An official website of the United States government
We consider the multiple-input multiple-output (MIMO) wiretap channel with intersymbol interference (ISI) in which a transmitter (Alice) wishes to securely communicate with a receiver (Bob) in presence of an eavesdropper (Eve). We focus on the practically relevant setting in which there is no channel state information (CSI) at Alice about either of the channels to Bob or Eve, except statistical information about the ISI channels (i.e., Alice only knows the effective number of ISI taps). The key contribution of this work is to show that even with no CSI at Alice, positive secure degrees of freedom (SDoF) are achievable by carefully exploiting a) the heterogeneity of the ISI links to Bob and Eve, and b) the relative number of antennas at all the three terminals. To this end, we propose a novel achievable scheme that carefully mixes information and artificial noise symbols in order to exploit ISI heterogeneity to achieve positive SDoF. To the best of our knowledge, this is the first work to explore the idea of exploiting ISI channel length heterogeneity to achieve positive SDoF for the MIMO wiretap channel with no CSI at the legitimate transmitter.
more »
« less
This content will become publicly available on May 19, 2025
Guessing on Dominant Paths: Understanding the Limitation of Wireless Authentication Using Channel State Information
The channel state information (CSI) has been extensively studied in the literature to facilitate authentication in wireless networks. The less focused is a systematic attack model to evaluate CSI-based authentication. Existing studies generally adopt either a random attack model that existing designs are resilient to or a specific-knowledge model that assumes certain inside knowledge for the attacker. This paper proposes a new, realistic attack model against CSI-based authentication. In this model, an attacker Eve tries to actively guess a user Alice’s CSI, and precode her signals to impersonate Alice to the verifier Bob who uses CSI to authenticate users. To make the CSI guessing effective and low-cost, we use theoretical analysis and CSI dataset validation to show that there is no need to guess CSI values in all signal propagation paths. Specifically, Eve can adopt a Dominant Path Construction (DomPathCon) strategy that only focuses on guessing the CSI values on the first few paths with the highest channel response amplitude (called dominant paths). Comprehensive experimental results show that DomPathCon is effective and achieves up to 61% attack success rates under different wireless network settings, which exposes new limitations of CSI-based authentication. We also propose designs to mitigate the adverse impact of DomPathCon.
more »
« less
- Award ID(s):
- 2316720
- PAR ID:
- 10545748
- Publisher / Repository:
- IEEE
- Date Published:
- ISBN:
- 979-8-3503-3130-1
- Page Range / eLocation ID:
- 2740 to 2758
- Format(s):
- Medium: X
- Location:
- San Francisco, CA, USA
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
A central challenge in password security is to characterize the attacker's guessing curve i.e., what is the probability that the attacker will crack a random user's password within the first G guesses. A key challenge is that the guessing curve depends on the attacker's guessing strategy and the distribution of user passwords both of which are unknown to us. In this work we aim to follow Kerckhoffs's principal and analyze the performance of an optimal attacker who knows the password distribution. Let \lambda_G denote the probability that such an attacker can crack a random user's password within G guesses. We develop several statistically rigorous techniques to upper and lower bound \lambda_G given N independent samples from the unknown password distribution P. We show that our upper/lower bounds on \lambda_G hold with high confidence and we apply our techniques to analyze eight large password datasets. Our empirical analysis shows that even state-of-the-art password cracking models are often significantly less guess efficient than an attacker who can optimize its attack based on its (partial) knowledge of the password distribution. We also apply our statistical tools to re-examine different models of the password distribution i.e., the empirical password distribution and Zipf's Law. We find that the empirical distribution closely matches our upper/lower bounds on \lambda_G when the guessing number G is not too large i.e., G << N. However, for larger values of G our empirical analysis rigorously demonstrates that the empirical distribution (resp. Zipf's Law) overestimates the attacker's success rate. We apply our statistical techniques to upper/lower bound the effectiveness of password throttling mechanisms (key-stretching) which are used to reduce the number of attacker guesses G. Finally, if we are willing to make an additional assumption about the way users respond to password restrictions, we can use our statistical techniques to evaluate the effectiveness of various password composition policies which restrict the passwords that users may select.more » « less
