Search

EP-4349052-B1 - DEVICE AUTHENTICATION IN BACKSCATTER COMMUNICATION SYSTEM

EP4349052B1EP 4349052 B1EP4349052 B1EP 4349052B1EP-4349052-B1

Inventors

  • WANG, PU
  • YAN, ZHENG

Dates

Publication Date
20260513
Application Date
20210528

Claims (15)

  1. A method implemented by a network node, comprising: transmitting (201) a radio frequency signal to a terminal device; receiving (203), in response to the radio frequency signal, a backscattered signal from the terminal device, wherein the backscattered signal comprises identification information of the terminal device; measuring (205) a received signal strength, RSS, value of the backscattered signal; and authenticating (207) the terminal device based on the identification information of the terminal device and the RSS value of the backscattered signal, authenticating the terminal device based on the identification information of the terminal device and the RSS value of the backscattered signal comprises: obtaining (307) the identification information of the terminal device from the backscattered signal; characterized in comparing (309) the obtained identification information of the terminal device with registered identification information of the terminal device in the network node; authenticating, in response to the obtained identification information of the terminal device not matching the registered identification information of the terminal device, the terminal device as an illegal device, authenticating the terminal device based on the identification information of the terminal device and the RSS value of the backscattered signal further comprises: estimating (311), in response to the obtained identification information of the terminal device matching the registered identification information of the terminal device, a current location of the terminal device based on the RSS value and an angle of arrival, AOA, value of the backscattered signal; comparing (313, 315) the current location of the terminal device with predetermined location information of the terminal device; authenticating, in response to the current location of the terminal device not matching the predetermined location information of the terminal device, the terminal device as an illegal device; and authenticating, in response to the current location of the terminal device matching the predetermined location information of the terminal device, the terminal device as a legitimate device.
  2. The method according to claim 1, wherein the terminal device is a static device, and the predetermined location information is a registered location of the terminal device in the network node.
  3. The method according to claim 1, wherein the terminal device is a mobile device, and the predetermined location information is a predicted location of the terminal device predicted by the network node.
  4. The method according to any one of claims 1 to 3, further comprising: recording (401) the RSS value of the backscattered signal.
  5. The method according to claim 4, wherein authenticating the terminal device based on the identification information of the terminal device and the RSS value of the backscattered signal further comprises: obtaining a set of power differences based on RSS values of backscattered signals recorded over a period of time and transmission powers of corresponding radio frequency signals; clustering the set of power differences into two clusters; calculating a distance between the two clusters; and authenticating, in response to the distance being less than a first threshold, the terminal device as a legitimate device; and/or authenticating, in response to the distance being not less than the first threshold, the terminal device as an illegal device.
  6. The method according to any one of claims 1 to 5, wherein the radio frequency signal is transmitted with a transmission power randomly selected from a range of transmission powers associated with the terminal device.
  7. The method according to any one of claims 4 to 6, further comprising: obtaining an RSS set based on recorded RSS values of backscattered signals and transmission powers of corresponding radio frequency signals; and transmitting, in response to a request from the terminal device, the RSS set to the terminal device.
  8. The method according to any one of claims 1 to 7, further comprising: predicting, with a trajectory prediction module, a target network node into whose coverage the terminal device will move; and sending location prediction related information, the RSS value of the backscattered signal and the estimated location of the terminal device to the target network node.
  9. An apparatus, comprising: at least one processor (901); and at least one memory (902) including computer executable instructions (903); the at least one memory (902) and the computer executable instructions (903) configured to, when executed by the at least one processor (901), cause the apparatus to perform the method according to any of claims 1-8.
  10. A method implemented by a terminal device, comprising: receiving (601), from a network node, a radio frequency signal; transmitting (603), in response to the radio frequency signal, a backscattered signal to the network node, wherein the backscattered signal comprises identification information of the terminal device; characterized in measuring and recording (605) a received signal strength, RSS, value of the radio frequency signal; transmitting (607) a request to the network node for a RSS set obtained based on a plurality of RSS values of backscattered signals measured over a period of time and transmission powers of corresponding radio frequency signals; receiving (609) the RSS set from the network node; and authenticating (611) the network node based on recorded RSS values of the radio frequency signals over the same period of time and the RSS set.
  11. The method according to claim 10, wherein authenticating the network node based on recorded RSS values of the radio frequency signals over the same period of time and the RSS set comprises: calculating a similarity between the plurality of RSS values of the backscattered signals and the recorded RSS values of the radio frequency signals over the same period of time; authenticating, in response to the similarity being more than a threshold, the network node as a legitimate device; and/or authenticating, in response to the similarity being not more than the threshold, the network node as an illegal device.
  12. The method according to claim 10, wherein authenticating the network node based on the recorded RSS values of the radio frequency signals over the same period of time and the RSS set further comprises: comparing an amount of the plurality of RSS values of the backscattered signals with an amount of recorded RSS values of the radio frequency signals corresponding to the backscattered signals over the same period of time; and authenticating, in response to the amount of the plurality of RSS values of the backscattered signals being not equal to the amount of the recorded RSS values, the network node as an illegal device; and/or in response to the amount of the plurality of RSS values of the backscattered signals being equal to the amount of the recorded RSS values, calculating a similarity between the plurality of RSS values of the backscattered signals and the recorded RSS values; authenticating, in response to the similarity being more than a threshold, the network node as a legitimate device; and/or authenticating, in response to the similarity being not more than the threshold, the network node as an illegal device.
  13. The method according to claim 10 or 11, further comprising: transmitting, in response to a request from the network node, the recorded RSS values of the radio frequency signals to the network node.
  14. An apparatus, comprising: at least one processor (901); and at least one memory (902) including computer executable instructions (903); the at least one memory (902) and the computer executable instructions (903) configured to, when executed by the at least one processor (901), cause the apparatus to perform the method according to any of claims 10-13.
  15. A computer readable storage medium storing thereon computer executable instructions which, when executed by a computer, cause the computer to perform the method according to any of claims 1-8 and 10-13.

