Using CSI from WiFi enabled IoT for Authentication


Often building an authentication system requires a deployment of IoT devices. At worst, every user needs an RFID device (similar to a key) to authenticate themselves.

The idea proposed in this paper (Shi et al.) is to use present WiFi infrastructure, which is widely available (your local library has it, even a shop is likely to have WiFi). This works due to a special interference people cause on WiFi signals as they move around the room.
By measuring the Channel State Information (CSI) of WiFi signals, similarly to a biometric fingerprint, the user can be identified uniquely.

Comparing CSI measurements of multiple users

Since IEEE 802.11a, WiFi systems use orthogonal frequency-division multiplexing (OFDM) for modulation. In OFDM, each subcarrier is a complex number that consists of an amplitude and a phase shift.
Note that each WiFi channel is 20 MHz wide and contains a set of subcarriers. IEEE 802.11a has 64 subcarriers.
It should also be noted that the paper used a system based on IEEE 802.11n (IEEE 802.11n also uses OFDM).

The idea is to continuously measure the CSI of WiFi signals, extracting the amplitude and phase shift of each subcarrier and building a time series. This time series of one user can then be compared against time series of other users.

 
Using CSI from WiFi enabled IoT for Authentication

*

 

One major improvement versus previous work is that previous work only considered amplitudes. Amplitudes do not change as much when you're stationary. Phase shift however shows a much larger dynamic, even when you're standing still and minor movements (such as arm movements) are made.

Data segmentation of CSI measurements

Since CSI measurements are noisy due to environmental influences (signals being reflected by stationary objects), the data related to human activity only needs to be extracted. The raw time series is filtered in the following way. First, a moving short time energy (STE) is calculated, i.e. the squared variance over a moving window is summed up (v(x) is the variance):

 

Next, a dynamic threshold is applied (based on different activities) - whenever that threshold is crossed, a relevant human activity is found. Only these activities are used in further calculations, i.e. we end up with a filtered time series.

To further clean the data and to get rid of ambient noise, additionally, band-pass filtering techniques are applied: human activity is often confined to certain frequencies and thus a bandpass butterworth filter is applied.

Lastly, not all subcarriers are used. The authors find that some subcarriers are more prone to environmental influences, and thus simply ignore those. CSI measurements of neighboring subcarriers are correlated. This correlation is however easily destroyed by environmental influences. By measuring the covariance of all subcarriers in an empty room and in a room with a person in it, the ones that show high instability also show low correlation - these subcarriers should be ignored. The Figure below shows the red subcarrier being highly prone to noise.

 
Using CSI from WiFi enabled IoT for Authentication

*

 

AutoEncoders for activity detection and identification

AutoEncoders are a type of neural network architecture (more about Machine Learning and neural networks can be found in this related blog post) consisting of input and output layers that are equal and (inner) hidden layers that are smaller than the input and output layer. The smaller inner layers ensure that the neural network is forced to learn some abstraction for the input data, since it is compressed to a smaller representation. They are trained with a reconstruction loss, i.e. to minimize that loss, the input needs to be reconstructed as good as possible given the smaller representation in the inner layers. This reminds of Principal Component Analysis (PCA) and is closely related to it (in fact, a linear AutoEncoder acts as a PCA model).

The method proposed in the paper uses a stacked architecture of three AutoEncoders, where each AutoEncoders is responsible for a specific task. One is for activity separation (is the person walking or stationary), one is for the recognition of the specific activity (is the person waving, or simply holding a cup, is the person walking forward or turning left?). The last AutoEncoders is for user authentication (which user is it?).
Note that some feature engineering was done, i.e. the max, min, mean, skewness, kurtosis and standard deviation were added to the input as features. The stacked architecture is very interesting, since the output of the first AutoEncoder (walking vs standing still) is needed for the next AutoEncoder.

The authors of the paper evaluated the method empirically using multiple WiFi NICs connected to Laptops that act as transmitters and receivers and achieved over 91% accuracy with 11 subjects for identification and over 97% for activity detection.

In summary, it is possible to authenticate users by using existing WiFi infrastructure.
While the method seems to work when there is just one user in the room, the question is how this would work in large rooms with multiple users simultaneously.

* Figures directly from Shi et al.
References: Shi et al., Smart User Authentication through Actuation of Daily Activities Leveraging WiFi-enabled IoT


Previous
Previous

CCI: Co-channel Interference

Next
Next

ACI - Adjacent-Channel Interference