LocKey: Location-Based Key Extraction from the WiFi Environment in the User's Vicinity.

We investigate extracting persistent information from semi-volatile signals in the user’s vicinity to extend existing authentication factors. We use WiFi as a representative of semi-volatile signals, as WiFi signals and WiFi receiver hardware are ubiquitous. WiFi hardware is mostly bound to a physical location and WiFi signals are semi-volatile by nature. By comparing different locations, we confirm our expectation that location-specific information is present in the received WiFi signals. In this work, we study whether and how this information can be transformed to satisfy the following properties of a cryptographic key so that we can use it as an extension of an authentication factor: it must be uniformly random, contain sufficient entropy, and the information must be secret. We further discuss two primary use cases in the authentication domain: using extracted low-entropy information (48 bits) for password hardening and using extracted high-entropy information (128 bits and 256 bits) as a location-specific key. Using the WiFi-signal composition as an authentication component increases the usability, introduces the factor of ‘location’ to the authentication claims, and introduces another layer of defense against key or password extraction attacks. Next to these advantages, it has intrinsic limitations, such as the need for the receiver to be in proximity to the signal and the reliance on WiFi signals, which are outside the user’s control. Despite these challenges, using signals in the proximity of a user works in situations with a fallback routine in place while increasing usability and transparency. LocKey is capable to extract low-entropy information at all locations measured, and high-entropy from 68% locations for 128-bit keys (48% of the locations respectively for 256-bit keys). We further show that with an initial measurement time of at most five minutes, we can reconstruct the key in at least 75% of the cases in less than 15, 30, and 40 s depending on the desired key strength.