with merely three backscatter tags can mitigate 97% of spoofing attack attempts while at the same time triggering false alarms on just 7% of legitimate traffic.

Acknowledgements.
The research was supported in part by the National Science Foundation of China under Grant 61871441, 61502114, 91738202, and 61531011, Major Program of National Natural Science Foundation of Hubei in China with Grant 2016CFA009, Key Laboratory of Dynamic Cognitive System of Electromagnetic Spectrum Space (Nanjing Univ. Aeronaut. Astronaut.), Ministry of Industry and Information Technology, Nanjing, 211106, China with KF20181911.

References

  • (1)
  • Cai et al. (2011) Liang Cai, Kai Zeng, Hao Chen, and Prasant Mohapatra. 2011. Good neighbor: Secure pairing of nearby wireless devices by multiple antennas. In Proceedings of Network and Distributed Systems Security Symposium.
  • Chandrasekaran et al. (2009) Gayathri Chandrasekaran, John-Austen Francisco, Vinod Ganapathy, Marco Gruteser, and Wade Trappe. 2009. Detecting identity spoofs in IEEE 802.11 e wireless networks. In Global Telecommunications Conference, 2009. GLOBECOM 2009. IEEE. IEEE, 1–6.
  • Dietrich and Dhamija (2007) Sven Dietrich and Rachna Dhamija. 2007. Financial Cryptography and Data Security. Lecture Notes in Computer Science 4886 (2007).
  • Fang et al. (2014) Song Fang, Yao Liu, Wenbo Shen, and Haojin Zhu. 2014. Where are you from?: confusing location distinction using virtual multipath camouflage. In Proceedings of the 20th annual international conference on Mobile computing and networking. ACM, 225–236.
  • Gehrmann et al. (2004) Christian Gehrmann, Chris J Mitchell, and Kaisa Nyberg. 2004. Manual authentication for wireless devices. RSA Cryptobytes 7, 1 (2004), 29–37.
  • He et al. (2013) Xiaofan He, Huaiyu Dai, Wenbo Shen, and Peng Ning. 2013. Is link signature dependable for wireless security?. In INFOCOM, 2013 Proceedings IEEE. IEEE, 200–204.
  • Jiang et al. (2013) Zhiping Jiang, Jizhong Zhao, Xiang-Yang Li, Jinsong Han, and Wei Xi. 2013. Rejecting the attack: Source authentication for wi-fi management frames using csi information. In INFOCOM, 2013 Proceedings IEEE. IEEE, 2544–2552.
  • Kellogg et al. (2014) Bryce Kellogg, Aaron Parks, Shyamnath Gollakota, Joshua R Smith, and David Wetherall. 2014. Wi-Fi backscatter: Internet connectivity for RF-powered devices. In ACM SIGCOMM Computer Communication Review, Vol. 44. ACM, 607–618.
  • Kotaru et al. (2015) Manikanta Kotaru, Kiran Joshi, Dinesh Bharadia, and Sachin Katti. 2015. Spotfi: Decimeter level localization using wifi. In ACM SIGCOMM Computer Communication Review, Vol. 45. ACM, 269–282.
  • Kotaru et al. (2017) Manikanta Kotaru, Pengyu Zhang, and Sachin Katti. 2017. Localizing Low-power Backscatter Tags Using Commodity WiFi. In Proceedings of the 13th International Conference on emerging Networking EXperiments and Technologies. ACM, 251–262.
  • Li et al. (2006) Zang Li, Wenyuan Xu, Rob Miller, and Wade Trappe. 2006. Securing wireless systems via lower layer enforcements. In Proceedings of the 5th ACM workshop on Wireless security. ACM, 33–42.
  • Liu et al. (2013) Vincent Liu, Aaron Parks, Vamsi Talla, Shyamnath Gollakota, David Wetherall, and Joshua R Smith. 2013. Ambient backscatter: wireless communication out of thin air. In ACM SIGCOMM Computer Communication Review, Vol. 43. ACM, 39–50.
  • Liu and Ning (2012) Yao Liu and Peng Ning. 2012. Enhanced wireless channel authentication using time-synched link signature. In INFOCOM, 2012 Proceedings IEEE. IEEE, 2636–2640.
  • Liu et al. (2010) Yao Liu, Peng Ning, and Huaiyu Dai. 2010. Authenticating primary users’ signals in cognitive radio networks via integrated cryptographic and wireless link signatures. In Security and Privacy (SP), 2010 IEEE Symposium on. IEEE, 286–301.
