CN106961434A - One kind carries out fingerprint modeling for wireless device and knows method for distinguishing - Google Patents

Abstract

It is that wireless device carries out fingerprint modeling and knows method for distinguishing that the present invention, which is disclosed a kind of, and CSI phase value is decomposed first；Then CFO continuous items are estimated from the phase value that CSI is decomposited includes：Remove the influence in the CSI measurements that FDD and SFO is caused；Remove the influence that ToF is caused；CFO value is obtained in the CFO noise images obtained from previous step, includes the high-density region of selected digital image, high-density region obtained in the previous step is switched into a binary picture；The communicating portion of image is obtained, and the set of the composition of the point of communicating portion obtained above is handled using least square method, the slope for the set put；Finally by the use of CFO estimates as the fingerprint characteristic of equipment, Wi-Fi hotspot and wireless device to interconnection carry out bidirectional recognition.The present invention accurately promptly can estimate out CFO from CSI, and not need extra equipment, it is difficult to be copied.

Description

One kind carries out fingerprint modeling for wireless device and knows method for distinguishing

Technical field

Fingerprint modeling is carried out for wireless device the present invention relates to one kind and know method for distinguishing, belong to network security technology neck Domain.

Background technology

WIFI has attracted various attacks due to its popularity.In these attacks, the network insertion of personation Point (rouge APs) and loiter network (WiFi Freeloading) are most commonly seen and also bring great danger to safety and privacy Evil.

Rouge Aps mean that at a public place attacker imitates legal Network Access Point (access Points) it is provided with a network equipment.It is usually used and original AP identicals BSSID and SSID.Once user's quilt It has been deceived in connection, then attacker just can steal all network communications of user by initiating man-in-the-middle attack.According to estimates The problem of company for probably having 20% is faced with such.

WiFi Freeloading refer to that the user of a with no authorized has bypassed APs authentication mechanism and then free entered Private WLAN is entered.Certain uninvited guest once enters network internal, and he is possible to the more than network bandwidth stolen .

It is to set up powerful to be mutually authenticated mechanism between clients and Aps to defend these important ways attacked. In fact, 802.1li RSNA (Robust Security Network Association) use traditional cryptography really Method provide it is alternative be mutually authenticated mechanism (such as digital certificate), if using proper, can to attack few hair It is raw.

According to Jana et al, one is still suffered from due to some practical problems using 802.1li RSNA wireless network A little defects.Such as, because at present in application scenarios, signal intensity selects AP foundation as unique clients, user may Fooled and connected a false AP without any defensive measure, only because its signal intensity is better than other AP. Due to digital certificate management and the burden of distribution, many networks are only that selection provides user authentication (user Authentication) without access point authentication (AP authentication), as a result have led to, attacker is easy to Dispose false access point.

For freeloading attacks, for most users, certification is all based on the password of oneself selection, And these passwords are generally all very fragile, especially user may have been used same password, and that password is easy to be stolen Openly.(such as WPA2-PSK).

For these reasons, recent researches person is based on device-fingerprint (device fingerprinting) and provides one A little solutions for being not based on cryptography (non-cryptographic).These measures are not intended to substitute the side of cryptography Method, but an extra safe floor is aimed to provide, the difficulty faced when taking traditional cryptography method to tackle.

One case scene is：As a user and his coffee-house for often going is entered, without fingerprint technique, he It is easy for being fooled connecting and has gone up one and real identical BSSID and SSID false AP.If but having fingerprint Technology, user can be obtained by warning, and he is possible to connect the AP of a personation.

But in actual life, also without such application.This is in order at some important practical problems.First, this method Special hardware is needed, this just hinders application.Such as, Brik et al propose to set to recognize using radio frequency feature It is standby.But he needs some extra equipment to capture, radio signal is analyzed.Second, hardware characteristics be can with cheated, Therefore security cannot be guaranteed.Kohno et al propose rogue AP detection mechanism, and he is to use to pass through TCP/ The clock screw of ICMP timestamps measurement are used as the fingerprint of equipment, and Jana and Kasera once showed the TCP/ICMP times Stamp is easy to be spoofed.Alternatively, they measure the time synchronized versus time stamp in beacon/detection respective frame, this quilt Hardware tab therefore some be difficult to be spoofed.However, evidence show the equipment being still possibly through modification falseness AP Drive to cheat such timestamp information.

Relevant knowledge：

CSI：Channel status information is described during many signals from launch party to recipient are propagated and such as scattered, and is decayed, The immixture that power attenuation is caused.IEEE802.11 standards are defined in a sending-receiving antenna (Tx-Rx antenna Pair) Alignment measuring CSI mechanism.

CSI constantly captures the signal intensity and phase information of each OFDM carrier.

X- received signal vectors

Y- transmitting signals vector

H- channel matrixes

N- noise vectors

Y=H*X+N

Wherein, H is a complicated vector, be called channel frequency response (Channel Frequency Response, CFR), it have impact on the signal gain between Tx-Rx pairs.These information can be used to realize the reliable communication for doing data rate.And CSI Exactly refer to that CFR samples in different sub-carrier.

On bandwidth 20Mhz 2.4Ghz frequency band, CSI measurements are made up of 30 plural numbers, each correspond to one Selected subcarrier.

