[go: up one dir, main page]

CN114025350B - Dual authentication method based on password and frequency offset - Google Patents

Dual authentication method based on password and frequency offset Download PDF

Info

Publication number
CN114025350B
CN114025350B CN202111500384.XA CN202111500384A CN114025350B CN 114025350 B CN114025350 B CN 114025350B CN 202111500384 A CN202111500384 A CN 202111500384A CN 114025350 B CN114025350 B CN 114025350B
Authority
CN
China
Prior art keywords
frequency offset
carrier frequency
authenticated
probe request
request frame
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111500384.XA
Other languages
Chinese (zh)
Other versions
CN114025350A (en
Inventor
曾凡仔
李梦丝
肖竹
蒋洪波
刘代波
蔡成林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hunan University
Original Assignee
Hunan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hunan University filed Critical Hunan University
Priority to CN202111500384.XA priority Critical patent/CN114025350B/en
Publication of CN114025350A publication Critical patent/CN114025350A/en
Application granted granted Critical
Publication of CN114025350B publication Critical patent/CN114025350B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/79Radio fingerprint

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

本发明提供了一种基于密码和频偏的双重认证方法,包括:步骤1,待认证设备将带特定SSID的probe request帧信号发送给通用软件无线电外设,通用软件无线电外设与主机相连;步骤2,根据通用软件无线电外设接收到的信号运行GNU radio对接收到的信号进行信号处理,得到待认证设备的载波频偏特征;步骤3,通过最近邻的模式匹配算法将待认证设备的载波频偏特征与已存储的所有授权用户的载波频偏特征进行相似度计算。本发明通过通用软件无线电外设提取出无线智能设备的频偏指纹特征,并利用频偏对智能设备进行识别,通过通过密码和频偏双重认证模式,增强了无线网络识别机制,避免了非法设备的接入,网络安全性提高。

The invention provides a dual authentication method based on password and frequency offset, which includes: step 1, the device to be authenticated sends a probe request frame signal with a specific SSID to a general software radio peripheral, and the general software radio peripheral is connected to the host; Step 2: Run GNU radio to perform signal processing on the received signal according to the signal received by the general software radio peripheral, and obtain the carrier frequency offset characteristics of the device to be authenticated; Step 3: Use the nearest neighbor pattern matching algorithm to obtain the carrier frequency offset characteristics of the device to be authenticated. Similarity calculation is performed between the carrier frequency offset characteristics and the stored carrier frequency offset characteristics of all authorized users. The present invention extracts the frequency offset fingerprint characteristics of wireless smart devices through universal software radio peripherals, and uses the frequency offset to identify the smart devices. By passing the password and frequency offset dual authentication mode, the wireless network identification mechanism is enhanced and illegal devices are avoided. access, network security is improved.

Description

基于密码和频偏的双重认证方法Two-factor authentication method based on password and frequency offset

技术领域Technical field

本发明涉及安全技术领域,特别涉及一种基于密码和频偏的双重认证方法。The invention relates to the field of security technology, and in particular to a dual authentication method based on password and frequency offset.

背景技术Background technique

现在无线局域网无处不在,已经成为大家生活必须的一部分。通过无线网络大家可以进行网络交流、工作沟通等一系列重要活动。但是,无线局域网的普及也使得其安全问题成为了人们关注的焦点。无线网络的无边界化、信号开放在给用户带来极大便利的同时,也使无线局域网面临更多的安全威胁。因此对于无线局域网的安全接入和管理,需要有效的无线安全解决方案提供保障。无线局域网接入的身份认证机制主要有基于密钥身份认证,以及根据接入设备MAC地址、IP地址等信息识别,但这些信息很容易被非法入侵者嗅探、伪装和篡改,从而对无线网络进行窃听。此外无线网络安全协议一般存在一些缺陷,非法入侵者可以通过一定的手段窃取到密钥,从而可以入侵无线网络进行信息劫持。2017年10月,MathyVanhoef公布了针对WAP2协议的密钥重装攻击,攻击者可以读取目标无线网络连接上的所有流量。因此,开发一种能够防止网络攻击,增强无线网络安全的认证系统,是至关重要和迫切的。Wireless LAN is now everywhere and has become a necessary part of everyone's life. Through wireless networks, everyone can conduct a series of important activities such as network communication and work communication. However, the popularity of wireless LAN has also made its security issues the focus of attention. The borderless and open signals of wireless networks not only bring great convenience to users, but also expose wireless LANs to more security threats. Therefore, effective wireless security solutions are needed to ensure the safe access and management of wireless LANs. The identity authentication mechanism for wireless LAN access mainly includes key-based authentication and identification based on access device MAC address, IP address and other information. However, this information can easily be sniffed, disguised and tampered by illegal intruders, thus damaging the wireless network. Conduct eavesdropping. In addition, wireless network security protocols generally have some flaws. Illegal intruders can steal the key through certain means, and thus can invade the wireless network and hijack information. In October 2017, MathyVanhoef announced a key reinstallation attack against the WAP2 protocol, which allowed the attacker to read all traffic on the target wireless network connection. Therefore, it is crucial and urgent to develop an authentication system that can prevent network attacks and enhance wireless network security.

由于电子元器件的制造容差,以及元器件的退化老化效应等,即使是同一型号同一批次的无线设备的实际硬件参数也存在差异,这种硬件上的差异会反映在通信信号上。在科学技术日益发展的今天,国内外越来越多的研究人员对无线通信设备的射频指纹提取和识别方法进行研究。正如每个人都有属于自己独一无二的指纹一样,每个无线设备也都有自己独一无二的指纹“射频指纹”。在物理层对无线智能设备的指纹特征提取和识别,然后利用硬件个体身份验证方式实现无线设备接入控制,可以辅助和增强传统的无线网络识别机制,从而为无线网络的安全提供了一个更大的保障。Due to manufacturing tolerances of electronic components and the degradation and aging effects of components, even wireless devices of the same model and batch have differences in actual hardware parameters, and this hardware difference will be reflected in communication signals. Today, with the increasing development of science and technology, more and more researchers at home and abroad are studying radio frequency fingerprint extraction and identification methods for wireless communication equipment. Just as everyone has their own unique fingerprint, every wireless device also has its own unique fingerprint "RF fingerprint." Extracting and identifying fingerprint features of wireless smart devices at the physical layer, and then using hardware individual authentication methods to implement wireless device access control, can assist and enhance the traditional wireless network identification mechanism, thus providing a greater security for wireless networks. protection.

发明内容Contents of the invention

本发明提供了一种基于密码和频偏的双重认证方法,其目的是为了解决接入设备的信息容易被非法入侵者嗅探、伪装和篡改,无线网络容易被窃听和被非法入侵者进行信息劫持的问题。The present invention provides a dual authentication method based on password and frequency offset. Its purpose is to solve the problem that the information of the access device is easily sniffed, disguised and tampered by illegal intruders, and the wireless network is easily eavesdropped and the information is processed by illegal intruders. Hijacking issue.

