Abstract : Proximity-based authentication enables wireless access points (AP) to allow connection only to devices within a certain authentication range. This would be very convenient for allowing network access only to those within a physical boundary. However, an attacker not within the authentication range may deceive the AP into authenticating its proximity by eavesdropping with higher receiver gain and increasing its transmit power. This can be done easily using an amplifier or a directional antenna. To address this challenge, we propose ‘Fixed MCS SNR (FMS)’ filtering scheme based on the intuition that high MCS requires high SNR, and amplifying the received signal strength does not necessarily improve SNR. We experimentally show that this is true in reality, and our real-world evaluation in various environments (14 locations) shows that FMS scheme prevents ‘amplifier attacks’ in all cases. To further counter the false positives of FMS against ‘directional antenna attacks’ (avg. 35.7%), we also propose ‘Authentication Motion with Signal strength gap (AMS)’ filtering scheme which defends against both attacks in all cases at the cost of requiring the user to make a simple motion. FMS or AMS scheme can be selected according to the application requirement to enhance the security of proximity-based authentication in upcoming IoT.
Index terms : IEEE 802.11n, proximity-based authentication, security, wireless, authentication