Allow N_txAnd N_rxThe number for sending and receiving antenna is represented, that just has 30* for 802.11 frames of a receiving N_rx*N_txIndividual CSI flow.

It can be expressed as the CSI flow of k-th of subcarrier between i-th of transmission antenna and j-th of reception antennaWherein | H | expression subcarrier k amplitude, and φ_k,i,jRepresent subcarrier k phase part.

CFO：CFO is carrier frequency shift.For ofdm system, in ideal, carrier frequency f should be in Tx-Rx pairs It is identical.But it is due to hardware deficiency, there is a skew generally in Tx-Rx oscillators, this has resulted in CFO.Because One huge CFO may cause a huge noise in receiving terminal, and CFO can be by hardware compensating.But it is due to that hardware lacks Fall into, after the compensation, still there can be CFO residual volume Δ f_c。

Such CFO can cause a phase offset receiving signalWhereinΔf_cRepresent compensation CFO afterwards.For business WIFI equipment, remaining CFO is inevitable.According to IEEE 802.11n standards, remaining CFO can be with Reach 100kHZ.For convenience, CFO herein generally refers to remaining CFO.

The content of the invention

Goal of the invention：The present invention proposes a problem of new wireless device fingerprint method is to avoid above-mentioned, and It can be used to guard against rouge APs and WIFI freeloading.By the carrier frequency shift for estimating an equipment (Carrier Frequency Offset, CFO) sets up fingerprint to an equipment.CFO generation be because oscillator drift, All it is consistent for a long time, but in different equipment rooms can but produces sizable difference, more very, such oscillator drift Shifting is due to what crystal defect was caused, it is impossible to imitated by any software.Therefore, it may be used as device-fingerprint.

Topmost challenge is that either on cell phone apparatus or on APs, all no software can be from bottom hardware Middle assessment CFO.State-of-the-art method is analyzed using extra signal analysis equipment (such as vector signal analysis and USRP) Original signal, this greatly hinders it and is applied in actual life.

Unlike, the present invention propose it is indirect from channel status information (Channel State Information, CSI CFO) is excavated, and CSI is to be easy to obtain by the software on ready-made wireless device.

This method is produced to tackle increasingly savage Rouge AP and WIFI Freeloading attacks, Rouge AP can realize that because the AP of falseness can be forged and real AP identicals BSSID, on the other hand on the one hand be is It is then that, because our mobile device can not distinguish difference between the two, AP can only be selected by signal intensity.And WIFI Freeloading attack can Producing reason be then because, existing authentication mode is not perfect enough, in many cases, Simply enter correct password or be revised as the MAC Address of legitimate device, then AP is just capable of the connection of accepting device, and Password or MAC Address are easy to obtain by various modes.

Therefore, based on it is above-mentioned the problem of, the present invention gives each AP, and each equipment sets up a fingerprint, and so, AP can To decide whether that same device is connected according to fingerprint, equipment can also select correct AP to connect by fingerprint.

An item related to CFO is selected as fingerprint, is because CFO generation is because carrier wave shakes in WIFI network interface cards Swing what device skew was produced, and CFO will not change because of the change of when and where, only can because of equipment it is different without Together, also, it cannot be constructed, because it is the related characteristic of a pure hardware.Also, in theory, selection CFO is related Item is more more effective than just selection CFO.

Technical scheme：One kind carries out fingerprint modeling for wireless device and knows method for distinguishing, comprises the following steps：

1. decompose CSI phase value；

2. CFO estimate is estimated from the phase value that CSI is decomposited：

A) influence in the CSI measurements that FDD and SFO is caused is removed；

B) influence that ToF is caused is removed；

3. CFO value is obtained in the CFO noise images obtained from previous step；

A) high-density region of selected digital image；

B) high-density region obtained in the previous step is switched into a binary picture；

C) communicating portion of image is obtained；

D) set of the composition of the point of communicating portion obtained above is handled using least square method, put The slope of set；

4. by the use of CFO estimates as the fingerprint characteristic of equipment, Wi-Fi hotspot and wireless device to interconnection carry out two-way Identification.

A) fingerprint collecting is carried out to legal Wi-Fi hotspot, sets up white list

B) whenever Wi-Fi hotspot access is carried out, the CFO estimations for the Wi-Fi hotspot that method collection is currently accessed are told before utilization Value, this estimate is contrasted with the wifi hotspot fingerprint characteristic in the white list being collected, if similarity is less than a certain Threshold value, that is, be determined as illegal Wi-Fi hotspot.

C) white list is set up to the wireless device for needing to access in advance in Wi-Fi hotspot, by the finger for comparing access device Line feature, can enable Wi-Fi hotspot to carry out reversal of identification to the wireless device of access.

Decompose the phase value of CSI values

Assuming that fingerprint equipment have received n frames from target device, for each frame, it is all obtained from trawl performance CSI measurement.When letting us consider that moment t, the CSI of the frame between a pair of Tx-Rx.For k-th of subcarrier, CSI measurement Contain a phase field φ_t,k, phase field φ_t,kThe phase for having measured frame on subcarrier between sender and recipient is inclined Move.

φ_t,k=k (2 π α ζ_d+2πβζ_s)+ψ_t,k+2πΔf_ct (2)

Wherein, 2 π Δs f_cPhase offset caused by t exactly CFO, Δ f_cCFO items as to be estimated.

