Abstract
Validating claimed characteristics (authentication) plays a vital role in digital communication. As most digital communication is remote, communicating entities cannot be assured of the opponent’s identity a priori. Further, not only humans, but programs need to validate each others’ claims. From classical authentication factors: knowledge, possession, inherence, and location, we focus on location combined with possession and inherence aspects. We start by the observation that location is not required to be ‘localizing’. Localization is a prerequisite only in systems that seek to contextualize a location. In contrast, localization has a privacy cost (e.g., tracking). Hence, the key question becomes, ‘Has the entity logged in from this location before?’. We investigate how to describe a location by non-localizing information in terms of WiFi signals and their compositions.
We focused on two main concepts:
• Fingerprinting a location in terms of WiFi signals.
• Deriving a location specific key from WiFi signals.
Fingerprinting a location allows for strengthening the characteristics an entity can claim by extending the set of options with non-localizing location claims. Deriving a location-specific key provides a method of extracting a volatile key from WiFi measurements. We evaluate the proposed methods across various locations and for various durations. Our experiments and evaluations confirm the feasibility and effectiveness of extracting randomness from WiFi signals for the security applications of authentication and key derivation.
We focused on two main concepts:
• Fingerprinting a location in terms of WiFi signals.
• Deriving a location specific key from WiFi signals.
Fingerprinting a location allows for strengthening the characteristics an entity can claim by extending the set of options with non-localizing location claims. Deriving a location-specific key provides a method of extracting a volatile key from WiFi measurements. We evaluate the proposed methods across various locations and for various durations. Our experiments and evaluations confirm the feasibility and effectiveness of extracting randomness from WiFi signals for the security applications of authentication and key derivation.
Original language | English |
---|---|
Qualification | Doctor of Philosophy |
Awarding Institution |
|
Supervisors/Advisors |
|
Award date | 27 Nov 2024 |
Place of Publication | Enschede |
Publisher | |
Print ISBNs | 978-90-365-6242-3 |
Electronic ISBNs | 978-90-365-6243-0 |
DOIs | |
Publication status | Published - Nov 2024 |