CN114025350B - Dual authentication method based on password and frequency offset - Google Patents

Abstract

The invention provides a dual authentication method based on a password and frequency offset, which comprises the following steps: step 1, a device to be authenticated sends a probe request frame signal with a specific SSID to a general software radio peripheral, and the general software radio peripheral is connected with a host; step 2, running GNU radio according to the signals received by the universal software radio peripheral, and performing signal processing on the received signals to obtain carrier frequency offset characteristics of equipment to be authenticated; and 3, calculating the similarity between the carrier frequency offset characteristics of the equipment to be authenticated and the carrier frequency offset characteristics of all stored authorized users through a nearest neighbor mode matching algorithm. According to the invention, the frequency offset fingerprint characteristics of the wireless intelligent equipment are extracted through the universal software radio peripheral equipment, the intelligent equipment is identified by utilizing the frequency offset, and the wireless network identification mechanism is enhanced through a password and frequency offset dual authentication mode, so that the access of illegal equipment is avoided, and the network security is improved.

Description

Dual authentication method based on password and frequency offset

Technical Field

The invention relates to the technical field of security, in particular to a dual authentication method based on a password and frequency offset.

Background

Wireless local area networks are now ubiquitous and have become an integral part of the life of everyone. A series of important activities such as network communication, work communication, etc. can be performed by a person through a wireless network. However, the popularity of wireless local area networks has also made security issues a focus of attention. The wireless network is borderless, and the signal is opened, so that great convenience is brought to users, and meanwhile, the wireless local area network is subjected to more security threats. There is therefore a need for effective wireless security solutions to provide security for secure access and management of wireless local area networks. The identity authentication mechanism of the wireless local area network access is mainly based on key identity authentication and is identified according to the information such as the MAC address, the IP address and the like of the access equipment, but the information is easily sniffed, disguised and tampered by illegal intruders, so that the wireless network is intercepted. In addition, the wireless network security protocol generally has some defects, and an illegal invader can steal the secret key through a certain means, so that the wireless network can be invaded to hijack information. 10 months 2017, mathyVanhoef published a key reload attack against the WAP2 protocol, and an attacker could read all traffic on the target wireless network connection. Therefore, it is critical and urgent to develop an authentication system capable of preventing network attacks and enhancing security of a wireless network.

Because of manufacturing tolerances of electronic components, degradation and aging effects of components, etc., there are differences in actual hardware parameters of wireless devices even in the same model and batch, and such differences in hardware are reflected in communication signals. Today, in which science and technology are increasingly developed, more and more researchers at home and abroad research on a radio frequency fingerprint extraction and identification method of a wireless communication device. Just as everyone has a unique fingerprint of his own, each wireless device also has a unique fingerprint of his own "radio frequency fingerprint". The fingerprint characteristics of the wireless intelligent equipment are extracted and identified in the physical layer, and then the access control of the wireless equipment is realized by utilizing a hardware individual identity verification mode, so that the traditional wireless network identification mechanism can be assisted and enhanced, and a larger guarantee is provided for the security of the wireless network.

Disclosure of Invention

The invention provides a dual authentication method based on passwords and frequency deviation, which aims to solve the problems that information of access equipment is easy to sniff, disguise and tamper by illegal invaders, and a wireless network is easy to eavesdrop and hijack by the illegal invaders.

In order to achieve the above object, an embodiment of the present invention provides a dual authentication method based on a password and a frequency offset, including:

step 1, a device to be authenticated sends a probe request frame signal with a specific SSID to a general software radio peripheral, and the general software radio peripheral is connected with a host;

step 2, running GNU radio according to the signals received by the universal software radio peripheral, and performing signal processing on the received signals to obtain carrier frequency offset characteristics of equipment to be authenticated;

step 3, carrying out similarity calculation on the carrier frequency offset characteristics of the equipment to be authenticated and the carrier frequency offset characteristics of all stored authorized users through a nearest neighbor mode matching algorithm;

and step 4, judging whether the equipment to be authenticated is permitted to access the wireless network according to the calculated similarity of the carrier frequency deviation characteristics of the equipment to be authenticated and the carrier frequency deviation characteristics of all stored authorized users and the correctness of the password verification of the equipment to be authenticated.

