LocKey: Location-Based Key Extraction from the WiFi Environment in the User′s Vicinity

Philipp Jakubeit; Andreas Peter; Maarten van Steen

doi:10.1007/978-981-99-7032-2_24

LocKey: Location-Based Key Extraction from the WiFi Environment in the User′s Vicinity

Philipp Jakubeit^*, Andreas Peter, Maarten van Steen

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

15 Downloads (Pure)

Abstract

We investigate extracting persistent information from semi-volatile signals in the user’s vicinity to extend existing authentication factors. We use WiFi as a representative of semi-volatile signals, as WiFi signals and WiFi receiver hardware are ubiquitous. WiFi hardware is mostly bound to a physical location and WiFi signals are semi-volatile by nature. By comparing different locations, we confirm our expectation that location-specific information is present in the received WiFi signals. In this work, we study whether and how this information can be transformed to satisfy the following properties of a cryptographic key so that we can use it as an extension of an authentication factor: it must be uniformly random, contain sufficient entropy, and the information must be secret. We further discuss two primary use cases in the authentication domain: using extracted low-entropy information (48 bits) for password hardening and using extracted high-entropy information (128 bits and 256 bits) as a location-specific key. Using the WiFi-signal composition as an authentication component increases the usability, introduces the factor of ‘location’ to the authentication claims, and introduces another layer of defense against key or password extraction attacks. Next to these advantages, it has intrinsic limitations, such as the need for the receiver to be in proximity to the signal and the reliance on WiFi signals, which are outside the user’s control. Despite these challenges, using signals in the proximity of a user works in situations with a fallback routine in place while increasing usability and transparency. LocKey is capable to extract low-entropy information at all locations measured, and high-entropy from 68% locations for 128-bit keys (48% of the locations respectively for 256-bit keys). We further show that with an initial measurement time of at most five minutes, we can reconstruct the key in at least 75% of the cases in less than 15, 30, and 40 s depending on the desired key strength.

Original language	English
Title of host publication	Information Security Practice and Experience
Subtitle of host publication	18th International Conference, ISPEC 2023, Copenhagen, Denmark, August 24–25, 2023, Proceedings
Editors	Weizhi Meng, Zheng Yan, Vincenzo Piuri
Place of Publication	Singapore
Publisher	Springer
Pages	399-418
Number of pages	20
ISBN (Electronic)	978-981-99-7032-2
ISBN (Print)	978-981-99-7031-5
DOIs	https://doi.org/10.1007/978-981-99-7032-2_24
Publication status	Published - 2023
Event	18th International Conference on Information Security Practice and Experience, ISPEC 2023 - DTU Modecenter, Lyngby, Denmark Duration: 24 Aug 2023 → 25 Aug 2023 Conference number: 18

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	14341
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	18th International Conference on Information Security Practice and Experience, ISPEC 2023
Abbreviated title	ISPEC 2023
Country/Territory	Denmark
City	Lyngby
Period	24/08/23 → 25/08/23

Keywords

Fuzzy key extractions
Location-based Authentication
WiFi signals
2024 OA procedure

Access to Document

10.1007/978-981-99-7032-2_24

ArticleFinal published version, 986 KBLicence: Taverne

Cite this

Jakubeit, P., Peter, A., & van Steen, M. (2023). LocKey: Location-Based Key Extraction from the WiFi Environment in the User′s Vicinity. In W. Meng, Z. Yan, & V. Piuri (Eds.), Information Security Practice and Experience: 18th International Conference, ISPEC 2023, Copenhagen, Denmark, August 24–25, 2023, Proceedings (pp. 399-418). (Lecture Notes in Computer Science; Vol. 14341). Springer. https://doi.org/10.1007/978-981-99-7032-2_24

Jakubeit, Philipp ; Peter, Andreas ; van Steen, Maarten. / LocKey : Location-Based Key Extraction from the WiFi Environment in the User′s Vicinity. Information Security Practice and Experience: 18th International Conference, ISPEC 2023, Copenhagen, Denmark, August 24–25, 2023, Proceedings. editor / Weizhi Meng ; Zheng Yan ; Vincenzo Piuri. Singapore : Springer, 2023. pp. 399-418 (Lecture Notes in Computer Science).

