Exploiting CSI-MIMO for Accurate and Efficient Device Identification

Abstract

Due to the inherent broadcast nature of the wireless medium, Wireless Local Area Networks (WLANs) are targets of a variety of malicious attacks, for example, MAC identity spoofing, rogue AP attack, and network freeloading. These attacks invite security and privacy threats and hinder the worry-free deployment of WLAN networks. To thwart these attacks, existing research has proposed to use hardware-specific imperfections as a unique unforgeable fingerprint for the APs and/or clients. Unfortunately, existing solutions are limited to static and stable environments or use customized hardware preventing their wide-scale adoption. To overcome the limitations, in this work, we propose to use the distribution of relative phase differences between MIMO-radio transmitter oscillators as a distinguishing trait or fingerprint. More specifically, we show that the nonidealities of the multiple RF chains on a single MIMO-OFDM (Multiple Input Multiple Output-Orthogonal Frequency Division Multiplexing) transmitter can be extracted and utilized as a reliable device fingerprint. Each transmitter RF chain has a random initial phase offset, and their difference relative to one another is stable over time, differs uniquely for each transmitter device and cannot be altered by the adversary without significant effort and cost. Our functional prototype measures these unknown phase differences using PHY-layer Channel State Information (CSI) of the in-band channel obtained from off-the-shelf hardware. Our design eliminates expensive custom-built hardware, is invariant to environmental variations and supports device mobility making it practical and deployable in real indoor settings. Experimental evaluation using 17 Intel Network Interface Cards (NICs) resulted in 97 % and 92 % device identification accuracy for static and mobile device states respectively. Such promising results with identical model and manufacturer devices wherein underlying manufacturing variations are typically low showcase the effectiveness of our design and suggest even higher accuracy across multi-model and multi-manufacturer cards because of the higher manufacturing variations.