CFO is estimated from the phase value that CSI is decomposited

Define first and calculate a new phase variantFor each time t frame, its Middle φ_t,1And φ_t,-1The phase value for being designated as 1 and -1 subcarrier is represent down respectively, then, for every a pair neighbouring frames, meter Calculate their phase differenceWith TDoA arrival time Δ t microseconds.Afterwards, draw allPoint, these point come from The striped of series of periodic, estimates the gradient of these stripeds, and most at last it as CFO value.

Remove FDD and SFO：FDD and SFO can cause a time delay in CSI measurements, and these time delays can be made Into the phase offset with subcarrier subscript linear correlation.According to (2) formula, if k will be met₁+k₂=0WithIt is added Come, can remove due to phase offset caused by FDD and SFO.

For time point t,It can state as follows：

Remove ToF：Recipient and the sender remains stationary during frame is collected first are required, them are thus secured Relative distance, phase difference

The value that CFO is obtained from stripe pattern includes two steps：Strip extraction and slop estimation.

The extraction of data characteristics

In order to estimate slope, the set for the point for constituting each striped must be obtained first.The step of extracting striped is divided into three steps.

(1) high-density region is chosen

High density area is recognized using sliding window algorithm.In each stationary window, the number of all points is calculated, so The place of another length of window is moved to afterwards.Finally, the window of the point of selection highest number is used as high density area.

(2) high-density region is switched into binary picture

High density area obtained in the previous step is processed as a binary picture, normal point and abnormity point is thus make use of Between greatest differences eliminate abnormity point.First by this high-density region rasterizing, series of identical small square is divided into Shape, each rectangle one pixel of correspondence in newly-generated binary picture.Then, for each rectangle, calculate wherein Point number.Total number such as fruit dot has exceeded predefined threshold value, then the pixel corresponding to binary picture after conversion 1 is set to, 0 is otherwise set to.After so doing, many outliers will be removed.Still have and make an uproar greatly for those very much The image of sound point, is further processed using many existing mechanism such as ALM based on PCA.

(3) communicating portion is obtained

K most long connected components are identified in binary picture, then estimation k are converted into from the slope of estimation striped The slope of individual most long connected component.Certainly, in fact, being likely to be obtained some error sections for not corresponding to any striped.So It is accomplished by being handled using following mechanism.

The estimation of striped

After the step of have passed through strip extraction, the set of the point for each long connected component has been obtained.If even Logical point set is S.The slope k of twill_cIt can be obtained by least square method,

Wherein,It is slope k_cEstimate, x, y are the corresponding coordinate position of each point, and ρ is wanted for least square method The coefficient of optimization, β is a constant.Therefore, for each connected component, all it is calculated using least square method method Slope k.But, the slope calculated may change, because connected component may be not a complete striped；To understand Certainly this problem, we are clustered the slope to striped, and CFO is used as with the average of the most class of number in cluster result Final estimate.Reason for this is that based on the fact one simple, that is, correct CFO estimates would generally connect very much Closely, and mistake CFO estimates be often different.

The bidirectional recognition of Wi-Fi hotspot and wireless device

We, as the fingerprint characteristic of wireless device, it will be used for by the CFO estimates obtained by foregoing method The bidirectional recognition of Wi-Fi hotspot and wireless device：

A) method that we can be by gathering in advance, carries out fingerprint collecting, or allow legal to legal Wi-Fi hotspot The holder of Wi-Fi hotspot announces the fingerprint characteristic value of legal focus to set up the white list of device-fingerprint.

B) whenever Wi-Fi hotspot access is carried out, the CFO estimations for the Wi-Fi hotspot that method collection is currently accessed are told before utilization Value, this estimate is contrasted with the wifi hotspot fingerprint characteristic in the white list being collected, if similarity is less than a certain Threshold value, that is, be determined as false Wi-Fi hotspot.

C) same method can be used for making the function of the wireless device of Wi-Fi hotspot identification access, so that with limitation The function that particular wireless device could be accessed.

Beneficial effect：Compared with prior art, the side proposed by the present invention that fingerprint modeling and identification are carried out for wireless device Method has the following advantages that：

1. proposing first wireless device fingerprint modeling mechanism based on CFO without additional hardware equipment, and it is Easily apply in existing equipment, such as notebook computer or smart mobile phone.Experiment can prove that such fingerprint is strictly It will not be changed because of when and where.

2. proposing a novel mode to come accurate and promptly estimate out CFO from CSI, and do not need additionally Equipment, and be difficult to be copied.

3. a prototype is realized to witness the performance of our mechanism.As a result show, the present invention can obtain one very high Accuracy, and be can be used in actual life in as rouge AP detections method.

Brief description of the drawings

Fig. 1 is identical equipment under different time placesThe slope and CFO of graph of a relation, wherein striped are close Correlation, (a) place l₁, time t₁, (b) place l₁, time t₂, (a) place l₂, time t₁；

Fig. 2 is different equipment under identical environmentGraph of a relation, (a) equipment 1, (b) equipment 2, (c) equipment 3；

Fig. 3 is that the design sketch after FDD and SFO, the bar that (a) is extracted from subcarrier -28 are removed using the inventive method Print image, (b) uses the phase value newly definedStripe pattern；

Fig. 4 is that, based on the design sketch that adjacent phase pair is selected after Phase Processing, (a) uses all adjacent phases pair Bar graph, (b) use the bar graph based on the phase pair after processing；

Fig. 5 is the not CFO of two AP (NETGEAR R7000 and TP-LINK WDR4300) in the same time in one day Value, wherein the value each inserted is to representing maximum and minimum value in 15 measured values；

Fig. 6 is the CFO collected from millet Note mobile phones in a middle of the month value；

Fig. 7 is laboratory arrangement schematic diagram, and wherein triangle represents touchdown point；

Fig. 8 is the measured value in the different AP in the different location in a laboratory.