为了达到上述目的,本发明的实施例提供了一种基于密码和频偏的双重认证方法,包括:In order to achieve the above objectives, embodiments of the present invention provide a dual authentication method based on password and frequency offset, including:

步骤1,待认证设备将带特定SSID的probe request帧信号发送给通用软件无线电外设,通用软件无线电外设与主机相连;Step 1: The device to be authenticated sends the probe request frame signal with a specific SSID to the general software radio peripheral, and the general software radio peripheral is connected to the host;

步骤2,根据通用软件无线电外设接收到的信号运行GNU radio对接收到的信号进行信号处理,得到待认证设备的载波频偏特征;Step 2: Run GNU radio based on the signal received by the general software radio peripheral to perform signal processing on the received signal to obtain the carrier frequency offset characteristics of the device to be certified;

步骤3,通过最近邻的模式匹配算法将待认证设备的载波频偏特征与已存储的所有授权用户的载波频偏特征进行相似度计算;Step 3: Calculate the similarity between the carrier frequency offset characteristics of the device to be authenticated and the stored carrier frequency offset characteristics of all authorized users through the nearest neighbor pattern matching algorithm;

步骤4,根据计算出的待认证设备的载波频偏特征与已存储的所有授权用户的载波频偏特征的相似度和待认证设备密码验证的正确性判断是否准许待认证设备接入无线网络。Step 4: Determine whether to allow the device to be authenticated to access the wireless network based on the similarity between the calculated carrier frequency offset characteristics of the device to be authenticated and the stored carrier frequency offset characteristics of all authorized users and the correctness of the password verification of the device to be authenticated.

其中,所述步骤2具体包括:Among them, the step 2 specifically includes:

步骤21,对接收到的信号中的每一个probe request帧信号进行共轭相关,得到每一个probe request帧信号对应的自相关系数,判断每一个probe request帧信号对应的自相关系数是否高于第一设定阈值,当当前probe request帧信号对应的自相关系数高于第一设定阈值时,执行步骤22,当当前probe request帧信号对应的自相关系数低于第一设定阈值时,将当前probe request帧信号进行筛除。Step 21: Perform conjugate correlation on each probe request frame signal in the received signal, obtain the autocorrelation coefficient corresponding to each probe request frame signal, and determine whether the autocorrelation coefficient corresponding to each probe request frame signal is higher than the Once the threshold is set, when the autocorrelation coefficient corresponding to the current probe request frame signal is higher than the first set threshold, step 22 is executed. When the autocorrelation coefficient corresponding to the current probe request frame signal is lower than the first set threshold, the The current probe request frame signal is filtered out.

其中,所述步骤21具体包括:Among them, the step 21 specifically includes:

计算自相关系数,如下所示:Calculate the autocorrelation coefficient as follows:

其中,a[n]表示自相关函数值,k表示在可调窗口的取值,s[n]表示帧信号序列,n表示帧序列符号的编号,表示s的复共轭,p[n]表示平均功率,Nwin表示可调窗口,c[n]表示自相关系数。Among them, a[n] represents the autocorrelation function value, k represents the value in the adjustable window, s[n] represents the frame signal sequence, n represents the number of the frame sequence symbol, represents the complex conjugate of s, p[n] represents the average power, N win represents the adjustable window, and c[n] represents the autocorrelation coefficient.

其中,所述步骤2还包括:Wherein, the step 2 also includes:

对步骤21筛选出的每个probe request帧信号执行以下步骤:Perform the following steps for each probe request frame signal filtered out in step 21:

步骤22,对probe request帧信号通过短训练序列的时域延时相关算法进行帧同步,并进行粗载波频偏估计,步骤如下:Step 22: Perform frame synchronization on the probe request frame signal through the time domain delay correlation algorithm of the short training sequence, and perform coarse carrier frequency offset estimation. The steps are as follows:

通过短训练序列的前5个符号段进行延时相关,进行粗载波频偏估计,如下所示:Delay correlation is performed through the first 5 symbol segments of the short training sequence to estimate the coarse carrier frequency offset, as follows:

其中,表示估计的粗载波频偏,Sm表示短训练序列前5个符号段的符号,m表示短训练序列前5个符号段的符号的编号,m=0,1,...,79;arg()表示取相位运算符,/>表示Sm后第16个符号的共轭;in, represents the estimated coarse carrier frequency offset, S m represents the symbols of the first 5 symbol segments of the short training sequence, m represents the number of the symbols of the first 5 symbol segments of the short training sequence, m=0,1,...,79; arg () represents the phase operator,/> Represents the conjugate of the 16th symbol after S m ;

通过估计的粗载波频偏补偿长训练序列符号,如下所示:By estimated coarse carrier frequency offset Compensate for long training sequence symbols as follows:

其中,Sn表示长训练序列符号,n表示长训练序列符号的编号,n=0,1,...,127,S'n表示经过估计的粗载波频偏补偿后的长训练序列符号。Among them, S n represents the long training sequence symbol, n represents the number of the long training sequence symbol, n = 0, 1, ..., 127, and S' n represents the long training sequence symbol after the estimated coarse carrier frequency offset compensation.

其中,所述步骤2还包括:Wherein, the step 2 also includes:

步骤23,基于估计的粗载波频偏补偿后的长训练序列符号进行精载波频偏估计,如下所示:Step 23: Perform fine carrier frequency offset estimation based on the estimated coarse carrier frequency offset compensated long training sequence symbols, as follows:

其中,表示估计的精载波频偏,/>表示Sn'后第64个符号的共轭。in, Represents the estimated precise carrier frequency offset,/> Represents the conjugate of the 64th symbol after S n '.

其中,所述步骤2还包括:Wherein, the step 2 also includes:

步骤24,将估计的粗载波频偏和估计的精载波频偏相加,得到估计的总载波频偏 Step 24: Add the estimated coarse carrier frequency offset and the estimated fine carrier frequency offset to obtain the estimated total carrier frequency offset.

步骤25,基于估计的总载波频偏得到载波频偏特征如下所示:Step 25: Obtain carrier frequency offset characteristics based on the estimated total carrier frequency offset As follows:

其中,BW为信道带宽。Among them, BW is the channel bandwidth.

其中,所述步骤2还包括:Wherein, the step 2 also includes:

步骤26,基于频域估计信道对信号做均衡,包括以下步骤;Step 26: Equalize the signal based on the frequency domain estimated channel, including the following steps;

步骤261,将probe request帧信号根据对应的载波频偏特征进行补偿;Step 261: Compensate the probe request frame signal according to the corresponding carrier frequency offset characteristics;

步骤262,将频偏补偿后的probe request帧信号进行FFT变换,将probe request帧信号从时域转换到频域;Step 262: Perform FFT transformation on the probe request frame signal after frequency offset compensation, and convert the probe request frame signal from the time domain to the frequency domain;

步骤263,将转换后的probe request帧信号通过WiFi帧均衡器根据传输导频符号检查导频载波上的值,通过减去剩余频偏估计载波符号的星座图;Step 263: Pass the converted probe request frame signal through the WiFi frame equalizer to check the value on the pilot carrier according to the transmitted pilot symbol, and estimate the constellation diagram of the carrier symbol by subtracting the remaining frequency offset;

步骤27,根据估计出的载波符号的星座图对probe request帧信号进行导频移除和循环前缀,对循环前缀后的probe request帧信号进行解交织、维特比译码和解扰,得到probe request帧信号的载荷信息,根据载荷信息提取出probe request帧信号的SSID标识符,以载波频偏作为probe request帧信号的指纹。Step 27: Perform pilot removal and cyclic prefix on the probe request frame signal according to the estimated constellation diagram of the carrier symbol, and perform deinterleaving, Viterbi decoding and descrambling on the probe request frame signal after the cyclic prefix to obtain the probe request frame. According to the load information of the signal, the SSID identifier of the probe request frame signal is extracted based on the load information, and the carrier frequency offset is used as the fingerprint of the probe request frame signal.

其中,所述步骤3具体包括:Among them, the step 3 specifically includes:

将已授权设备样本集的密度表示为:Express the density of the sample set of authorized devices as:

其中,Dk1表示已授权设备样本集,k=A,B,C,D,E,F,dij表示样本i和样本j之间的距离,Nk表示已授权设备样本集中的样本个数,k=A,B,C,D,E,F。Among them, D k1 represents the authorized device sample set, k = A, B, C, D, E, F, d ij represents the distance between sample i and sample j, and N k represents the number of samples in the authorized device sample set. ,k=A,B,C,D,E,F.

