LocKey: Location-Based Key Extraction from the WiFi Environment in the User′s Vicinity

Philipp Jakubeit*, Andreas Peter, Maarten van Steen

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

1 Downloads (Pure)

Abstract

We investigate extracting persistent information from semi-volatile signals in the user’s vicinity to extend existing authentication factors. We use WiFi as a representative of semi-volatile signals, as WiFi signals and WiFi receiver hardware are ubiquitous. WiFi hardware is mostly bound to a physical location and WiFi signals are semi-volatile by nature. By comparing different locations, we confirm our expectation that location-specific information is present in the received WiFi signals. In this work, we study whether and how this information can be transformed to satisfy the following properties of a cryptographic key so that we can use it as an extension of an authentication factor: it must be uniformly random, contain sufficient entropy, and the information must be secret. We further discuss two primary use cases in the authentication domain: using extracted low-entropy information (48 bits) for password hardening and using extracted high-entropy information (128 bits and 256 bits) as a location-specific key. Using the WiFi-signal composition as an authentication component increases the usability, introduces the factor of ‘location’ to the authentication claims, and introduces another layer of defense against key or password extraction attacks. Next to these advantages, it has intrinsic limitations, such as the need for the receiver to be in proximity to the signal and the reliance on WiFi signals, which are outside the user’s control. Despite these challenges, using signals in the proximity of a user works in situations with a fallback routine in place while increasing usability and transparency. LocKey is capable to extract low-entropy information at all locations measured, and high-entropy from 68% locations for 128-bit keys (48% of the locations respectively for 256-bit keys). We further show that with an initial measurement time of at most five minutes, we can reconstruct the key in at least 75% of the cases in less than 15, 30, and 40 s depending on the desired key strength.
Original languageEnglish
Title of host publicationInformation Security Practice and Experience
Subtitle of host publication18th International Conference, ISPEC 2023, Copenhagen, Denmark, August 24–25, 2023, Proceedings
EditorsWeizhi Meng, Zheng Yan, Vincenzo Piuri
Place of PublicationSingapore
PublisherSpringer
Pages399-418
Number of pages20
ISBN (Electronic)978-981-99-7032-2
ISBN (Print)978-981-99-7031-5
DOIs
Publication statusPublished - 2023
Event18th International Conference on Information Security Practice and Experience, ISPEC 2023 - DTU Modecenter, Lyngby, Denmark
Duration: 24 Aug 202325 Aug 2023
Conference number: 18

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume14341
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference18th International Conference on Information Security Practice and Experience, ISPEC 2023
Abbreviated titleISPEC 2023
Country/TerritoryDenmark
CityLyngby
Period24/08/2325/08/23

Keywords

  • Fuzzy key extractions
  • Location-based Authentication
  • WiFi signals
  • 2024 OA procedure

Fingerprint

Dive into the research topics of 'LocKey: Location-Based Key Extraction from the WiFi Environment in the User′s Vicinity'. Together they form a unique fingerprint.

Cite this