Wherein, the step 2 specifically includes:

and step 21, performing conjugate correlation on each probe request frame signal in the received signals to obtain an autocorrelation coefficient corresponding to each probe request frame signal, judging whether the autocorrelation coefficient corresponding to each probe request frame signal is higher than a first set threshold, executing step 22 when the autocorrelation coefficient corresponding to the current probe request frame signal is higher than the first set threshold, and screening out the current probe request frame signal when the autocorrelation coefficient corresponding to the current probe request frame signal is lower than the first set threshold.

The step 21 specifically includes:

the autocorrelation coefficients were calculated as follows:

wherein a [ n ]]Represents the autocorrelation function value, k represents the value in the adjustable window, s [ n ]]Represents a frame signal sequence, n represents a number of a frame sequence symbol,representing the complex conjugate of s, p [ n ]]Represents average power, N _win Representing an adjustable window, c [ n ]]Representing the autocorrelation coefficients.

Wherein, the step 2 further comprises:

the following steps are performed for each probe request frame signal screened in step 21:

step 22, performing frame synchronization on the probe request frame signal through a time domain delay correlation algorithm of a short training sequence, and performing coarse carrier frequency offset estimation, wherein the steps are as follows:

and carrying out delay correlation through the first 5 symbol sections of the short training sequence, and carrying out coarse carrier frequency offset estimation, wherein the method comprises the following steps of:

wherein ,representing the estimated coarse carrier frequency offset, S _m Symbols representing the first 5 symbol segments of the short training sequence, m represents the number of symbols of the first 5 symbol segments of the short training sequence, m=0, 1, 79; arg () represents the phase operator, +.>Represent S _m Conjugation of the last 16 th symbol;

by estimated coarse carrier frequency offsetCompensating for long training sequence symbols is as follows:

wherein ,S_n Indicates a long training sequence symbol, n indicates a number of the long training sequence symbol, n=0, 1,..127, s '' _n Representing warpAnd the long training sequence symbol after the over-estimated coarse carrier frequency offset compensation.

Wherein, the step 2 further comprises:

step 23, performing fine carrier frequency offset estimation based on the estimated long training sequence symbol after coarse carrier frequency offset compensation, as follows:

wherein ,representing the estimated fine carrier frequency offset,/->Represent S _n Conjugation of the' 64 th symbol after.

Wherein, the step 2 further comprises:

step 24, adding the estimated coarse carrier frequency offset and the estimated fine carrier frequency offset to obtain an estimated total carrier frequency offset

Step 25, obtaining carrier frequency offset characteristics based on the estimated total carrier frequency offsetThe following is shown:

wherein BW is the channel bandwidth.

Wherein, the step 2 further comprises:

step 26, equalizing the signal based on the frequency domain estimation channel, comprising the following steps;

step 261, compensating the probe request frame signal according to the corresponding carrier frequency offset characteristic;

step 262, performing FFT conversion on the frequency offset compensated probe request frame signal, and converting the probe request frame signal from a time domain to a frequency domain;

step 263, checking the value of the pilot carrier by the WiFi frame equalizer according to the transmission pilot symbol, and estimating the constellation of the carrier symbol by subtracting the residual frequency offset;

step 27, pilot frequency removal and cyclic prefix are carried out on the probe request frame signal according to the estimated constellation diagram of the carrier wave symbol, de-interleaving, viterbi decoding and descrambling are carried out on the probe request frame signal after the cyclic prefix, load information of the probe request frame signal is obtained, SSID (service set identifier) of the probe request frame signal is extracted according to the load information, and carrier frequency offset is used as fingerprint of the probe request frame signal.