其中,所述步骤3还包括:Among them, the step 3 also includes:

将待认证设备样本集分别添加到各个已授权设备样本集中,多个新样本集的密度为:Add the device sample set to be authenticated to each authorized device sample set. The density of multiple new sample sets is:

其中,Nh表示待认证设备样本集中的样本个数,Nh+1表示待认证设备样本的索引,当Dk1>=Dk2+th,该样本集被认为是未经授权的,th表示第二设定阈值。Among them, N h represents the number of samples in the sample set of the device to be authenticated, N h +1 represents the index of the device sample to be authenticated, when D k1 >= D k2 + th, the sample set is considered unauthorized, and th represents Second set threshold.

其中,所述步骤4具体包括:Among them, the step 4 specifically includes:

步骤41,找出原样本集与新样本集密度差的最小值:Step 41, find the minimum value of the density difference between the original sample set and the new sample set:

chk=Dk1-Dk2,k=A,B,C,D,E,F (10)ch k =D k1 -D k2 , k=A,B,C,D,E,F (10)

ch=min(chk) (11)ch=min(ch k ) (11)

其中,ch表示载波频偏最高相似度;Among them, ch represents the highest similarity of carrier frequency offset;

步骤42,判断待认证设备的载波频偏最高相似度ch是否高于第二设定阈值th;Step 42: Determine whether the highest similarity ch of the carrier frequency offset of the device to be authenticated is higher than the second set threshold th;

步骤43,当待认证设备的载波频偏最高相似度ch高于第二设定阈值th时,执行步骤43;当待认证设备的载波频偏最高相似度ch不高于阈值第二设定阈值th时,该待认证设备为非授权设备,不准许待认证设备接入无线网络,结束;Step 43: When the highest similarity ch of the carrier frequency offset of the device to be authenticated is higher than the second set threshold th, execute step 43; when the highest similarity ch of the carrier frequency offset of the device to be authenticated is not higher than the second set threshold At th time, the device to be authenticated is an unauthorized device, and the device to be authenticated is not allowed to access the wireless network, ending;

步骤44,判断待认证设备的密码是否正确;Step 44: Determine whether the password of the device to be authenticated is correct;

步骤45,当待认证设备的密码正确时,执行步骤45;当待认证设备的密码不正确时,该待认证设备为非授权设备,不准许该设备接入无线网络,结束;Step 45: When the password of the device to be authenticated is correct, perform step 45; when the password of the device to be authenticated is incorrect, the device to be authenticated is an unauthorized device and the device is not allowed to access the wireless network, ending;

步骤46,该待认证设备为授权设备,准许接入无线网络。Step 46: The device to be authenticated is an authorized device and is allowed to access the wireless network.

本发明的上述方案有如下的有益效果:The above solution of the present invention has the following beneficial effects:

本发明的上述实施例所述的基于密码和频偏的双重认证方法,通过低成本定制的通用软件无线电外设,提取出无线智能设备的频偏指纹特征,并利用频偏对智能设备进行识别,在认证的时候只有同时通过密码认证和频偏认证这两个认证过程,认证才会判定为通过,通过这种双重认证模式,增强了无线网络识别机制,提高了网络的安全性。The dual authentication method based on password and frequency offset described in the above embodiments of the present invention extracts the frequency offset fingerprint characteristics of wireless smart devices through low-cost customized universal software radio peripherals, and uses the frequency offset to identify the smart devices , during authentication, only if the two authentication processes of password authentication and frequency offset authentication are passed at the same time, the authentication will be judged as passed. Through this double authentication mode, the wireless network identification mechanism is enhanced and the security of the network is improved.

附图说明Description of drawings

图1为本发明的密码和频偏双重认证流程图;Figure 1 is a flow chart of the password and frequency offset dual authentication of the present invention;

图2为本发明的待认证设备载波频偏特征提取流程图;Figure 2 is a flow chart for extracting carrier frequency offset features of equipment to be authenticated according to the present invention;

图3为本发明的不同待认证设备频偏分布直方图;Figure 3 is a frequency offset distribution histogram of different equipment to be authenticated according to the present invention;

图4为本发明的各待认证设备的认证正确率。Figure 4 shows the authentication accuracy rate of each device to be authenticated according to the present invention.

具体实施方式Detailed ways

为使本发明要解决的技术问题、技术方案和优点更加清楚,下面将结合附图及具体实施例进行详细描述。In order to make the technical problems, technical solutions and advantages to be solved by the present invention clearer, a detailed description will be given below with reference to the accompanying drawings and specific embodiments.

本发明针对现有的接入设备的信息容易被非法入侵者嗅探、伪装和篡改,无线网络容易被窃听和被非法入侵者进行信息劫持的问题,提供了一种基于密码和频偏的双重认证方法。The present invention aims at the problem that the information of the existing access equipment is easily sniffed, disguised and tampered by illegal intruders, and the wireless network is easily eavesdropped and information hijacked by illegal intruders. It provides a dual-password based on password and frequency offset. Authentication method.

如图1至图4所示,本发明的实施例提供了一种基于密码和频偏的双重认证方法,包括:步骤1,待认证设备将带特定SSID的probe request帧信号发送给通用软件无线电外设,通用软件无线电外设与主机相连;步骤2,根据通用软件无线电外设接收到的信号运行GNU radio对接收到的信号进行信号处理,得到待认证设备的载波频偏特征;步骤3,通过最近邻的模式匹配算法将待认证设备的载波频偏特征与已存储的所有授权用户的载波频偏特征进行相似度计算;步骤4,根据计算出的待认证设备的载波频偏特征与已存储的所有授权用户的载波频偏特征的相似度和待认证设备密码验证的正确性判断是否准许待认证设备接入无线网络。As shown in Figures 1 to 4, the embodiment of the present invention provides a dual authentication method based on password and frequency offset, including: Step 1, the device to be authenticated sends a probe request frame signal with a specific SSID to a general software radio Peripheral, the general software radio peripheral is connected to the host; step 2, run GNU radio according to the signal received by the general software radio peripheral to perform signal processing on the received signal, and obtain the carrier frequency offset characteristics of the device to be certified; step 3, The nearest neighbor pattern matching algorithm is used to calculate the similarity between the carrier frequency offset characteristics of the device to be authenticated and the stored carrier frequency offset characteristics of all authorized users; step 4, based on the calculated carrier frequency offset characteristics of the device to be authenticated and the ones that have been stored The similarity of the stored carrier frequency offset characteristics of all authorized users and the correctness of the password verification of the device to be authenticated are used to determine whether the device to be authenticated is allowed to access the wireless network.