Embodiment

With reference to specific embodiment, the present invention is furture elucidated, it should be understood that these embodiments are merely to illustrate the present invention Rather than limitation the scope of the present invention, after the present invention has been read, various equivalences of the those skilled in the art to the present invention The modification of form falls within the application appended claims limited range.

The present invention is absorbed in the chief threat in current following two WLAN：

Rouge AP (camouflage focus)：One attacker in public set up one and do not have by such as airport or coffee-house The AP of mandate makes up into the AP of mandate.Assuming that attacker SSID and BSSID domains that can change each frame powerful enough make Obtain consistent with the AP of mandate.In addition, attacker has used certification policy of the same race (such as pre-shared key either 802.1X Authentication) it is used as the AP of certification, but always allows user to pass through certification.Notice that rogue AP and real AP are same When enliven.In this case, signal intensity will act as unique selection standard.According to our experiment, if two Individual overlapping WLAN has used same SSID, then cell phone apparatus only can show that signal intensity is strong in its WLAN lists One.If user has logged on the AP of personation, then attacker can just realize man-in-the-middle attack to obtain user profile Or the data on flows of analysis user is without being found.

WiFi Freeloading (WiFi loiter networks)：One attacker has stolen the voucher for logining private network, then Private network can be logined as validated user.Here certification is probably a simple password, if WLAN takes WPA-Enterprise patterns, attacker can obtain voucher by many methods, once attacker enters network, Na Ta can Bandwidth is stolen with being just more than of accomplishing.

The frequency shift (FS) (such as CFO) that the method for the present invention attempts one equipment of estimation is realized as its finger print information The detection of attack.CFO generation is that and CFO will not be because of time or ground because carrier oscillator is offset in WiFi network interface cards Point changes, only can be because of the different and different of equipment.More very, it is difficult to be imitated deception, because it is pure ardware feature And it is difficult by the software impact of any operation.

CSI phase informations provide the phase offset accumulated in signals transmission.Considering could be by CSI measurement To estimate CFO size.If feasible, CFO can be estimated by inapplicable extra equipment, because CSI can change existing Some wireless device trawl performances, are then obtained using upper layer application.

Before CSI estimations CFO, the composition of each phase values of CSI is first analyzed.

Decompose the phase value of CSI values

Assuming that fingerprint equipment have received n frames from target device, for each frame, it is all obtained from trawl performance CSI measurement.When letting us consider that moment t, the CSI of the frame between a pair of Tx-Rx.For k-th of subcarrier, CSI measurement Contain a phase field φ_t,k, phase field φ_t,kThe phase for having measured frame on subcarrier between sender and recipient is inclined Move.φ_t,kIt is made up of 4 parts：

Wherein,The phase offset exactly as caused by CFO, other three are caused by following reason：

ω_t,k：The phase offset that delay (FDD, frame detection delay) is caused is detected by frame, when a frame is arrived When having reached recipient, recipient can take some time to detect it, and this can to cause one when CSI is measured Time delay τ_d.Such delay can cause a phase offset ω_t,k, ω_t,kIt is proportional with frequency, is mathematically represented as ω_t,k=2 π α k ζ_d, wherein α is a constant coefficient, and k is the index of a subcarrier, ζ_dIt is one and τ_dThe value of height correlation, Since ζ_dChange over time and change, then ω_t,kIt is also what is differed between frames.

θ_t,k：The phase offset caused by sampling frequency deviation (SFO, Sample Frequency Offset).SFO be by Sampling clock (Sample Clock) between sender and recipient is asynchronous caused.Detect and postpone similar to frame, no It is synchronous equally to introduce a time delay τ_s, and then the phase offset of one and subcarrier index linear correlation are caused, because This θ_t,k=2 π β k ζ_s, wherein β is a constant, and k is a subcarrier index, ζ_sIt it is one according to τ_sThe variable of decision.

ψ_t,k：It is the phase offset caused by the flight time (ToF, time of flight), it represents signal from transmission Side is to the flight time between recipient, and this just causes the skew of phase.Under in the absence of multipath conditions, there is ψ_t,k=2 π f_kt_p, wherein t_pRefer to micro- propagation time between sender to recipient, f_kRefer to the frequency of k-th of subcarrier.Once examine Consider multipath, then just having another will consider, this and environment are closely related.Because this skew is mainly flown The row time determine, so, it indoors positioning field it is very useful.In fact, having how many prior art researchs utilize CSI Phase region realize indoor positioning.However, because it is an object of the invention to extract CFO part rather than ToF parts, because This, it is impossible to is directly using existing algorithm.

Now, based on above-mentioned analysis, (1) formula can be re-written as：

φ_t,k=k (2 π α ζ_d+2πβζ_s)+ψ_t,k+2πΔf_ct (2)

Wherein, 2 π Δs f_cPhase offset caused by t exactly CFO, Δ f_cCFO items as to be estimated.