Wherein, the step 3 specifically includes:

the density of the authorized device sample set is expressed as:

wherein ,D_k1 Representing a sample set of authorized devices, k=a, B, C, D, E, F, D _ij Representing the distance between sample i and sample j, N _k Representing the number of samples in the authorized device sample set, k=a, B, C, D, E, F.

Wherein, the step 3 further comprises:

respectively adding the to-be-authenticated equipment sample sets into each authorized equipment sample set, wherein the densities of a plurality of new sample sets are as follows:

wherein ,N_h Representing the number of samples in a sample set of the equipment to be authenticated, N _h +1 represents an index of a device sample to be authenticatedWhen D _k1 ＞＝D _k2 +th, where th represents a second set threshold, the set of samples being considered unauthorized.

Wherein, the step 4 specifically includes:

step 41, finding out the minimum value of the density difference between the original sample set and the new sample set:

ch _k ＝D _k1 -D _k2 ，k＝A,B,C,D,E,F (10)

ch＝min(ch _k ) (11)

wherein ch represents the highest similarity of carrier frequency offset;

step 42, judging whether the highest similarity ch of the carrier frequency offset of the equipment to be authenticated is higher than a second set threshold th;

step 43, when the highest similarity ch of the carrier frequency offset of the device to be authenticated is higher than a second set threshold th, step 43 is executed; when the highest carrier frequency offset similarity ch of the equipment to be authenticated is not higher than a second set threshold th of the threshold, the equipment to be authenticated is unauthorized equipment, the equipment to be authenticated is not permitted to access the wireless network, and the process is finished;

step 44, judging whether the password of the device to be authenticated is correct;

step 45, executing step 45 when the password of the device to be authenticated is correct; when the password of the equipment to be authenticated is incorrect, the equipment to be authenticated is unauthorized equipment, the equipment is not permitted to access the wireless network, and the process is finished;

the device to be authenticated is an authorizing device, step 46, granting access to the wireless network.

The scheme of the invention has the following beneficial effects:

according to the dual authentication method based on the password and the frequency offset, the frequency offset fingerprint characteristics of the wireless intelligent equipment are extracted through the low-cost customized universal software radio peripheral, the intelligent equipment is identified by utilizing the frequency offset, and the authentication is judged to be passed only through the two authentication processes of the password authentication and the frequency offset authentication during authentication, so that the wireless network identification mechanism is enhanced and the network security is improved through the dual authentication mode.

Drawings

FIG. 1 is a flow chart of dual authentication of password and frequency offset in the present invention;

FIG. 2 is a flow chart of extracting carrier frequency offset characteristics of equipment to be authenticated according to the invention;

FIG. 3 is a histogram of frequency offset distribution of different devices to be authenticated according to the present invention;

fig. 4 is an authentication accuracy of each device to be authenticated according to the present invention.

Detailed Description

In order to make the technical problems, technical solutions and advantages to be solved more apparent, the following detailed description will be given with reference to the accompanying drawings and specific embodiments.

Aiming at the problems that the information of the existing access equipment is easy to sniff, disguise and tamper by an illegal invader, and the wireless network is easy to be eavesdropped and hijacked by the illegal invader, the invention provides a double authentication method based on a password and frequency deviation.

As shown in fig. 1 to 4, an embodiment of the present invention provides a dual authentication method based on a password and a frequency offset, including: step 1, a device to be authenticated sends a probe request frame signal with a specific SSID to a general software radio peripheral, and the general software radio peripheral is connected with a host; step 2, running GNU radio according to the signals received by the universal software radio peripheral, and performing signal processing on the received signals to obtain carrier frequency offset characteristics of equipment to be authenticated; step 3, carrying out similarity calculation on the carrier frequency offset characteristics of the equipment to be authenticated and the carrier frequency offset characteristics of all stored authorized users through a nearest neighbor mode matching algorithm; and step 4, judging whether the equipment to be authenticated is permitted to access the wireless network according to the calculated similarity of the carrier frequency deviation characteristics of the equipment to be authenticated and the carrier frequency deviation characteristics of all stored authorized users and the correctness of the password verification of the equipment to be authenticated.