本发明的上述实施例所述的基于密码和频偏的双重认证方法,包括密码认证和频偏认证,通过密码和频偏双重认证模式,能够避免非法设备的接入,提高无线网络安全性。具体为打开智能设备WiFi开关,添加其他网络,分别在网络名称和密码处输入相应信息,使待认证设备发射带有特定SSID的probe request帧信号,以通用软件无线电外设B210作为信号接收设备与主机相连,运行GUN radio对信号进行处理,然后提取特定SSID的proberequest帧信号的载波频偏,判断待认证设备载波频偏与已储存的授权设备载波频偏的最高相似度是否高于第二设定阈值,若最高相似度高于第二设定阈值,判断密码是否正确,当密码判断正确时,待认证设备为授权设备,允许接入无线网络,否则为非授权设备,拒绝接入无线网络。若最高相似度低于第二设定阈值,则直接判定待认证设备为非授权设备,拒绝接入无线网络,在这双重验证模式上,可以进一步提高无线网络的安全性。The dual authentication method based on password and frequency offset described in the above embodiments of the present invention includes password authentication and frequency offset authentication. Through the password and frequency offset dual authentication mode, the access of illegal devices can be avoided and the security of the wireless network can be improved. Specifically, turn on the WiFi switch of the smart device, add other networks, enter the corresponding information in the network name and password, so that the device to be authenticated transmits a probe request frame signal with a specific SSID, and uses the general software radio peripheral B210 as the signal receiving device. Connect the host, run GUN radio to process the signal, then extract the carrier frequency offset of the proberequest frame signal of a specific SSID, and determine whether the highest similarity between the carrier frequency offset of the device to be authenticated and the stored authorized device carrier frequency offset is higher than the second setting Set a threshold. If the highest similarity is higher than the second set threshold, determine whether the password is correct. When the password is correct, the device to be authenticated is an authorized device and is allowed to access the wireless network. Otherwise, it is an unauthorized device and is refused access to the wireless network. . If the highest similarity is lower than the second set threshold, the device to be authenticated is directly determined to be an unauthorized device and access to the wireless network is refused. In this double verification mode, the security of the wireless network can be further improved.

本发明的上述实施例所述的基于密码和频偏的双重认证方法,充分利用普遍使用的智能手机,打开COTS智能手机WiFi开关并使其发射带特定SSID的probe request帧信号,经在空中传输,通用软件无线电外设接收到probe request帧信号,但通用软件无线电外设除了接收到实验的智能手机发出的probe request帧外,还会收到其他设备发出的其他信号。因此为了减少其他信号的影响,将实验平台中心频率设置为5.17GHz,采样率为20MSa/s,信道带宽BW为20MHz,此信道存在较少其他设备的信号。The dual authentication method based on password and frequency offset described in the above embodiment of the present invention makes full use of commonly used smartphones, turns on the COTS smartphone WiFi switch and causes it to transmit a probe request frame signal with a specific SSID, which is transmitted over the air. , the general software radio peripheral receives the probe request frame signal, but in addition to receiving the probe request frame sent by the experimental smartphone, the general software radio peripheral also receives other signals from other devices. Therefore, in order to reduce the influence of other signals, the center frequency of the experimental platform is set to 5.17GHz, the sampling rate is 20MSa/s, and the channel bandwidth BW is 20MHz. There are fewer signals from other devices in this channel.

其中,所述步骤2具体包括:步骤21,对接收到的信号中的每一个probe request帧信号进行共轭相关,得到每一个probe request帧信号对应的自相关系数,判断每一个probe request帧信号对应的自相关系数是否高于第一设定阈值,当当前probe request帧信号对应的自相关系数高于第一设定阈值时,执行步骤22,当当前probe request帧信号对应的自相关系数低于第一设定阈值时,将当前probe request帧信号进行筛除。Among them, the step 2 specifically includes: step 21, perform conjugate correlation on each probe request frame signal in the received signal, obtain the autocorrelation coefficient corresponding to each probe request frame signal, and determine each probe request frame signal Whether the corresponding autocorrelation coefficient is higher than the first set threshold. When the autocorrelation coefficient corresponding to the current probe request frame signal is higher than the first set threshold, perform step 22. When the autocorrelation coefficient corresponding to the current probe request frame signal is low At the first set threshold, the current probe request frame signal is filtered out.

其中,所述步骤21具体包括:计算自相关系数,如下所示:Among them, the step 21 specifically includes: calculating the autocorrelation coefficient, as shown below:

其中,a[n]表示自相关函数值,k表示在可调窗口的取值,s[n]表示帧信号序列,n表示帧序列符号的编号,表示s的复共轭,p[n]表示平均功率,Nwin表示可调窗口,c[n]表示自相关系数。Among them, a[n] represents the autocorrelation function value, k represents the value in the adjustable window, s[n] represents the frame signal sequence, n represents the number of the frame sequence symbol, represents the complex conjugate of s, p[n] represents the average power, N win represents the adjustable window, and c[n] represents the autocorrelation coefficient.

其中,所述步骤2还包括:对步骤21筛选出的每个probe request帧信号执行以下步骤:Wherein, step 2 also includes: performing the following steps for each probe request frame signal filtered out in step 21:

步骤22,对probe request帧信号通过短训练序列的时域延时相关算法进行帧同步,并进行粗载波频偏估计,步骤如下:Step 22: Perform frame synchronization on the probe request frame signal through the time domain delay correlation algorithm of the short training sequence, and perform coarse carrier frequency offset estimation. The steps are as follows:

通过短训练序列的前5个符号段进行延时相关,进行粗载波频偏估计,如下所示:Delay correlation is performed through the first 5 symbol segments of the short training sequence to estimate the coarse carrier frequency offset, as follows:

其中,表示估计的粗载波频偏,Sm表示短训练序列前5个符号段的符号,m表示短训练序列前5个符号段的符号的编号,m=0,1,...,79;arg()表示取相位运算符,/>表示Sm后第16个符号的共轭;in, represents the estimated coarse carrier frequency offset, S m represents the symbols of the first 5 symbol segments of the short training sequence, m represents the number of the symbols of the first 5 symbol segments of the short training sequence, m=0,1,...,79; arg () represents the phase operator,/> Represents the conjugate of the 16th symbol after S m ;

通过估计的粗载波频偏补偿长训练序列符号,如下所示:By estimated coarse carrier frequency offset Compensate for long training sequence symbols as follows:

其中,Sn表示长训练序列符号,n表示长训练序列符号的编号,n=0,1,...,127,S'n表示经过估计的粗载波频偏补偿后的长训练序列符号。Among them, S n represents the long training sequence symbol, n represents the number of the long training sequence symbol, n = 0, 1, ..., 127, and S' n represents the long training sequence symbol after the estimated coarse carrier frequency offset compensation.

其中,所述步骤2还包括:步骤23,基于估计的粗载波频偏补偿后的长训练序列符号进行精载波频偏估计,如下所示:Wherein, the step 2 also includes: step 23, performing fine carrier frequency offset estimation based on the estimated coarse carrier frequency offset compensated long training sequence symbols, as follows:

其中,表示估计的精载波频偏,/>表示Sn'后第64个符号的共轭。in, Represents the estimated precise carrier frequency offset,/> Represents the conjugate of the 64th symbol after S n '.

其中,所述步骤2还包括:步骤24,将估计的粗载波频偏和估计的精载波频偏相加,得到估计的总载波频偏 Wherein, the step 2 also includes: step 24, adding the estimated coarse carrier frequency offset and the estimated fine carrier frequency offset to obtain the estimated total carrier frequency offset.

步骤25,基于估计的总载波频偏得到载波频偏特征如下所示:Step 25: Obtain carrier frequency offset characteristics based on the estimated total carrier frequency offset As follows:

其中,BW为信道带宽。Among them, BW is the channel bandwidth.

本发明的上述实施例所述的基于密码和频偏的双重认证方法,待认证设备载波频偏特征提取步骤如下:1.对接收信号共轭相关,得到相关峰时,认为接收到了智能设备发射的IEEE802.11a/g信号,进行后续处理;2.利用短训练序列的时域延时相关算法使帧同步,同时粗估计载波频偏3.利用长训练序列与接收信号进行互相关使符号同步,同时精估计载波频偏/>通过第二步和第三步获得最终的载波频偏估计/>进而得到载波频偏/>4.在频域估计信道并做均衡;5.移除导频和循环前缀,解交织,维特比译码,解扰,获取该帧信号载荷信息,由载荷信息提取出probe request帧信号的SSID标识符,以载波频偏作为probe request帧信号的指纹。In the dual authentication method based on password and frequency offset described in the above embodiments of the present invention, the steps for extracting carrier frequency offset features of the device to be authenticated are as follows: 1. Conjugate the received signal, and when the correlation peak is obtained, it is considered that the smart device has received the transmission IEEE802.11a/g signal for subsequent processing; 2. Use the time domain delay correlation algorithm of the short training sequence to synchronize the frame and roughly estimate the carrier frequency offset. 3. Use the long training sequence to cross-correlate with the received signal to synchronize the symbols and accurately estimate the carrier frequency offset/> Obtain the final carrier frequency offset estimate through the second and third steps/> Then get the carrier frequency offset/> 4. Estimate the channel in the frequency domain and perform equalization; 5. Remove the pilot and cyclic prefix, deinterleave, Viterbi decoding, and descrambling to obtain the frame signal load information, and extract the SSID of the probe request frame signal from the load information The identifier uses the carrier frequency offset as the fingerprint of the probe request frame signal.