Description

TECHNICAL FIELD The present disclosure generally relates to wireless communication systems, and more specifically to methods and apparatuses for physical layer enhanced authentication and attacker tracing based on positioning with backscattered signals. BACKGROUND With the development of various wireless communication related technologies and the wide use of wireless devices, security and privacy have become critical issues. As an example, with the advance of low-power and miniature electronics, increasing Internet of Thing (IoT) devices have been applied in a wide range of application areas, such as civil infrastructure, wearable devices, and industrial or agriculture monitoring. This trend is unstoppable as we continue to automate processes in every aspect of our daily life. As most of the IoT devices are designed as small, they are expected to be powered by small on-device power supply, like various types and sizes of batteries. However, for large scale IoT deployments, the battery technology suffers from a number of major limitations, which poses a key design challenge for powering energy-constrained IoT devices. Because batteries store finite amounts of energy, they either need to be recharged or replaced, which is not only inconvenient and costly, but also not possible in certain applications. Thus, it is highly desirable to power IoT devices through energy harvest from ambient wireless signals, and to reduce the energy consumption of their wireless communication. Except for low-power and green communication technologies, security and privacy, especially device authentication in IoT systems is a critical issue needed to be addressed for secure communications among IoT devices. Backscatter communication (BC), remarkable for its low production cost and low energy consumption, is an emerging radio technology for providing sustainable IoT systems. Radio frequency identification (RFID) is one category of BC systems and has been applied in a wide range of scenarios. In such systems, a reader issues radio frequency (RF) signals, which allows IoT devices to transmit data by backscattering and modulating the incident RF signals. At the same time, backscatter devices (BDs) can harvest energy from the RF signals to power their circuits. Compared to traditional radio architecture with power-hungry RF chains, BDs have no active RF components. As a result, it can be made to have miniature hardware with extremely low power consumption which facilitates large-scale deployment at flexible locations or in-body implantation. However, it is challenging for backscatter devices to employ complex cryptographic algorithms for secure communications and identity authentication, since they only possess finite energy supply and low computing capability. Without sufficient security methods, BC systems will face various security issues and vulnerabilities. Among these issues, device authentication is one of the most primary problems. It aims to validate whether a device is indeed a legitimate one that has been registered in the system. It is a crucial task in many BC or RFID applications such as access control to an area, electronic payment, and temper-evident packaging. But the limited computing capability of the BDs restricts the implementation and deployment of cryptographic authentication algorithms. In fact, commodity off-the-shelf (COTS) passive RFID tags do not support strong cryptographic operation and current UHF tags which even have no cryptographic capabilities. In addition, since BDs (i.e., RFID tags) are simple and cheap, their memory may not be securely protected, which is easy for adversaries to crack and intercept any stored identity information. For example, identity-based attacks (IBA) are one of the most severe threats to the BC systems, and they are easy to launch. Due to lack of appropriate security solutions, an IBA attacker can sniff the traffic in the BC systems and get to know the real identities and media access control (MAC) addresses of the legitimate BDs, and masquerade as a legitimate BD by modifying its own identities and MAC address. Furthermore, as the scale of BD deployment increases, it becomes hard to achieve a reliable and effective key distribution, management and maintenance mechanism in BC systems for BD identification and authentication. On the other hand, there are several approaches by utilizing physical layer properties associated with wireless transmission to combat the identity impersonation attack. These physical layer authentication techniques aim at identifying a device by extracting the features of RF signals of the device hardware as fingerprints without inducing high energy and computation consumption at BDs. However, existing physical layer authentication techniques still have serious weaknesses and face a number of technical challenges for eventually deploying in BC systems. Since RFID is the only mature and widely used BC applications, existing security solutions for BC system