The dual authentication method based on the password and the frequency offset, which is disclosed by the embodiment of the invention, comprises the password authentication and the frequency offset authentication, and can avoid the access of illegal equipment and improve the security of a wireless network through a password and frequency offset dual authentication mode. Specifically, a WiFi switch of the intelligent equipment is turned on, other networks are added, corresponding information is input at the network name and the password respectively, the equipment to be authenticated transmits a probe request frame signal with a specific SSID, a general software radio peripheral B210 is used as a signal receiving equipment to be connected with a host, GUN radio is operated to process the signal, then carrier frequency deviation of the probe request frame signal of the specific SSID is extracted, whether the highest similarity of the carrier frequency deviation of the equipment to be authenticated and the stored carrier frequency deviation of the authorized equipment is higher than a second set threshold value is judged, if the highest similarity is higher than the second set threshold value, whether the password is correct is judged, when the password is judged to be correct, the equipment to be authenticated is the authorized equipment, access to the wireless network is allowed, and otherwise, the equipment to be unauthorized equipment is refused to access the wireless network is judged. If the highest similarity is lower than the second set threshold, directly judging the equipment to be authenticated as unauthorized equipment, and refusing to access the wireless network, wherein the security of the wireless network can be further improved in the dual verification mode.

According to the dual authentication method based on the password and the frequency offset, which is disclosed by the embodiment of the invention, a commonly used smart phone is fully utilized, a WiFi switch of the COTS smart phone is turned on, a probe request frame signal with a specific SSID is transmitted in the air, and the probe request frame signal is received by a general software radio peripheral device, but other signals sent by other devices are received by the general software radio peripheral device besides the probe request frame sent by the smart phone receiving the experiment. Therefore, in order to reduce the influence of other signals, the center frequency of the experimental platform is set to be 5.17GHz, the sampling rate is 20MSa/s, the bandwidth BW of a channel is 20MHz, and the channel has signals of fewer other devices.

Wherein, the step 2 specifically includes: and step 21, performing conjugate correlation on each probe request frame signal in the received signals to obtain an autocorrelation coefficient corresponding to each probe request frame signal, judging whether the autocorrelation coefficient corresponding to each probe request frame signal is higher than a first set threshold, executing step 22 when the autocorrelation coefficient corresponding to the current probe request frame signal is higher than the first set threshold, and screening out the current probe request frame signal when the autocorrelation coefficient corresponding to the current probe request frame signal is lower than the first set threshold.

The step 21 specifically includes: the autocorrelation coefficients were calculated as follows:

wherein a [ n ]]Represents the autocorrelation function value, k represents the value in the adjustable window, s [ n ]]Represents a frame signal sequence, n represents a number of a frame sequence symbol,representing the complex conjugate of s, p [ n ]]Represents average power, N _win Representing an adjustable window, c [ n ]]Representing the autocorrelation coefficients.

Wherein, the step 2 further comprises: the following steps are performed for each probe request frame signal screened in step 21:

step 22, performing frame synchronization on the probe request frame signal through a time domain delay correlation algorithm of a short training sequence, and performing coarse carrier frequency offset estimation, wherein the steps are as follows:

and carrying out delay correlation through the first 5 symbol sections of the short training sequence, and carrying out coarse carrier frequency offset estimation, wherein the method comprises the following steps of:

wherein ,representing the estimated coarse carrier frequency offset, S _m The symbols representing the first 5 symbol segments of the short training sequence,m represents the number of symbols of the first 5 symbol segments of the short training sequence, m=0, 1..79; arg () represents the phase operator, +.>Represent S _m Conjugation of the last 16 th symbol;

by estimated coarse carrier frequency offsetCompensating for long training sequence symbols is as follows:

wherein ,S_n Indicates a long training sequence symbol, n indicates a number of the long training sequence symbol, n=0, 1,..127, s '' _n Representing the estimated long training sequence symbols after coarse carrier frequency offset compensation.