本发明的上述实施例所述的基于密码和频偏的双重认证方法,当c[n]高于第一设定阈值时,表示接收到了IEEE 802.11a/g信号,进行后续处理;IEEE802.11a/g是典型的突发分组式的无线局域网,根据其前导训练序列时域相关的特点,利用数据辅助型频偏估计算法,接收信号的同步和频偏估计可以在单个训练符号内完成,然后再对有效信息进行补偿。为了使得到的频偏估计更加精确,正常先将载波频率偏差估计到一个较小的范围,然后再对剩余频偏进一步估计。即利用短训练序列进行粗频偏估计和补偿,再利用长训练序列进行精频偏估计,总的频偏估计等于粗频偏估计加上精频偏估计,根据公式(7)最终可获得接收信号的频偏。In the dual authentication method based on password and frequency offset described in the above embodiments of the present invention, when c[n] is higher than the first set threshold, it indicates that the IEEE 802.11a/g signal has been received, and subsequent processing is performed; IEEE802.11a /g is a typical burst packet type wireless LAN. According to the time domain correlation characteristics of its preamble training sequence, using the data-assisted frequency offset estimation algorithm, the synchronization and frequency offset estimation of the received signal can be completed within a single training symbol, and then Then compensate for valid information. In order to make the frequency offset estimate more accurate, the carrier frequency offset is normally estimated to a smaller range first, and then the remaining frequency offset is further estimated. That is, the short training sequence is used for coarse frequency offset estimation and compensation, and the long training sequence is used for fine frequency offset estimation. The total frequency offset estimate is equal to the coarse frequency offset estimate plus the fine frequency offset estimate. According to formula (7), the receiver can finally be obtained. frequency deviation of the signal.

其中,所述步骤2还包括:步骤26,基于频域估计信道对信号做均衡,包括以下步骤;步骤261,将probe request帧信号根据对应的载波频偏特征进行补偿;步骤262,将频偏补偿后的probe request帧信号进行FFT变换,将probe request帧信号从时域转换到频域;步骤263,将转换后的probe request帧信号通过WiFi帧均衡器根据传输导频符号检查导频载波上的值,通过减去剩余频偏估计载波符号的星座图;步骤27,根据估计出的载波符号的星座图对probe request帧信号进行导频移除和循环前缀,对循环前缀后的probe request帧信号进行解交织、维特比译码和解扰,得到probe request帧信号的载荷信息,根据载荷信息提取出probe request帧信号的SSID标识符,以载波频偏作为probe request帧信号的指纹。Among them, the step 2 also includes: step 26, equalizing the signal based on the frequency domain estimated channel, including the following steps; step 261, compensating the probe request frame signal according to the corresponding carrier frequency offset characteristics; step 262, adjusting the frequency offset The compensated probe request frame signal undergoes FFT transformation to convert the probe request frame signal from the time domain to the frequency domain; step 263, pass the converted probe request frame signal through the WiFi frame equalizer to check the pilot carrier according to the transmitted pilot symbol Value of The signal is deinterleaved, Viterbi decoded and descrambled to obtain the load information of the probe request frame signal. The SSID identifier of the probe request frame signal is extracted based on the load information, and the carrier frequency offset is used as the fingerprint of the probe request frame signal.

本发明的上述实施例所述的基于密码和频偏的双重认证方法,移除4个导频和循环前缀,剩下48个携带实际信息的数据载波,并对48个载波符号进行解交织,维特比译码,解扰,最终获取该帧信号载荷信息,由载荷信息提取出该帧信号的SSID标识符,以载波频偏作为该帧信号的指纹,使用频偏指纹特征对每个智能设备进行分类。The dual authentication method based on password and frequency offset described in the above embodiment of the present invention removes 4 pilots and cyclic prefixes, leaving 48 data carriers carrying actual information, and deinterleaves 48 carrier symbols. Viterbi decoding, descrambling, and finally obtaining the frame signal load information, extracting the SSID identifier of the frame signal from the load information, using the carrier frequency offset as the fingerprint of the frame signal, and using the frequency offset fingerprint feature to identify each smart device sort.

其中,所述步骤3具体包括:将已授权设备样本集的密度表示为:Among them, the step 3 specifically includes: expressing the density of the authorized device sample set as:

其中,Dk1表示已授权设备样本集,k=A,B,C,D,E,F,dij表示样本i和样本j之间的距离,Nk表示已授权设备样本集中的样本个数,k=A,B,C,D,E,F。Among them, D k1 represents the authorized device sample set, k = A, B, C, D, E, F, d ij represents the distance between sample i and sample j, and N k represents the number of samples in the authorized device sample set. ,k=A,B,C,D,E,F.

其中,所述步骤3还包括:将待认证设备样本集分别添加到各个已授权设备样本集中,多个新样本集的密度为:Wherein, the step 3 also includes: adding the device sample set to be authenticated to each authorized device sample set respectively. The density of the multiple new sample sets is:

其中,Nh表示待认证设备样本集中的样本个数,Nh+1表示待认证设备样本的索引,当Dk1>=Dk2+th,该样本集被认为是未经授权的,th表示第二设定阈值。Among them, N h represents the number of samples in the sample set of the device to be authenticated, N h +1 represents the index of the device sample to be authenticated, when D k1 >= D k2 + th, the sample set is considered unauthorized, and th represents Second set threshold.

本发明的上述实施例所述的基于密码和频偏的双重认证方法,预设储存的授权设备有6台,它们的载波频偏指纹特征集分别为A,B,C,D,E,F。它们的载波频偏指纹特征集的密度分别为DA1,DB1,DC1,DD1,DE1,DF1。将待认证设备的载波频偏指纹特征样本分别加入到已有的6台授权设备的载波频偏指纹特征集,新样本集的密度分别为DA2,DB2,DC2,DD2,DE2,DF2In the dual authentication method based on password and frequency offset described in the above embodiment of the present invention, there are 6 authorized devices stored by default, and their carrier frequency offset fingerprint feature sets are A, B, C, D, E, and F respectively. . The densities of their carrier frequency offset fingerprint feature sets are D A1 , D B1 , D C1 , D D1 , D E1 , and D F1 respectively. Add the carrier frequency offset fingerprint feature samples of the device to be authenticated to the carrier frequency offset fingerprint feature sets of the existing 6 authorized devices. The densities of the new sample sets are D A2 , D B2 , D C2 , D D2 , and D E2 respectively. ,D F2 .

