Research On Cross-Layer Security Authentication Technology Via Physical Layer Characteristics

As a representative of the integration of mobile communication and Internet,mobile Internet brings convenience to people’s daily life and work,and also faces many security issues due to the broadcast characteristic of wireless links.Access authentication provides the first line of defense against network attacks,so it is very important for network security.Generally,in the applications of mobile Internet like Internet of things(Io T),intelligent terminals are mostly miniaturized and low-power resource limited devices,which are difficult to afford high complexity password-based authentication mechanism.In addition,the authentication schemes based on traditional cryptographic algorithms are also difficult to resist internal attacks such as clone and Sybil.Physical-layer(PHY-layer)authentication is very suitable for the scenario with a large number of Io T terminal devices because of its characteristics of high security,low complexity and lightweight.Physical characteristics concerned in this thesis include PHYlayer channel state information(CSI)fingerprint and PHY-layer radio frequency fingerprint(RFF).Thus,PHY-layer authentication can be divided into CSI authentication and RFF authentication.The CSI authentication is based on the space-time uniqueness and randomness of wireless channels.It can identify whether two consecutive data packets come from the same terminal by the CSI authentication,but can not determine whether the terminal sending the packet is legitimate.Unlike CSI authentication,RFF authentication is based on the uniqueness of RFF.It is able to verify the legitimacy of the terminal.Therefore,the legitimacy of terminals and packets can be simultaneously authenticated by the combination of RFF authentication and CSI authentication,so as to ensure the security of communication.However,the authentication accuracy of traditional CSI authentication and RFF authentication approach is easily affected by the performance of hardware equipment,threshold of decision,samples collection,external noise and so on.To address the above problems,the following solutions or improvements are proposed in this dissertation.(1)Firstly,an improved Triple Pool Convolutional Neural Network(TP-Net)and a TP-Net based physical-layer authentication(TP-CNN-PHA)method are put forward,aiming to solve the problem that the authentication accuracy of traditional physical layer CSI authentication scheme based on threshold is not high because it is difficult to obtain an accurate threshold value.Due to the specifical design of TP-Net,TP-CNN-PHA has higher authentication accuracy and lower computational complexity than the CSI authentication method based on traditional convolutional neural network(CNN).Besides,a novel physical-layer channel authentication method,called transfer learning based multiuser PHY-layer authentication(TL-PHA),is also presented for resource constrained and latency sensitive edge computing application scenarios.The experimental results show that TL-PHA approach helps to improve the CSI authentication accuracy as well as to reduce the computational complexity of CSI authentication.In addition,the experiment of simulating edge computing scenario is conducted to verify the proposed TP-CNN-PHA and TL-PHA via USRP testbed.(2)Secondly,owing to the problem that the accuracy of PHY-layer CSI authentication based on ML is affected by insufficient training data samples,data augmentation based physical-layer CSI authentication scheme is raised,as well as three effective data augmentation algorithms,being stochastic weight data augmentation(SWDA),block swap data augmentation(BSDA)and finite recombination data augmentation(FRDA),respectively.To assess the performance of the proposed data augmentation methods,extensive simulation is conducted.The experimental results indicate that the proposed methods accelerate the convergence speed and improve the CSI authentication accuracy rate.(3)Then,a clustering based physical layer channel authentication scheme(CPAS)is advanced for dealing with the scenario where it is impossible to determine whether the initial reference CSI fingerprint is legitimate in physical layer CSI authentication and the high overhead of traditional password-authentication scheme.CPAS is a novel cross-layer secure authentication approach for edge computing system with asymmetric resources.The CPAS scheme combines clustering and upper layer cipher with physical-layer channel state information to provide two-way authentication between terminals and edge server devices.It solves the authentication problem of initial reference CSI fingerprint and reduces the computational complexity of data authentication as a whole.The experimental results demonstrate that CPAS significantly decreases the authentication latency in contrast with the traditional password-authentication scheme.Meanwhile,compared with other CSI authentication schemes,CPAS not only enhances the authentication success rate and the detection rate of illegal attacks,but also reduces the data frame loss rate.(4)Finally,the security authentication based on RFF characteristic is studied.In view of the high complexity of traditional RFF authentication,an algorithm of Pearson correlation coefficient based lightweight RFF identification(PCC-RFF)is presented.In order to simultaneously detect malicious node attacks such as clone and Sybil,a malicious node detection method based on RFF is further put forward on the PCC-RFF.The experimental results imply that the proposed method decreases the computational complexity,and also has good detection performance against clone and Sybil attacks.In addition,a scheme of radio frequency fingerprint based lightweight cross-layer one-time password authentication(RFF-OTP)is also come up with the resource-constrained edge computing application scenarios.RFF-OTP is a novel cross-layer secure authentication scheme and can provide mutual authentication between a mobile intelligent terminal and server,by combining RFF recognition algorithm with Hash encryption algorithm.Through theoretical analysis and Syverson and van Oorschot(SVO)logic verification,it is proved that the presented RFF-OTP scheme is flexible and secure while it also can withstand clone attack,replay attack and other common attacks.Besides,compared with the traditional one-time password authentication scheme,RFF-OTP lessens the overhead of terminal.