Wherein, the step 2 further comprises: step 23, performing fine carrier frequency offset estimation based on the estimated long training sequence symbol after coarse carrier frequency offset compensation, as follows:

wherein ,representing the estimated fine carrier frequency offset,/->Represent S _n Conjugation of the' 64 th symbol after.

Wherein, the step 2 further comprises: step 24, adding the estimated coarse carrier frequency offset and the estimated fine carrier frequency offset to obtain an estimated total carrier frequency offset

Step 25, obtaining carrier frequency offset characteristics based on the estimated total carrier frequency offsetThe following is shown:

wherein BW is the channel bandwidth.

The dual authentication method based on the password and the frequency offset, disclosed by the embodiment of the invention, comprises the following steps of: 1. when the correlation peak is obtained, the IEEE802.11a/g signal transmitted by the intelligent equipment is considered to be received, and the subsequent processing is carried out; 2. frame synchronization by using time-domain delay correlation algorithm of short training sequence and coarse estimation of carrier frequency offset3. Symbol synchronization by cross-correlating a long training sequence with a received signal while precisely estimating carrier frequency offset>Obtaining final carrier frequency offset estimate by the second and third steps>Thereby obtaining carrier frequency deviation->4. Estimating a channel in a frequency domain and performing equalization; 5. removing pilot frequency and cyclic prefix, de-interleaving, viterbi decoding, de-scrambling, obtaining the load information of the frame signal, extracting SSID identifier of the probe request frame signal from the load information, and taking carrier frequency offset as fingerprint of the probe request frame signal.

According to the dual authentication method based on the password and the frequency offset, when the c [ n ] is higher than a first set threshold value, the received IEEE802.11a/g signal is indicated to be subjected to subsequent processing; IEEE802.11a/g is a typical burst packet wireless local area network, according to the time domain correlation characteristics of a preamble training sequence, the synchronization and frequency offset estimation of a received signal can be completed in a single training symbol by utilizing a data auxiliary frequency offset estimation algorithm, and then effective information is compensated. In order to make the obtained frequency offset estimation more accurate, the carrier frequency deviation is normally estimated to a smaller range, and then the residual frequency offset is further estimated. The short training sequence is used for coarse frequency offset estimation and compensation, the long training sequence is used for fine frequency offset estimation, the total frequency offset estimation is equal to the coarse frequency offset estimation plus the fine frequency offset estimation, and the frequency offset of a received signal can be finally obtained according to a formula (7).

Wherein, the step 2 further comprises: step 26, equalizing the signal based on the frequency domain estimation channel, comprising the following steps; step 261, compensating the probe request frame signal according to the corresponding carrier frequency offset characteristic; step 262, performing FFT conversion on the frequency offset compensated probe request frame signal, and converting the probe request frame signal from a time domain to a frequency domain; step 263, checking the value of the pilot carrier by the WiFi frame equalizer according to the transmission pilot symbol, and estimating the constellation of the carrier symbol by subtracting the residual frequency offset; step 27, pilot frequency removal and cyclic prefix are carried out on the probe request frame signal according to the estimated constellation diagram of the carrier wave symbol, de-interleaving, viterbi decoding and descrambling are carried out on the probe request frame signal after the cyclic prefix, load information of the probe request frame signal is obtained, SSID (service set identifier) of the probe request frame signal is extracted according to the load information, and carrier frequency offset is used as fingerprint of the probe request frame signal.

According to the dual authentication method based on the password and the frequency offset, 4 pilot frequencies and cyclic prefixes are removed, 48 data carriers carrying actual information are left, the 48 carrier symbols are subjected to de-interleaving, viterbi decoding and descrambling, the frame signal load information is finally obtained, the SSID identifier of the frame signal is extracted from the load information, the carrier frequency offset is used as the fingerprint of the frame signal, and the frequency offset fingerprint characteristics are used for classifying each intelligent device.

