APAuth: Authenticate an Access Point by Backscatter Devices

Backscatter communication (BC) represents a wireless communication technology that facilitates the transmission of data by low-power devices, referred to as backscatter devices (BDs), through the modulation or reflection of pre-existing wireless signals, typically sourced from an access point (AP). The advent of the Internet of Things (IoT) has garnered significant attention and witnessed the widespread adoption of BC, primarily due to its exceptional energy- efficiency characteristics. Nevertheless, the security of BC systems faces substantial threats when deployed in practical scenarios due to their inherent openness. Specifically, wireless BDs, which directly engage with users, are susceptible to detrimental consequences in the event of interactions with counterfeit wireless APs. Owing to their non-authenticated and unconditional reflection properties, BDs are vulnerable to spoofing attacks orchestrated by malicious APs. Moreover, their limited computing capabilities make it challenging to employ intricate cryptographic algorithms. To tackle these challenges, we introduce APAuth, a lightweight authentication scheme that leverages the power value of BD to establish AP authentication. In this scheme, BDs and APs share a confidential key and engage in negotiations to determine a key generation algorithm. Subsequently, the current stored power value of BD is utilized to calculate the power value that must be delivered to BD from AP. If the computed charging power value aligns with the value determined by the key generation algorithm, the AP successfully passes the authentication of BD. We perform a thorough theoretical analysis of the security aspects inherent in our proposed scheme. We further conduct numerical simulations to validate the practical viability and desired performance of APAuth in diverse real-world scenarios.