LightGuard: Transparent WiFi Security via Physical-Layer LiFi Key Bootstrapping
This addresses security risks for WiFi users in environments where RF signals can be intercepted, offering a novel dual-link approach.
The paper tackles WiFi's vulnerability to eavesdropping by using a physically confined LiFi channel for cryptographic key establishment, preventing key exposure over RF, and validates this with a prototype using off-the-shelf components.
WiFi is inherently vulnerable to eavesdropping because RF signals may penetrate many physical boundaries, such as walls and floors. LiFi, by contrast, is an optical method confined to line-of-sight and blocked by opaque surfaces. We present LightGuard, a dual-link architecture built on this insight: cryptographic key establishment can be offloaded from WiFi to a physically confined LiFi channel to mitigate the risk of key exposure over RF. LightGuard derives session keys over a LiFi link and installs them on the WiFi interface, ensuring cryptographic material never traverses the open RF medium. A prototype with off-the-shelf WiFi NICs and our LiFi transceiver frontend validates the design.