@inproceedings{f6272f74685b4b7c8c496dc4e82ba273,

title = "LocKey: Location-Based Key Extraction from the WiFi Environment in the User′s Vicinity",

abstract = "We investigate extracting persistent information from semi-volatile signals in the user{\textquoteright}s vicinity to extend existing authentication factors. We use WiFi as a representative of semi-volatile signals, as WiFi signals and WiFi receiver hardware are ubiquitous. WiFi hardware is mostly bound to a physical location and WiFi signals are semi-volatile by nature. By comparing different locations, we confirm our expectation that location-specific information is present in the received WiFi signals. In this work, we study whether and how this information can be transformed to satisfy the following properties of a cryptographic key so that we can use it as an extension of an authentication factor: it must be uniformly random, contain sufficient entropy, and the information must be secret. We further discuss two primary use cases in the authentication domain: using extracted low-entropy information (48 bits) for password hardening and using extracted high-entropy information (128 bits and 256 bits) as a location-specific key. Using the WiFi-signal composition as an authentication component increases the usability, introduces the factor of {\textquoteleft}location{\textquoteright} to the authentication claims, and introduces another layer of defense against key or password extraction attacks. Next to these advantages, it has intrinsic limitations, such as the need for the receiver to be in proximity to the signal and the reliance on WiFi signals, which are outside the user{\textquoteright}s control. Despite these challenges, using signals in the proximity of a user works in situations with a fallback routine in place while increasing usability and transparency. LocKey is capable to extract low-entropy information at all locations measured, and high-entropy from 68% locations for 128-bit keys (48% of the locations respectively for 256-bit keys). We further show that with an initial measurement time of at most five minutes, we can reconstruct the key in at least 75% of the cases in less than 15, 30, and 40 s depending on the desired key strength.",

keywords = "Fuzzy key extractions, Location-based Authentication, WiFi signals, 2024 OA procedure",

author = "Philipp Jakubeit and Andreas Peter and {van Steen}, Maarten",

year = "2023",

doi = "10.1007/978-981-99-7032-2_24",

language = "English",

isbn = "978-981-99-7031-5",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "399--418",

editor = "Weizhi Meng and Zheng Yan and Vincenzo Piuri",

booktitle = "Information Security Practice and Experience",

address = "Germany",

note = "18th International Conference on Information Security Practice and Experience, ISPEC 2023, ISPEC 2023 ; Conference date: 24-08-2023 Through 25-08-2023",

}

Jakubeit, P, Peter, A & van Steen, M 2023, LocKey: Location-Based Key Extraction from the WiFi Environment in the User′s Vicinity. in W Meng, Z Yan & V Piuri (eds), Information Security Practice and Experience: 18th International Conference, ISPEC 2023, Copenhagen, Denmark, August 24–25, 2023, Proceedings. Lecture Notes in Computer Science, vol. 14341, Springer, Singapore, pp. 399-418, 18th International Conference on Information Security Practice and Experience, ISPEC 2023, Lyngby, Denmark, 24/08/23. https://doi.org/10.1007/978-981-99-7032-2_24

LocKey: Location-Based Key Extraction from the WiFi Environment in the User′s Vicinity. / Jakubeit, Philipp; Peter, Andreas ; van Steen, Maarten.
Information Security Practice and Experience: 18th International Conference, ISPEC 2023, Copenhagen, Denmark, August 24–25, 2023, Proceedings. ed. / Weizhi Meng; Zheng Yan; Vincenzo Piuri. Singapore: Springer, 2023. p. 399-418 (Lecture Notes in Computer Science; Vol. 14341).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - LocKey

T2 - 18th International Conference on Information Security Practice and Experience, ISPEC 2023