CFO is estimated from the phase value that CSI is decomposited

Define first and calculate a new phase variantFor each time t frame, its Middle φ_t,1And φ_t,-1The phase value for being designated as 1 and -1 subcarrier is represent down respectively, then, for every a pair neighbouring frames, meter Calculate their phase difference(being mapped to [- π, π]) and TDoA (Time Difference of Arrival) arrival time Δ t Microsecond.Afterwards, draw allAs shown in Fig. 1 (a).These stripeds from series of periodic, such as Fig. 1 (a) square frame is identified in.In addition, striped is oblique and looks there is same slope.Estimate the slope of these stripeds Degree, and most at last it as CFO value.

As an example, the stripe pattern changed with testing time and place of identical equipment is illustrated in Fig. 1. The stripe pattern of distinct device is equally compared in fig. 2, and it was found that the gradient of striped is different.It is summarized as follows, from this Can be seen that the slope of striped in images a bit can only occur difference according to the difference of equipment, will not be because of the different of environment Change, the slope of striped is considered as CFO estimation by this as the desired features of CFO.

Frame detection delay (FDD) and the removal of sampling frequency deviation (SFO)：FDD and SFO can cause in CSI measurements One time delay, these time delays can cause the phase offset with subcarrier subscript linear correlation.According to (2) formula, if K will be met₁+k₂=0WithMutually add up, can remove due to phase offset caused by FDD and SFO.

In 802.11n standards, when with a width of 20Mhz, CSI measurements have recorded down and be designated as [- 28, -26 ..., -2, - 1,1,3 ..., 27,28] 30 subcarriers data.Wherein there was only [- 1,1] and [- 28,28] this two groups of satisfaction requirements.This It is exactly defined in the inventive methodThe reasons why.For time point t,It can state as follows：

Fig. 3 compares the stripe pattern of the original phase value of subcarrier -28 and the striped of subcarrier -1 and 1 average phase value Image, it can be found that removing FDD and SFO phase offset so that image is more clear.

Remove ToF：Recipient and the sender remains stationary during frame is collected first are required, them are thus secured Relative distance, phase difference

From (4) formula, it is clear that see Δ f_cIt isThe slope of linear relationship between Δ t, in theory for be exactly, Point in stripe pattern should form periodic line rather than cycle striped.

And why there is difference in theoretical and reality, be because various measuring errors and a known firmware problem, Because the network interface cards of Intel 5300 that we use.These measuring errors make it that striped is not a smooth curve but is had very Many noise spots.Such as, if the clock frequency of equipment is 10Mhz, then receive the correct time of a frame most in receiving terminal Mostly 0.1 microsecond.Therefore, in this case, should to be at least 0.1 micro- interval of any point between in stripe pattern Second.Firmware problem, causes extra striped in the picture, so that Δ t andFunctional relation can not be met.But so Extra striped can't influence the estimation of slope.And the use of the related amounts of a CFO is to be better than only to make to detect attack With CFO in itself as fingerprint.In other words, our work is to be transformed into the measurement based on CSI from estimation CFO, from noise Striped slope is calculated in stripe pattern.

When a mobile device (notebook computer or smart mobile phone) is wanted from an AP to obtain fingerprint, its picture is allowed first Usually AP is connected like that, then.Mobile device sends test data using built-in instrument Ping to AP, then collects all times The CSI measured values of multi-frame.In order to ensure the high accurancy and precision of the fingerprint obtained, it is necessary to general 5000 frame.Because in 802.11b feelings Under scape, transmission rate can reach 11Mbps, and this process is less than 10 seconds.Based on CSI measurements, we derive above The bar graph of description, then the slope of these stripeds as equipment fingerprint.Except configuring WIFI between both devices P2P connections, are that the process that a mobile device assigns fingerprint is the same.

The value that CFO is obtained from stripe pattern includes two steps：It is strip extraction and slop estimation.

The extraction of data characteristics

In order to estimate slope, the set for the point for constituting each striped must be obtained first.The step of extracting striped is as shown in Figure 4 It is divided into three steps.

(1) high-density region is chosen

The distribution for closing on the TDoAs of frame is mainly what is determined by the transmission rate of network.As a result, as shown in Figure 4 As being shown in first subgraph, some intervals on Δ t axles may form high density area in bar graph than those and gather around There are more points.It will be apparent that striped possesses more points, then linear fit can be more accurate.So using slip on Δ t axles Window algorithm recognizes these high density areas.In each stationary window, the number of all points is calculated, is then moved to another The place of individual length of window.Finally, the window of the point of selection highest number is all as high density area, next all processes Carry out in this window.The size of window after it checked 30 equipment, is artificially empirically set by people.Assuming that Δ t The average span of striped on axle is s, then, the length of window just should just be set to 6s in our experiments, so can be with Ensure that the density region extracted is at least comprising 3 clear stripeds.