其中,所述步骤4具体包括:步骤41,找出原样本集与新样本集密度差的最小值:Among them, the step 4 specifically includes: step 41, finding the minimum value of the density difference between the original sample set and the new sample set:

chk=Dk1-Dk2,k=A,B,C,D,E,F (10)ch k =D k1 -D k2 , k=A,B,C,D,E,F (10)

ch=min(chk) (11)ch=min(ch k ) (11)

其中,ch表示载波频偏最高相似度;Among them, ch represents the highest similarity of carrier frequency offset;

步骤42,判断待认证设备的载波频偏最高相似度ch是否高于第二设定阈值th;Step 42: Determine whether the highest similarity ch of the carrier frequency offset of the device to be authenticated is higher than the second set threshold th;

步骤43,当待认证设备的载波频偏最高相似度ch高于第二设定阈值th时,执行步骤43;当待认证设备的载波频偏最高相似度ch不高于阈值第二设定阈值th时,该待认证设备为非授权设备,不准许待认证设备接入无线网络,结束;Step 43: When the highest similarity ch of the carrier frequency offset of the device to be authenticated is higher than the second set threshold th, execute step 43; when the highest similarity ch of the carrier frequency offset of the device to be authenticated is not higher than the second set threshold At th time, the device to be authenticated is an unauthorized device, and the device to be authenticated is not allowed to access the wireless network, ending;

步骤44,判断待认证设备的密码是否正确;Step 44: Determine whether the password of the device to be authenticated is correct;

步骤45,当待认证设备的密码正确时,执行步骤45;当待认证设备的密码不正确时,该待认证设备为非授权设备,不准许该设备接入无线网络,结束;Step 45: When the password of the device to be authenticated is correct, perform step 45; when the password of the device to be authenticated is incorrect, the device to be authenticated is an unauthorized device and the device is not allowed to access the wireless network, ending;

步骤46,该待认证设备为授权设备,准许接入无线网络。Step 46: The device to be authenticated is an authorized device and is allowed to access the wireless network.

本发明的上述实施例所述的基于密码和频偏的双重认证方法,将待认证设备的载波频偏特征与所有已存储的授权设备的载波频偏特征进行相似度计算,若得到的最高相似度大于第二设定阈值,则判定该最高相似度对应的待认证设备为录入载波频偏特征的认证者;否则判定失败;判定出认证者后,判断密码是否是正确的密码,密码正确则认证成功,否则判定失败。The dual authentication method based on password and frequency offset described in the above embodiment of the present invention calculates the similarity between the carrier frequency offset characteristics of the device to be authenticated and the carrier frequency offset characteristics of all stored authorized devices. If the highest similarity obtained If the degree is greater than the second set threshold, it is determined that the device to be authenticated corresponding to the highest similarity is the authenticator that entered the carrier frequency offset characteristics; otherwise, the determination fails; after the authenticator is determined, it is determined whether the password is the correct password. If the password is correct, The authentication is successful, otherwise it is judged as failed.

本发明的上述实施例所述的基于密码和频偏的双重认证方法,利用普通商用智能手机验证所述基于密码和频偏的双重认证方法的可行性和稳定性,智能手机发射proberequest帧信号,通用软件无线电外设B210作为信号接收设备,通用软件无线电外设通过USB 3.0与主机连接,主机运行GNU Radio进行信号处理,将实验平台中心频率设置为5.17GHz,采样率为20MSa/s,信道带宽BW为20MHz,此信道存在较少干扰信号,首先采集6台不同型号或者不同厂商的智能手机在不同场景环境下的载波频偏指纹特征,在系统中存储设置为授权设备,然后分别用这6台设备来认证接入无线网络,多次进行输入正确密码和错误密码两种情况,记录实验准确率,用另外2台未登记储存载波频偏指纹特征的智能手机设备,多次输入正确密码尝试接入无线网络,记录此实验情况。The dual authentication method based on password and frequency offset described in the above embodiment of the present invention uses an ordinary commercial smart phone to verify the feasibility and stability of the dual authentication method based on password and frequency offset. The smart phone transmits a proberequest frame signal, The general software radio peripheral B210 is used as a signal receiving device. The general software radio peripheral is connected to the host through USB 3.0. The host runs GNU Radio for signal processing. The center frequency of the experimental platform is set to 5.17GHz, the sampling rate is 20MSa/s, and the channel bandwidth The BW is 20MHz. This channel has less interference signals. First, collect the carrier frequency offset fingerprint characteristics of 6 smartphones of different models or manufacturers in different scenarios and environments, store them in the system and set them as authorized devices, and then use these 6 smartphones respectively. Use one device to authenticate and access the wireless network, enter the correct password and the wrong password multiple times, record the accuracy of the experiment, use another 2 smart phone devices that have not been registered to store carrier frequency offset fingerprint characteristics, and enter the correct password multiple times to try Connect to the wireless network and record this experiment.

验证结果:如图3展示了6台不同设备载波频偏的分布直方图,从不同设备的载波频偏直方图可以看出,大多数不同品牌设备的载波频偏的范围不一样,并且都固定在该范围内,对于同一品牌智能设备的载波频偏的范围为是一样的,但6台不同设备的载波频偏分布直方图是不一样的,因此可以使用载波频偏对智能设备进行识别进而判断是否准许其接入无线网络。如图4展示了所述基于密码和频偏的双重认证方法的验证结果,可以看出,对于每一个设备,所述基于密码和频偏的双重认证方法都能达到91%以上的正确率,对于合法设备能够百分百允许其接入,对于非法设备,能够智能检测出来并拒绝它的接入。Verification results: Figure 3 shows the distribution histogram of the carrier frequency offset of 6 different devices. From the carrier frequency offset histograms of different devices, it can be seen that the range of the carrier frequency offset of most devices of different brands is different and they are all fixed. Within this range, the range of carrier frequency offset for smart devices of the same brand is the same, but the carrier frequency offset distribution histograms of six different devices are different. Therefore, the carrier frequency offset can be used to identify smart devices. Determine whether to allow access to the wireless network. Figure 4 shows the verification results of the dual authentication method based on password and frequency offset. It can be seen that for each device, the dual authentication method based on password and frequency offset can achieve an accuracy rate of more than 91%. Legal devices can be 100% allowed to access, and illegal devices can be intelligently detected and denied access.

本发明的上述实施例所述的基于密码和频偏的双重认证方法,通过低成本定制的通用软件无线电外设,提取出无线智能设备的频偏指纹特征,并利用频偏对智能设备进行识别,在认证的时候只有同时通过密码认证和频偏认证这两个认证过程,认证才会判定为通过,通过这种双重认证模式,增强了无线网络识别机制,提高了网络的安全性,使接入设备的信息不容易被非法入侵者嗅探、伪装和篡改。The dual authentication method based on password and frequency offset described in the above embodiments of the present invention extracts the frequency offset fingerprint characteristics of wireless smart devices through low-cost customized universal software radio peripherals, and uses the frequency offset to identify the smart devices , during authentication, only when the two authentication processes of password authentication and frequency offset authentication are passed at the same time, the authentication will be judged as passed. Through this double authentication mode, the wireless network identification mechanism is enhanced, the security of the network is improved, and the access The information entering the device is not easily sniffed, disguised and tampered by illegal intruders.

以上所述是本发明的优选实施方式,应当指出,对于本技术领域的普通技术人员来说,在不脱离本发明所述原理的前提下,还可以作出若干改进和润饰,这些改进和润饰也应视为本发明的保护范围。The above is the preferred embodiment of the present invention. It should be pointed out that for those of ordinary skill in the art, several improvements and modifications can be made without departing from the principles of the present invention. These improvements and modifications can also be made. should be regarded as the protection scope of the present invention.