Wherein, the step 3 specifically includes: the density of the authorized device sample set is expressed as:

wherein ,D_k1 Representing a sample set of authorized devices, k=a, B, C, D, E, F, D _ij Representing the distance between sample i and sample j, N _k Representing the number of samples in the authorized device sample set, k=a, B, C, D, E, F.

Wherein, the step 3 further comprises: respectively adding the to-be-authenticated equipment sample sets into each authorized equipment sample set, wherein the densities of a plurality of new sample sets are as follows:

wherein ,N_h Representing the number of samples in a sample set of the equipment to be authenticated, N _h +1 represents the index of the device sample to be authenticated, when D _k1 ＞＝D _k2 +th, where th represents a second set threshold, the set of samples being considered unauthorized.

According to the password and frequency offset-based dual authentication method disclosed by the embodiment of the invention, 6 preset stored authorization devices are provided, and the carrier frequency offset fingerprint characteristic sets of the preset stored authorization devices are A, B, C, D, E and F respectively. Their carrier frequency offset fingerprint feature sets have densities D respectively _A1 ，D _B1 ，D _C1 ，D _D1 ，D _E1 ，D _F1 . Respectively adding carrier frequency offset fingerprint characteristic samples of equipment to be authenticated into carrier frequency offset fingerprint characteristic sets of 6 existing authorization equipment, wherein the densities of the new sample sets are D respectively _A2 ，D _B2 ，D _C2 ，D _D2 ，D _E2 ，D _F2 。

Wherein, the step 4 specifically includes: step 41, finding out the minimum value of the density difference between the original sample set and the new sample set:

ch _k ＝D _k1 -D _k2 ，k＝A,B,C,D,E,F (10)

ch＝min(ch _k ) (11)

wherein ch represents the highest similarity of carrier frequency offset;

step 42, judging whether the highest similarity ch of the carrier frequency offset of the equipment to be authenticated is higher than a second set threshold th;

step 43, when the highest similarity ch of the carrier frequency offset of the device to be authenticated is higher than a second set threshold th, step 43 is executed; when the highest carrier frequency offset similarity ch of the equipment to be authenticated is not higher than a second set threshold th of the threshold, the equipment to be authenticated is unauthorized equipment, the equipment to be authenticated is not permitted to access the wireless network, and the process is finished;

step 44, judging whether the password of the device to be authenticated is correct;

step 45, executing step 45 when the password of the device to be authenticated is correct; when the password of the equipment to be authenticated is incorrect, the equipment to be authenticated is unauthorized equipment, the equipment is not permitted to access the wireless network, and the process is finished;

the device to be authenticated is an authorizing device, step 46, granting access to the wireless network.

According to the dual authentication method based on the password and the frequency offset, the carrier frequency offset characteristics of the equipment to be authenticated and the carrier frequency offset characteristics of all the stored authorized equipment are subjected to similarity calculation, and if the obtained highest similarity is larger than a second set threshold, the equipment to be authenticated corresponding to the highest similarity is judged to be an authenticator for inputting the carrier frequency offset characteristics; otherwise, judging failure; after the authenticator is determined, whether the password is the correct password is determined, if the password is correct, authentication is successful, otherwise, the authentication is failed.

According to the password and frequency offset-based dual authentication method disclosed by the embodiment of the invention, feasibility and stability of the password and frequency offset-based dual authentication method are verified by using a common commercial smart phone, the smart phone transmits a probe request frame signal, a universal software Radio peripheral B210 is used as signal receiving equipment, the universal software Radio peripheral is connected with a host through USB 3.0, the host operates GNU Radio to perform signal processing, the center frequency of an experiment platform is set to be 5.17GHz, the sampling rate is 20MSa/s, the channel bandwidth BW is 20MHz, the channel has fewer interference signals, carrier frequency offset fingerprint characteristics of 6 smart phones of different models or different manufacturers under different scene environments are firstly acquired, the carrier frequency offset fingerprint characteristics are stored in a system and set as authorizing equipment, then the 6 devices are used for authenticating access to a wireless network respectively, two situations of inputting correct passwords and incorrect passwords are performed for multiple times, the experiment accuracy is recorded, the other 2 smart phones which are not registered for storing carrier frequency offset fingerprint characteristics are used for attempting to access the wireless network for multiple times, and the situation is recorded.