(2) high-density region is switched into binary picture

Fig. 4 second subgraph is observed, it can be found that what the center line that most point is along striped was concentrated, but still So there are some outliers to be sparsely dispersed between different stripeds.Obviously, these outliers can bring one to the estimation of slope A little negative effects, it is therefore desirable to be removed.In this purpose, high density area obtained in the previous step is processed as one two and entered It is imaged, it thus make use of the greatest differences between normal point and abnormity point to eliminate abnormity point.First by this high density area Domain rasterizing, is divided into series of identical small rectangle, each rectangle correspondence one in newly-generated binary picture Pixel.Then, for each rectangle, the number of point therein is calculated.If total number has exceeded predefined threshold value, then turn The pixel corresponding to binary picture after change is set to 1, is otherwise set to 0.After so doing, as Fig. 4 the 3rd son Shown in figure, many outliers will be removed.The image of very big noise spot is still had for those, using many existing The mechanism such as ALM based on PCA is further processed.

(3) communicating portion is obtained

The image segmentation algorithm proposed using haralick and shapiro is individual most to obtain k in 2D binary picture Long connected component, then problem the slope of estimation k most long connected components is converted into from the slope of estimation striped.Certainly, In fact, being likely to be obtained some error sections for not corresponding to any striped.Following mechanism is thus needed to use to be located Reason.

The estimation of striped

After the step of have passed through strip extraction, the set of the point for each long connected component has been obtained.If even Logical point set is S.The slope k of twill_cIt can be obtained by least square method,

Wherein,It is slope k_cEstimate, x, y are the corresponding coordinate position of each point, and ρ is wanted for least square method The coefficient of optimization, β is a constant.Therefore, for each connected component, all it is calculated using least square method method Slope k.But, the slope calculated may change, because connected component may be not a complete striped；To understand Certainly this problem, we are clustered the slope to striped, and CFO is used as with the average of the most class of number in cluster result Final estimate.Reason for this is that based on the fact one simple, that is, correct CFO estimates would generally connect very much Closely, and mistake CFO estimates be often different.

The bidirectional recognition of Wi-Fi hotspot and wireless device

We, as the fingerprint characteristic of wireless device, it will be used for by the CFO estimates obtained by foregoing method The bidirectional recognition of Wi-Fi hotspot and wireless device：

A) method that we can be by gathering in advance, carries out fingerprint collecting, or allow legal to legal Wi-Fi hotspot The holder of Wi-Fi hotspot announces the fingerprint characteristic value of legal focus to set up the white list of device-fingerprint.

B) whenever Wi-Fi hotspot access is carried out, the CFO estimations for the Wi-Fi hotspot that method collection is currently accessed are told before utilization Value, this estimate is contrasted with the wifi hotspot fingerprint characteristic in the white list being collected, if similarity is less than a certain Threshold value, that is, be determined as false Wi-Fi hotspot.

C) same method can be used for making the function of the wireless device of Wi-Fi hotspot identification access, so that with limitation The function that particular wireless device could be accessed.

Experimental result

That the inventive method is tested by testing realizes effect.

Test equipment (APs and intelligent hand are collected as a data picker with Thinkpad X200 notebook computers Machine) CFO finger print datas.This computer is equipped with 5300 wireless network cards, and we are mounted with one amended for it The driving of tripartite, this makes it possible to obtain corresponding CSI measured values for each frame received.In order to enter to a router Row fingerprint model, allow a notebook computer to connect this router, then using the ping instruments under Linux system to this Router sends message.For the frame message of each reply, notebook obtains and stores corresponding CSI measured value. The transmission interval of two Ping information is 1 second of acquiescence, and this is somewhat oversize for collecting device fingerprint, therefore, using- This interval is reduced to 0.002 second by i parameters, thus can be to send out within each second the messages of 500 frames.For each Equipment, have collected 5000 reply frames, this usually requires general 10 seconds altogether.Notebook computer can pass through above institute The method of proposition calculates fingerprints of the CFO as equipment.For the finger print information to gathering smart mobile phone, we are a notes This computer is configured to WIFI hot spot.Then mobile phone is connected to computer and sends information to it, as in collection router (AP) It is the same done in fingerprint.Then, we can go out the finger print information of mobile phone based on the CSI numerical computations of the frame received.

Focus on performance of both the present invention：One is, stability of the fingerprint in terms of when and where, and two be method Accuracy and rate of false alarm.Experiment test is more than 23 smart mobile phones and 30 AP, including identical and the type that differs.

Stability test

Fingerprint in experiment refers to the CFO estimated in being measured from CSI value, can be from easily from existing nothing Obtained in line equipment.

Temporal stability：Experiment considers two time spans, one day and one month.Fig. 5 shows two differences Not in the same time collected CFO values of the AP (NETGEAR R7000 and TP-LINK WDR4300) of model in one day,. The two AP are allowed to run all day, and every 6 hour records once CSI value.It can be found that the two AP CFO's estimates Evaluation, is all that any time section in all day is consistent.

In order to verify that CFO is steady in a long-term, it is daily that we have collected a middle of the month from a millet Note mobile phone CFO value, as shown in fig. 6, the CFO in middle of the month estimate, substantially identical, and at most differ 0.1.

Stability spatially：CSI phase field contains a ToF skew, and this is very dependent on equipment room Relative position and context.This disturbing factor is eliminated we have proposed several methods.In order to bring the multichannel of complexity into Environment, have selected an indoor environment, 7.7m × 6.5m as shown in Figure 7 laboratory, to prove four AP CFO fingerprints Spatial stability.For each AP, four different positions are dropped it into, one is separated by wall with computer.Surveyed each In examination, it is desirable to which two testers are around indoor walking, to imitate really at any time in the environment of change.In each place pair The fingerprint test of 15 times has been carried out in each AP.These AP average CFO in different places value is opened up in fig. 8 Show out.It show due to the change between the CFO that varying environment influences be compared to the difference between different AP can be with Ignored, this shows that the CFO of our measurement is spatial stability.Also carried out on 4 different smart mobile phones so Experiment, then obtained similar result due to the limitation in space, we show only AP result.