AU - Jakubeit, Philipp

AU - Peter, Andreas

AU - van Steen, Maarten

N1 - Conference code: 18

PY - 2023

Y1 - 2023

N2 - We investigate extracting persistent information from semi-volatile signals in the user’s vicinity to extend existing authentication factors. We use WiFi as a representative of semi-volatile signals, as WiFi signals and WiFi receiver hardware are ubiquitous. WiFi hardware is mostly bound to a physical location and WiFi signals are semi-volatile by nature. By comparing different locations, we confirm our expectation that location-specific information is present in the received WiFi signals. In this work, we study whether and how this information can be transformed to satisfy the following properties of a cryptographic key so that we can use it as an extension of an authentication factor: it must be uniformly random, contain sufficient entropy, and the information must be secret. We further discuss two primary use cases in the authentication domain: using extracted low-entropy information (48 bits) for password hardening and using extracted high-entropy information (128 bits and 256 bits) as a location-specific key. Using the WiFi-signal composition as an authentication component increases the usability, introduces the factor of ‘location’ to the authentication claims, and introduces another layer of defense against key or password extraction attacks. Next to these advantages, it has intrinsic limitations, such as the need for the receiver to be in proximity to the signal and the reliance on WiFi signals, which are outside the user’s control. Despite these challenges, using signals in the proximity of a user works in situations with a fallback routine in place while increasing usability and transparency. LocKey is capable to extract low-entropy information at all locations measured, and high-entropy from 68% locations for 128-bit keys (48% of the locations respectively for 256-bit keys). We further show that with an initial measurement time of at most five minutes, we can reconstruct the key in at least 75% of the cases in less than 15, 30, and 40 s depending on the desired key strength.

AB - We investigate extracting persistent information from semi-volatile signals in the user’s vicinity to extend existing authentication factors. We use WiFi as a representative of semi-volatile signals, as WiFi signals and WiFi receiver hardware are ubiquitous. WiFi hardware is mostly bound to a physical location and WiFi signals are semi-volatile by nature. By comparing different locations, we confirm our expectation that location-specific information is present in the received WiFi signals. In this work, we study whether and how this information can be transformed to satisfy the following properties of a cryptographic key so that we can use it as an extension of an authentication factor: it must be uniformly random, contain sufficient entropy, and the information must be secret. We further discuss two primary use cases in the authentication domain: using extracted low-entropy information (48 bits) for password hardening and using extracted high-entropy information (128 bits and 256 bits) as a location-specific key. Using the WiFi-signal composition as an authentication component increases the usability, introduces the factor of ‘location’ to the authentication claims, and introduces another layer of defense against key or password extraction attacks. Next to these advantages, it has intrinsic limitations, such as the need for the receiver to be in proximity to the signal and the reliance on WiFi signals, which are outside the user’s control. Despite these challenges, using signals in the proximity of a user works in situations with a fallback routine in place while increasing usability and transparency. LocKey is capable to extract low-entropy information at all locations measured, and high-entropy from 68% locations for 128-bit keys (48% of the locations respectively for 256-bit keys). We further show that with an initial measurement time of at most five minutes, we can reconstruct the key in at least 75% of the cases in less than 15, 30, and 40 s depending on the desired key strength.

KW - Fuzzy key extractions

KW - Location-based Authentication

KW - WiFi signals

KW - 2024 OA procedure

U2 - 10.1007/978-981-99-7032-2_24

DO - 10.1007/978-981-99-7032-2_24

M3 - Conference contribution

SN - 978-981-99-7031-5

T3 - Lecture Notes in Computer Science

SP - 399

EP - 418

BT - Information Security Practice and Experience

A2 - Meng, Weizhi

A2 - Yan, Zheng

A2 - Piuri, Vincenzo

PB - Springer

CY - Singapore

Y2 - 24 August 2023 through 25 August 2023

ER -

Jakubeit P, Peter A , van Steen M. LocKey: Location-Based Key Extraction from the WiFi Environment in the User′s Vicinity. In Meng W, Yan Z, Piuri V, editors, Information Security Practice and Experience: 18th International Conference, ISPEC 2023, Copenhagen, Denmark, August 24–25, 2023, Proceedings. Singapore: Springer. 2023. p. 399-418. (Lecture Notes in Computer Science). Epub 2023 Nov 8. doi: 10.1007/978-981-99-7032-2_24

LocKey: Location-Based Key Extraction from the WiFi Environment in the User′s Vicinity

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this