  • Mathur et al. (2011) Suhas Mathur, Robert Miller, Alexander Varshavsky, Wade Trappe, and Narayan Mandayam. 2011. Proximate: proximity-based secure pairing using ambient wireless signals. In Proceedings of the 9th international conference on Mobile systems, applications, and services. ACM, 211–224.
  • Patwari and Kasera (2007) Neal Patwari and Sneha K Kasera. 2007. Robust location distinction using temporal link signatures. In Proceedings of the 13th annual ACM international conference on Mobile computing and networking. ACM, 111–122.
  • Pierson et al. (2016) Timothy J Pierson, Xiaohui Liang, Ronald Peterson, and David Kotz. 2016. Wanda: securely introducing mobile devices. In INFOCOM 2016-The 35th Annual IEEE International Conference on Computer Communications, IEEE. IEEE, 1–9.
  • Salvador and Chan (2007) Stan Salvador and Philip Chan. 2007. Toward accurate dynamic time warping in linear time and space. Intelligent Data Analysis 11, 5 (2007), 561–580.
  • Schölkopf et al. (2001) Bernhard Schölkopf, John C Platt, John Shawe-Taylor, Alex J Smola, and Robert C Williamson. 2001. Estimating the support of a high-dimensional distribution. Neural computation 13, 7 (2001), 1443–1471.
  • Steele and Hanzo (1999) Raymond Steele and Lajos Hanzo. 1999. Mobile Radio Communications: Second and Third Generation Cellular and WATM Systems: 2nd. IEEE Press-John Wiley.
  • Wang et al. (2017) Anran Wang, Vikram Iyer, Vamsi Talla, Joshua R Smith, and Shyamnath Gollakota. 2017. FM Backscatter: Enabling Connected Cities and Smart Fabrics.. In NSDI. 243–258.
  • Wang et al. (2013) Jue Wang, Fadel Adib, Ross Knepper, Dina Katabi, and Daniela Rus. 2013. RF-compass: Robot object manipulation using RFIDs. In Proceedings of the 19th annual international conference on Mobile computing & networking. ACM, 3–14.
  • Wang et al. (2012) Jue Wang, Haitham Hassanieh, Dina Katabi, and Piotr Indyk. 2012. Efficient and reliable low-power backscatter networks. In Proceedings of the ACM SIGCOMM 2012 conference on Applications, technologies, architectures, and protocols for computer communication. ACM, 61–72.
  • Wang and Katabi (2013) Jue Wang and Dina Katabi. 2013. Dude, where’s my card?: RFID positioning that works with multipath and non-line of sight. In ACM SIGCOMM Computer Communication Review, Vol. 43. ACM, 51–62.
  • Wang et al. (2018) Wei Wang, Lin Yang, Qian Zhang, and Tao Jiang. 2018. Securing On-Body IoT Devices By Exploiting Creeping Wave Propagation. IEEE Journal on Selected Areas in Communications (2018).
  • Xiao et al. (2009) Liang Xiao, Larry J Greenstein, Narayan B Mandayam, and Wade Trappe. 2009. Channel-based detection of sybil attacks in wireless networks. IEEE Transactions on Information Forensics and Security 4, 3 (2009), 492–503.
  • Xiong and Jamieson (2013) Jie Xiong and Kyle Jamieson. 2013. Securearray: Improving wifi security with fine-grained physical-layer information. In Proceedings of the 19th annual international conference on Mobile computing & networking. ACM, 441–452.
  • Yang et al. (2014) Lei Yang, Yekui Chen, Xiang-Yang Li, Chaowei Xiao, Mo Li, and Yunhao Liu. 2014. Tagoram: Real-time tracking of mobile RFID tags to high precision using COTS devices. In Proceedings of the 20th annual international conference on Mobile computing and networking. ACM, 237–248.
  • Zhang et al. (2008) Junxing Zhang, Mohammad H Firooz, Neal Patwari, and Sneha K Kasera. 2008. Advancing wireless link signatures for location distinction. In Proceedings of the 14th ACM international conference on Mobile computing and networking. ACM, 26–37.
  • Zhang et al. (2016) Pengyu Zhang, Mohammad Rostami, Pan Hu, and Deepak Ganesan. 2016. Enabling practical backscatter communication for on-body sensors. In Proceedings of the 2016 ACM SIGCOMM Conference. ACM, 370–383.