Verification result: as fig. 3 shows distribution histograms of carrier frequency offsets of 6 different devices, as can be seen from the carrier frequency offset histograms of different devices, the carrier frequency offset ranges of most different brands of devices are different and are all fixed in the range, the carrier frequency offset ranges of the same brands of intelligent devices are identical, but the carrier frequency offset distribution histograms of 6 different devices are different, so that the intelligent devices can be identified by using the carrier frequency offset to judge whether to grant the intelligent devices to access to the wireless network. As shown in fig. 4, the verification result of the dual authentication method based on the password and the frequency offset shows that the dual authentication method based on the password and the frequency offset can reach a correct rate of more than 91% for each device, can allow access to legal devices in percentage, and can intelligently detect and reject access to illegal devices.

According to the dual authentication method based on the password and the frequency offset, the frequency offset fingerprint characteristics of the wireless intelligent equipment are extracted through the low-cost customized universal software radio peripheral, the intelligent equipment is identified by utilizing the frequency offset, and the authentication is judged to be passed only through the two authentication processes of the password authentication and the frequency offset authentication during authentication, so that the wireless network identification mechanism is enhanced, the network security is improved, and the information of the access equipment is not easy to sniff, disguise and tamper by illegal invaders.

While the foregoing is directed to the preferred embodiments of the present invention, it will be appreciated by those skilled in the art that various modifications and adaptations can be made without departing from the principles of the present invention, and such modifications and adaptations are intended to be comprehended within the scope of the present invention.

Claims (2)

1. The dual authentication method based on the password and the frequency offset is characterized by comprising the following steps:

step 1, a device to be authenticated sends a probe request frame signal with a specific SSID to a general software radio peripheral, and the general software radio peripheral is connected with a host;

step 2, signal processing is carried out on signals received by the universal software radio peripheral equipment, and carrier frequency deviation characteristics of equipment to be authenticated are obtained;

the step 2 specifically includes:

step 21, performing conjugate correlation on each probe request frame signal in the received signals to obtain an autocorrelation coefficient corresponding to each probe request frame signal, judging whether the autocorrelation coefficient corresponding to each probe request frame signal is higher than a first set threshold, executing step 22 when the autocorrelation coefficient corresponding to the current probe request frame signal is higher than the first set threshold, and screening out the current probe request frame signal when the autocorrelation coefficient corresponding to the current probe request frame signal is lower than the first set threshold; the step 21 specifically includes:

the autocorrelation coefficients were calculated as follows:

wherein a [ n ]]Represents the autocorrelation function value, k represents the value in the adjustable window, s [ n ]]Represents a frame signal sequence, n represents a number of a frame sequence symbol,representing the complex conjugate of s, p [ n ]]Represents average power, N _win Representing an adjustable window, c [ n ]]Representing the autocorrelation coefficients;

the following steps are performed for each probe request frame signal screened in step 21:

step 22, performing frame synchronization on the probe request frame signal through a time domain delay correlation algorithm of a short training sequence, and performing coarse carrier frequency offset estimation, wherein the steps are as follows:

and carrying out delay correlation through the first 5 symbol sections of the short training sequence, and carrying out coarse carrier frequency offset estimation, wherein the method comprises the following steps of:

wherein ,representing the estimated coarse carrier frequency offset, S _m Symbols representing the first 5 symbol segments of the short training sequence, m represents the number of symbols of the first 5 symbol segments of the short training sequence, m=0, 1, 79; arg () represents the phase operator, +.>Represent S _m Conjugation of the last 16 th symbol;

by estimated coarse carrier frequency offsetCompensating for long training sequence symbols is as follows:

wherein ,S_n Indicates a long training sequence symbol, n indicates a number of the long training sequence symbol, n=0, 1,..127, s '' _n Representing the estimated long training sequence symbols after coarse carrier frequency offset compensation;

step 23, performing fine carrier frequency offset estimation based on the estimated long training sequence symbol after coarse carrier frequency offset compensation, as follows:

wherein ,representing the estimated fine carrier frequency offset,/->Representing S' _n Conjugation of the latter 64 th symbol;

step 24, adding the estimated coarse carrier frequency offset and the estimated fine carrier frequency offset to obtain an estimated total carrier frequency offset