Accuracy rate is tested

K fingerprint has been carried out to each AP/ mobile phones, and these results have been stored in a database.Assuming that total Shared N platform equipment, just have collected KN fingerprint altogether.In each test, each equipment d (is represented under equipment Mark), sampled by randomly choosing M from K fingerprint, form a sampling set H_d.Then, by calculating H_d Average value set up a white list W.In an experiment, M is sized to 1/3rd K, if so K=7, that M=2.S is allowed to represent the set of remaining fingerprint.Then, if set a fingerprint in S is different with one in W Standby fingerprint is contrasted, and actually we just simulate detection Rogue AP or Freeloading attacks.On the other hand, If by the way that the fingerprint of a fingerprint in S and an identical equipment in W is contrasted, we are actually mould A normal call is intended.So, the detectivity P of attack can be defined_dWith rate of false alarm P_f, it is as follows：

What wherein id (i) was represented is the corresponding device numberings of fingerprint i, if fingerprint i and fingerprint j meet, match (i, J) value is 1, is otherwise 0.The process of matching calculates H_id(i)(device numbering is the sampling set corresponding to id (i) equipment) Maximum angle difference is used as T_hIf, T_hLess than 1 °, then we are by T_hIt is set to 1 °, and the absolute angle between two stripeds Difference is used as d_a.Then by comparing d_aT in being tested with us_hTo determine whether two fingerprints match：If d_aLess than T_h, it is believed that It is matching, is otherwise to mismatch.

Table I

The detailed scene of AP experiments

Scene	AP brands	Whole fingerprints	#of APs	K value
					Teaching building	Huawei	84	12	7
Startbuck	It is unknown	90	6	15
					Laboratory	Netware, it is general	120	8	15
Library	Huawei	60	4	15

Table II

The accuracy that AP is recognized under different scenes

Scene	Detectivity Pd	False alarm rate Pf
			Teaching building	94.32%	4.52%
Startbuck	95.05%	2.31%
			Laboratory	97.24%	1.47%
College library, university library, academic library	94.37%	5.11%

The assessment for AP is considered first.Tested in four scenes, including teaching building, laboratory, library With some Startbuck, and 354 fingerprints are have collected altogether.The details of AP in these environment are shown in Table in I.In Startbuck, Their equipment is not seen so trade mark can not be learnt.Except Startbuck, in each scene, all AP are same Manufacturer and model.It is pointed out that this is to simulate the Attack Scenarios the worst that we can run into fact, at this Attacker is provided with the personation AP of one and the same models of AP authenticated in scape.For instinctively, from same supply The AP of business more likely has similar fingerprint.According to the result shown in table ii, detectivity in four scenes close to 94%, Rate of false alarm is under 5.11% simultaneously.

Except AP, similar experiment has also been carried out similarly for smart mobile phone.Experiment includes the intelligence of 23 different vendors Energy mobile phone, as shown in Table III, wherein for each mobile phone, K=15.Wherein the definition of accuracy rate and rate of false alarm is with to AP's It is the same in test.Rate of accuracy reached is to 94%, and rate of false alarm is then below 3%.

Table III

The details of mobile phone

Smart mobile phone	Quantity
		Meizu	3
Samsung	5
		Millet	7
Other	8

Equally in such as Table IV retouch the same model told mobile phone on tested.Because database is smaller, P_d And P_fIt is expressed as function.We can have found that the inventive method still can distinguish the distinct device of same model.

Table IV

The accuracy of same model mobile phone

Smart mobile phone	Quantity	Detectivity	False alarm rate
				The millet mobile phone of identical WIFI network interface cards	6	149/160	1/70
Samsung S4	3	70/70	0/35

Claims (5)

1. one kind carries out fingerprint modeling for wireless device and knows method for distinguishing, it is characterised in that comprise the following steps：

(1) CSI phase value is decomposed；

(2) CFO continuous items are estimated from the phase value that CSI is decomposited：

A) influence in the CSI measurements that FDD and SFO is caused is removed；

B) influence that ToF is caused is removed；

(3) CFO value is obtained in the CFO noise images obtained from previous step；

A) high-density region of selected digital image；

B) high-density region obtained in the previous step is switched into a binary picture；

C) communicating portion of image is obtained；

D) set of the composition of the point of communicating portion obtained above is handled using least square method, the set put Slope；

(4) by the use of CFO estimates as the fingerprint characteristic of equipment, Wi-Fi hotspot and wireless device to interconnection carry out two-way knowledge Not.

A) fingerprint collecting is carried out to legal Wi-Fi hotspot, sets up white list；

B) whenever Wi-Fi hotspot access is carried out, the CFO estimates for the Wi-Fi hotspot being currently accessed are gathered using preceding method, will This estimate is contrasted with the Wi-Fi hotspot fingerprint characteristic in the white list being collected, if similarity is less than threshold value, that is, is sentenced It is set to illegal Wi-Fi hotspot；

C) white list is set up to the wireless device for needing to access in advance in Wi-Fi hotspot, it is special by the fingerprint for comparing access device Levy, Wi-Fi hotspot can be enabled to carry out reversal of identification to the wireless device of access.