-
Orthogonal blinding based schemes for wireless physical layer security aim to achieve secure communication by injecting noise into channels orthogonal to the main channel and corrupting the eavesdropper’s signal reception. These methods, albeit practical, have been proven vulnerable against multiantenna eavesdroppers who can filter the message from the noise. The venerability is rooted in the fact that the main channel state remains stasis in spite of the noise injection, which allows an eavesdropper to estimate it promptly via known symbols and filter out the noise. Our proposed scheme leverages a reconfigurable antenna for Alice to rapidly change the channel state during transmission and a compressive sensing based algorithm for her to predict and cancel the changing effects for Bob. As a result, the communication between Alice and Bob remains clear, whereas randomized channel state prevents Eve from launching the knownplaintext attack. We formally analyze the security of the scheme against both single and multi-antenna eavesdroppers and identify its unique anti-eavesdropping properties due to the artificially created fast changing channel. We conduct extensive simulations and real-world experiments to evaluate its performance. Empirical results show that our scheme can suppress Eve’s attack success rate to the level of random guessing, even if she knows all the symbols transmitted through other antenna modes.more » « less
-
Galdi, Celemente; Jarecki, Stanislaw (Ed.)In the past decade billions of user passwords have been exposed to the dangerous threat of offline password cracking attacks. An offline attacker who has stolen the cryptographic hash of a user's password can check as many password guesses as s/he likes limited only by the resources that s/he is willing to invest to crack the password. Pepper and key-stretching are two techniques that have been proposed to deter an offline attacker by increasing guessing costs. Pepper ensures that the cost of rejecting an incorrect password guess is higher than the (expected) cost of verifying a correct password guess. This is useful because most of the offline attacker's guesses will be incorrect. Unfortunately, as we observe the traditional peppering defense seems to be incompatible with modern memory hard key-stretching algorithms such as Argon2 or Scrypt. We introduce an alternative to pepper which we call Cost-Asymmetric Memory Hard Password Authentication which benefits from the same cost-asymmetry as the classical peppering defense i.e., the cost of rejecting an incorrect password guess is larger than the expected cost to authenticate a correct password guess. When configured properly we prove that our mechanism can only reduce the percentage of user passwords that are cracked by a rational offline attacker whose goal is to maximize (expected) profit i.e., the total value of cracked passwords minus the total guessing costs. We evaluate the effectiveness of our mechanism on empirical password datasets against a rational offline attacker. Our empirical analysis shows that our mechanism can reduce the percentage of user passwords that are cracked by a rational attacker by up to 10%.more » « less
-
Galdi, C; Jarecki, S. (Ed.)In the past decade billions of user passwords have been exposed to the dangerous threat of offline password cracking attacks. An offline attacker who has stolen the cryptographic hash of a user’s password can check as many password guesses as s/he likes limited only by the resources that s/he is willing to invest to crack the password. Pepper and key-stretching are two techniques that have been proposed to deter an offline attacker by increasing guessing costs. Pepper ensures that the cost of rejecting an incorrect password guess is higher than the (expected) cost of verifying a correct password guess. This is useful because most of the offline attacker’s guesses will be incorrect. Unfortunately, as we observe the traditional peppering defense seems to be incompatible with modern memory hard key-stretching algorithms such as Argon2 or Scrypt. We introduce an alternative to pepper which we call Cost-Asymmetric Memory Hard Password Authentication which benefits from the same cost-asymmetry as the classical peppering defense i.e., the cost of rejecting an incorrect password guess is larger than the expected cost to authenticate a correct password guess. When configured properly we prove that our mechanism can only reduce the percentage of user passwords that are cracked by a rational offline attacker whose goal is to maximize (expected) profit i.e., the total value of cracked passwords minus the total guessing costs. We evaluate the effectiveness of our mechanism on empirical password datasets against a rational offline attacker. Our empirical analysis shows that our mechanism can significantly reduce the percentage of user passwords that are cracked by a rational attacker by up to 10%.more » « less