Step 25, obtaining carrier frequency offset characteristics based on the estimated total carrier frequency offsetThe following is shown:

wherein BW is the channel bandwidth;

step 26, equalizing the signal based on the frequency domain estimation channel, comprising the following steps;

step 261, compensating the probe request frame signal according to the corresponding carrier frequency offset characteristic;

step 262, performing FFT conversion on the frequency offset compensated probe request frame signal, and converting the probe request frame signal from a time domain to a frequency domain;

step 263, checking the value of the pilot carrier by the WiFi frame equalizer according to the transmission pilot symbol, and estimating the constellation of the carrier symbol by subtracting the residual frequency offset;

step 27, pilot frequency removal and cyclic prefix are carried out on the probe request frame signal according to the estimated constellation diagram of the carrier wave symbol, de-interleaving, viterbi decoding and descrambling are carried out on the probe request frame signal after the cyclic prefix, load information of the probe request frame signal is obtained, SSID (service set identifier) of the probe request frame signal is extracted according to the load information, and carrier frequency offset is used as fingerprint of the probe request frame signal;

step 3, carrying out similarity calculation on the carrier frequency offset characteristics of the equipment to be authenticated and the carrier frequency offset characteristics of all stored authorized users through a nearest neighbor mode matching algorithm;

the step 3 specifically includes:

the density of the authorized device sample set is expressed as:

wherein ,D_k1 Representing a sample set of authorized devices, k=a, B, C, D, E, F, D _ij Representing the distance between sample i and sample j, N _k Representing the number of samples in the sample set of the authorized device, k=a, B, C, D, E, F;

respectively adding the to-be-authenticated equipment sample sets into each authorized equipment sample set, wherein the densities of a plurality of new sample sets are as follows:

wherein ,N_h Representing the number of samples in a sample set of the equipment to be authenticated, N _h +1 represents the index of the device sample to be authenticated, when D _k1 ＞＝D _k2 +th, the sample set being considered unauthorized, th representing a second set threshold;

and step 4, judging whether the equipment to be authenticated is permitted to access the wireless network according to the calculated similarity of the carrier frequency deviation characteristics of the equipment to be authenticated and the carrier frequency deviation characteristics of all stored authorized users and the correctness of the password verification of the equipment to be authenticated.

2. The dual authentication method based on password and frequency offset according to claim 1, wherein the step 4 specifically comprises:

step 41, finding out the minimum value of the density difference between the original sample set and the new sample set:

ch _k ＝D _k1 -D _k2 ，k＝A,B,C,D,E,F (10)

ch＝min(ch _k ) (11)

wherein ch represents the highest similarity of carrier frequency offset;

step 42, judging whether the highest similarity ch of the carrier frequency offset of the equipment to be authenticated is higher than a second set threshold th;

step 43, when the highest similarity ch of the carrier frequency offset of the device to be authenticated is higher than a second set threshold th, step 43 is executed; when the highest carrier frequency offset similarity ch of the equipment to be authenticated is not higher than a second set threshold th of the threshold, the equipment to be authenticated is unauthorized equipment, the equipment to be authenticated is not permitted to access the wireless network, and the process is finished;

step 44, judging whether the password of the device to be authenticated is correct;

step 45, executing step 45 when the password of the device to be authenticated is correct; when the password of the equipment to be authenticated is incorrect, the equipment to be authenticated is unauthorized equipment, the equipment is not permitted to access the wireless network, and the process is finished;

the device to be authenticated is an authorizing device, step 46, granting access to the wireless network.