2. carry out fingerprint modeling for wireless device as claimed in claim 1 and know method for distinguishing, it is characterised in that

Decompose the phase value of CSI values

Assuming that equipment have received n frame messages from target device, for each frame, it all measures CSI's from trawl performance Data；For k-th of subcarrier, CSI contains a phase field φ_t,k, phase field φ_t,kMeasured on subcarrier sender and The phase offset of frame between recipient.

φ_t,k=k (2 π α ζ_d+2πβζ_s)+ψ_t,k+2πΔf_ct (2)

CFO is estimated from the phase value that CSI is decomposited

Define first and calculate a new phase variantFor each time t frame, wherein φ_t,1And φ_t,-1The phase value for being designated as 1 and -1 subcarrier is represent down respectively, then, for every a pair neighbouring frames, is calculated Their phase differenceWith TDoA arrival time Δ t microseconds；Afterwards, draw allPoint, these point constitute The striped of series of periodic, estimates the slope of these stripeds, and most at last it as CFO estimate.

3. carry out fingerprint modeling for wireless device as claimed in claim 2 and know method for distinguishing, it is characterised in that

Remove FDD and SFO：According to (2) formula, k will be met₁+k₂=0WithMutually add up, can remove due to FDD and Phase offset caused by SFO；

For time point t,It can state as follows：

${\stackrel{\‾}{\mathrm{\φ}}}_t=2{\mathrm{\π\Δf}}_{c}t+\frac{{\mathrm{\ψ}}_{t,-1}+{\mathrm{\ψ}}_{t,1}}{2}+(-1+1)(2{\mathrm{\π\α\ζ}}_d+2{\mathrm{\π\β\ζ}}_s)=2{\mathrm{\π\Δf}}_{c}t+\frac{{\mathrm{\ψ}}_{t,-1}+{\mathrm{\ψ}}_{t,1}}{2}---\left(3\right)$

Remove ToF：Recipient and the sender remains stationary during frame is collected first are required, their phase is thus secured Adjust the distance, phase difference

4. carry out fingerprint modeling for wireless device as claimed in claim 3 and know method for distinguishing, it is characterised in that from bar graph The value that CFO is obtained as in is included：

The extraction of data characteristics

In order to estimate slope, the set for the point for constituting each striped must be obtained first；The step of extracting striped is divided into three steps.

(1) high-density region is chosen

High density area is recognized using sliding window algorithm；In each stationary window, the number of all points, Ran Houyi are calculated Move the place of another length of window；Finally, the window of the point of selection highest number is used as high density area；

(2) high-density region is switched into binary picture

High density area obtained in the previous step is processed as a binary picture, area is divided into small rectangle, each rectangle One pixel of correspondence in newly-generated binary picture.Then, for each rectangle, point therein is calculated.If total Mesh has exceeded predefined threshold value, then corresponding pixel is set to 1, is otherwise set to 0；

(3) communicating portion is obtained

K maximum connection is identified in binary picture, thus estimation k can be converted into the problem of the slope of estimation striped The slope of individual most long connected component；

The estimation of striped

After the step of have passed through strip extraction, the set of the point for each connected component has been obtained.If connected set of points For S.The slope k of twill_cIt can be obtained by least square method,

$\widehat{k_c}=\underset{\mathrm{\ρ}}{\mathrm{argmin}}\underset{(y,x)\∈S}{\Σ}{(y+2\mathrm{\π}x\mathrm{\ρ}+\mathrm{\β})}^2---\left(5\right)$

Wherein, β is a constant；Therefore, each connected component is found out, its slope k is then calculated using least square method； Finally, slope value is clustered, the slope average value for asking for the most class of quantity in cluster result is estimated as last CFO Evaluation.

5. carry out fingerprint modeling for wireless device as claimed in claim 4 and know method for distinguishing, it is characterised in that：

Using obtained CFO estimates as the fingerprint characteristic of wireless device, it is used for the two-way of Wi-Fi hotspot and wireless device Identification：

Method by gathering in advance, carries out fingerprint collecting to legal Wi-Fi hotspot, or allows the holder of legal Wi-Fi hotspot Announce the fingerprint characteristic value of legal focus to set up the white list of device-fingerprint, each entry of white list contains correspondence WiFi The title of focus, physical location and CFO estimates；White list, which can be stored in, to be needed to access in the mobile device of Wi-Fi hotspot, External server either is stored in, the data needed are obtained by network communication by mobile device；

Whenever Wi-Fi hotspot access is carried out, the CFO estimates for the Wi-Fi hotspot being currently accessed are gathered using preceding method, by this Estimate is contrasted with the wifi hotspot fingerprint characteristic in the white list being collected, if similarity is less than threshold value, that is, is judged For false Wi-Fi hotspot；

Same method can be used for making the function of the wireless device of Wi-Fi hotspot identification access, right in advance in Wi-Fi hotspot Need the wireless device of access to set up white list, by comparing the fingerprint characteristic of access device, Wi-Fi hotspot can be enabled right The wireless device of access carries out reversal of identification；So as to the function that could be accessed with limitation particular wireless device.