Claims (2)

1.一种基于密码和频偏的双重认证方法,其特征在于,包括:1. A dual authentication method based on password and frequency offset, characterized by including: 步骤1,待认证设备将带特定SSID的probe request帧信号发送给通用软件无线电外设,通用软件无线电外设与主机相连;Step 1: The device to be authenticated sends the probe request frame signal with a specific SSID to the general software radio peripheral, and the general software radio peripheral is connected to the host; 步骤2,对通用软件无线电外设接收到的信号进行信号处理,得到待认证设备的载波频偏特征;Step 2: Perform signal processing on the signal received by the general software radio peripheral to obtain the carrier frequency offset characteristics of the device to be certified; 所述步骤2具体包括:The step 2 specifically includes: 步骤21,对接收到的信号中的每一个probe request帧信号进行共轭相关,得到每一个probe request帧信号对应的自相关系数,判断每一个probe request帧信号对应的自相关系数是否高于第一设定阈值,当当前probe request帧信号对应的自相关系数高于第一设定阈值时,执行步骤22,当当前probe request帧信号对应的自相关系数低于第一设定阈值时,将当前probe request帧信号进行筛除;所述步骤21具体包括:Step 21: Perform conjugate correlation on each probe request frame signal in the received signal, obtain the autocorrelation coefficient corresponding to each probe request frame signal, and determine whether the autocorrelation coefficient corresponding to each probe request frame signal is higher than the Once the threshold is set, when the autocorrelation coefficient corresponding to the current probe request frame signal is higher than the first set threshold, step 22 is executed. When the autocorrelation coefficient corresponding to the current probe request frame signal is lower than the first set threshold, the The current probe request frame signal is filtered out; the step 21 specifically includes: 计算自相关系数,如下所示:Calculate the autocorrelation coefficient as follows: 其中,a[n]表示自相关函数值,k表示在可调窗口的取值,s[n]表示帧信号序列,n表示帧序列符号的编号,表示s的复共轭,p[n]表示平均功率,Nwin表示可调窗口,c[n]表示自相关系数;Among them, a[n] represents the autocorrelation function value, k represents the value in the adjustable window, s[n] represents the frame signal sequence, n represents the number of the frame sequence symbol, represents the complex conjugate of s, p[n] represents the average power, N win represents the adjustable window, and c[n] represents the autocorrelation coefficient; 对步骤21筛选出的每个probe request帧信号执行以下步骤:Perform the following steps for each probe request frame signal filtered out in step 21: 步骤22,对probe request帧信号通过短训练序列的时域延时相关算法进行帧同步,并进行粗载波频偏估计,步骤如下:Step 22: Perform frame synchronization on the probe request frame signal through the time domain delay correlation algorithm of the short training sequence, and perform coarse carrier frequency offset estimation. The steps are as follows: 通过短训练序列的前5个符号段进行延时相关,进行粗载波频偏估计,如下所示:Delay correlation is performed through the first 5 symbol segments of the short training sequence to estimate the coarse carrier frequency offset, as follows: 其中,表示估计的粗载波频偏,Sm表示短训练序列前5个符号段的符号,m表示短训练序列前5个符号段的符号的编号,m=0,1,...,79;arg()表示取相位运算符,/>表示Sm后第16个符号的共轭;in, represents the estimated coarse carrier frequency offset, S m represents the symbols of the first 5 symbol segments of the short training sequence, m represents the number of the symbols of the first 5 symbol segments of the short training sequence, m=0,1,...,79; arg () represents the phase operator,/> Represents the conjugate of the 16th symbol after S m ; 通过估计的粗载波频偏补偿长训练序列符号,如下所示:By estimated coarse carrier frequency offset Compensate for long training sequence symbols as follows: 其中,Sn表示长训练序列符号,n表示长训练序列符号的编号,n=0,1,...,127,S'n表示经过估计的粗载波频偏补偿后的长训练序列符号;Among them, S n represents the long training sequence symbol, n represents the number of the long training sequence symbol, n=0,1,...,127, S' n represents the long training sequence symbol after the estimated coarse carrier frequency offset compensation; 步骤23,基于估计的粗载波频偏补偿后的长训练序列符号进行精载波频偏估计,如下所示:Step 23: Perform fine carrier frequency offset estimation based on the estimated coarse carrier frequency offset compensated long training sequence symbols, as follows: 其中,表示估计的精载波频偏,/>表示S′n后第64个符号的共轭;in, Represents the estimated precise carrier frequency offset,/> Represents the conjugate of the 64th symbol after S′ n ; 步骤24,将估计的粗载波频偏和估计的精载波频偏相加,得到估计的总载波频偏 Step 24: Add the estimated coarse carrier frequency offset and the estimated fine carrier frequency offset to obtain the estimated total carrier frequency offset. 步骤25,基于估计的总载波频偏得到载波频偏特征如下所示:Step 25: Obtain carrier frequency offset characteristics based on the estimated total carrier frequency offset As follows: 其中,BW为信道带宽;Among them, BW is the channel bandwidth; 步骤26,基于频域估计信道对信号做均衡,包括以下步骤;Step 26: Equalize the signal based on the frequency domain estimated channel, including the following steps; 步骤261,将probe request帧信号根据对应的载波频偏特征进行补偿;Step 261: Compensate the probe request frame signal according to the corresponding carrier frequency offset characteristics; 步骤262,将频偏补偿后的probe request帧信号进行FFT变换,将probe request帧信号从时域转换到频域;Step 262: Perform FFT transformation on the probe request frame signal after frequency offset compensation, and convert the probe request frame signal from the time domain to the frequency domain; 步骤263,将转换后的probe request帧信号通过WiFi帧均衡器根据传输导频符号检查导频载波上的值,通过减去剩余频偏估计载波符号的星座图;Step 263: Pass the converted probe request frame signal through the WiFi frame equalizer to check the value on the pilot carrier according to the transmitted pilot symbol, and estimate the constellation diagram of the carrier symbol by subtracting the remaining frequency offset; 步骤27,根据估计出的载波符号的星座图对probe request帧信号进行导频移除和循环前缀,对循环前缀后的probe request帧信号进行解交织、维特比译码和解扰,得到proberequest帧信号的载荷信息,根据载荷信息提取出probe request帧信号的SSID标识符,以载波频偏作为probe request帧信号的指纹;Step 27: Perform pilot removal and cyclic prefix on the probe request frame signal according to the estimated constellation diagram of the carrier symbol, and perform deinterleaving, Viterbi decoding and descrambling on the probe request frame signal after the cyclic prefix to obtain the probe request frame signal. The load information, extract the SSID identifier of the probe request frame signal based on the load information, and use the carrier frequency offset as the fingerprint of the probe request frame signal; 步骤3,通过最近邻的模式匹配算法将待认证设备的载波频偏特征与已存储的所有授权用户的载波频偏特征进行相似度计算;Step 3: Calculate the similarity between the carrier frequency offset characteristics of the device to be authenticated and the stored carrier frequency offset characteristics of all authorized users through the nearest neighbor pattern matching algorithm; 所述步骤3具体包括:The step 3 specifically includes: 将已授权设备样本集的密度表示为:Express the density of the sample set of authorized devices as: 其中,Dk1表示已授权设备样本集,k=A,B,C,D,E,F,dij表示样本i和样本j之间的距离,Nk表示已授权设备样本集中的样本个数,k=A,B,C,D,E,F;Among them, D k1 represents the authorized device sample set, k = A, B, C, D, E, F, d ij represents the distance between sample i and sample j, and N k represents the number of samples in the authorized device sample set. ,k=A,B,C,D,E,F; 将待认证设备样本集分别添加到各个已授权设备样本集中,多个新样本集的密度为:Add the device sample set to be authenticated to each authorized device sample set. The density of multiple new sample sets is: 其中,Nh表示待认证设备样本集中的样本个数,Nh+1表示待认证设备样本的索引,当Dk1>=Dk2+th,该样本集被认为是未经授权的,th表示第二设定阈值;Among them, N h represents the number of samples in the sample set of the device to be authenticated, N h +1 represents the index of the device sample to be authenticated, when D k1 >= D k2 + th, the sample set is considered unauthorized, and th represents second set threshold; 步骤4,根据计算出的待认证设备的载波频偏特征与已存储的所有授权用户的载波频偏特征的相似度和待认证设备密码验证的正确性判断是否准许待认证设备接入无线网络。Step 4: Determine whether to allow the device to be authenticated to access the wireless network based on the similarity between the calculated carrier frequency offset characteristics of the device to be authenticated and the stored carrier frequency offset characteristics of all authorized users and the correctness of the password verification of the device to be authenticated. 2.根据权利要求1所述的基于密码和频偏的双重认证方法,其特征在于,所述步骤4具体包括:2. The dual authentication method based on password and frequency offset according to claim 1, characterized in that the step 4 specifically includes: 步骤41,找出原样本集与新样本集密度差的最小值:Step 41, find the minimum value of the density difference between the original sample set and the new sample set: chk=Dk1-Dk2,k=A,B,C,D,E,F (10)ch k =D k1 -D k2 , k=A,B,C,D,E,F (10) ch=min(chk) (11)ch=min(ch k ) (11) 其中,ch表示载波频偏最高相似度;Among them, ch represents the highest similarity of carrier frequency offset; 步骤42,判断待认证设备的载波频偏最高相似度ch是否高于第二设定阈值th;Step 42: Determine whether the highest similarity ch of the carrier frequency offset of the device to be authenticated is higher than the second set threshold th; 步骤43,当待认证设备的载波频偏最高相似度ch高于第二设定阈值th时,执行步骤43;当待认证设备的载波频偏最高相似度ch不高于阈值第二设定阈值th时,该待认证设备为非授权设备,不准许待认证设备接入无线网络,结束;Step 43: When the highest similarity ch of the carrier frequency offset of the device to be authenticated is higher than the second set threshold th, execute step 43; when the highest similarity ch of the carrier frequency offset of the device to be authenticated is not higher than the second set threshold At th time, the device to be authenticated is an unauthorized device, and the device to be authenticated is not allowed to access the wireless network, ending; 步骤44,判断待认证设备的密码是否正确;Step 44: Determine whether the password of the device to be authenticated is correct; 步骤45,当待认证设备的密码正确时,执行步骤45;当待认证设备的密码不正确时,该待认证设备为非授权设备,不准许该设备接入无线网络,结束;Step 45: When the password of the device to be authenticated is correct, perform step 45; when the password of the device to be authenticated is incorrect, the device to be authenticated is an unauthorized device and the device is not allowed to access the wireless network, ending; 步骤46,该待认证设备为授权设备,准许接入无线网络。Step 46: The device to be authenticated is an authorized device and is allowed to access the wireless network.
CN202111500384.XA 2021-12-09 2021-12-09 Dual authentication method based on password and frequency offset Active CN114025350B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111500384.XA CN114025350B (en) 2021-12-09 2021-12-09 Dual authentication method based on password and frequency offset

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111500384.XA CN114025350B (en) 2021-12-09 2021-12-09 Dual authentication method based on password and frequency offset

Publications (2)

Publication Number Publication Date
CN114025350A CN114025350A (en) 2022-02-08
CN114025350B true CN114025350B (en) 2023-09-19

Family

ID=80068291

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111500384.XA Active CN114025350B (en) 2021-12-09 2021-12-09 Dual authentication method based on password and frequency offset

Country Status (1)

Country Link
CN (1) CN114025350B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116261139B (en) * 2023-03-06 2023-09-15 深圳市壹通道科技有限公司 Online data security transmission method and system based on 5G message and electronic equipment
CN117641356B (en) * 2023-11-30 2024-06-18 国网江苏省电力有限公司电力科学研究院 Electric power system third party intelligent terminal continuous authentication method based on behavior deviation degree
CN118870359B (en) * 2024-07-30 2025-06-17 广州市宸思通讯科技有限公司 A communication terminal access authentication method
CN118921666A (en) * 2024-08-20 2024-11-08 中国南方电网有限责任公司超高压输电公司昆明局 Network access authentication method, device, computer equipment, readable storage medium and program product based on frequency offset

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20110050837A (en) * 2009-11-09 2011-05-17 삼성전자주식회사 Apparatus and method for restricting the use of a portable terminal in a mobile communication system
CN104853352A (en) * 2015-04-23 2015-08-19 杭州华三通信技术有限公司 Access authentication method and device
CN109218981A (en) * 2018-11-20 2019-01-15 太原理工大学 Wi-Fi access authentication method based on position signal feature common recognition
WO2020087110A1 (en) * 2018-10-30 2020-05-07 Mobile Technology Holdings Limited Electronic device identification

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7724717B2 (en) * 2005-07-22 2010-05-25 Sri International Method and apparatus for wireless network security
US20180295513A1 (en) * 2017-04-06 2018-10-11 Walmart Apollo, Llc Authentication system using nfc tags

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20110050837A (en) * 2009-11-09 2011-05-17 삼성전자주식회사 Apparatus and method for restricting the use of a portable terminal in a mobile communication system
CN104853352A (en) * 2015-04-23 2015-08-19 杭州华三通信技术有限公司 Access authentication method and device
WO2020087110A1 (en) * 2018-10-30 2020-05-07 Mobile Technology Holdings Limited Electronic device identification
CN109218981A (en) * 2018-11-20 2019-01-15 太原理工大学 Wi-Fi access authentication method based on position signal feature common recognition

Also Published As

Publication number Publication date
CN114025350A (en) 2022-02-08

Similar Documents

Publication Publication Date Title
CN114025350B (en) Dual authentication method based on password and frequency offset
CN105162778B (en) Cross-layer authentication method based on radio-frequency fingerprint
US7724717B2 (en) Method and apparatus for wireless network security
US8249028B2 (en) Method and apparatus for identifying wireless transmitters
Chatterjee et al. RF-PUF: IoT security enhancement through authentication of wireless nodes using in-situ machine learning
CN110035425B (en) Physical fingerprint extraction method for wireless devices based on wireless network card
Song et al. Enhancing Packet‐Level Wi‐Fi Device Authentication Protocol Leveraging Channel State Information
Peng et al. A differential constellation trace figure based device identification method for ZigBee nodes
CN111163460B (en) RF Fingerprint Extraction Method Based on Multi-spaced Differential Constellation Trajectory
CN112822689B (en) Radio frequency fingerprint extraction method based on carrier frequency deviation
CN111565383B (en) Method for eliminating channel characteristics and extracting radio frequency fingerprint of ZigBee device
Peng et al. Channel-robust radio frequency fingerprint identification for cellular uplink LTE devices
Anmulwar et al. Rogue access point detection methods: A review
Zeng et al. Physical layer authentication based on cfo and visibility graph
Teng et al. Exploiting carrier frequency offset and phase noise for physical layer authentication in UAV-aided communication systems
Mobarhan et al. REPS-AKA3: A secure authentication and re-authentication protocol for LTE networks
Chen et al. Isolated forest-based ZigBee device identification using adaptive filter coefficients
CN116567638B (en) A 5G terminal device fingerprint extraction and authentication method based on radio frequency fingerprint
CN114297615B (en) Identity authentication method, device, equipment and storage medium
CN110417701B (en) OFDM device identification method and device based on preamble differential spectrum
CN113365273B (en) Packet-level wireless equipment authentication method based on channel state information
CN115913400A (en) A method for extracting radio frequency deviation eigenvectors using wifi preamble signals
Oh et al. Wi-sun device authentication using physical layer fingerprint
Sun et al. Fingerble: A device fingerprint identification scheme for ble devices
KR101136698B1 (en) Method of controlling of user session using terminal's MACID

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant