WiFi is inherently vulnerable to eavesdropping because RF signals may penetrate many physical boundaries, such as walls and floors. LiFi, by contrast, is an optical method confined to line-of-sight and blocked by opaque surfaces. We present LightGuard, a dual-link architecture built on this insight: cryptographic key establishment can be offloaded from WiFi to a physically confined LiFi channel to mitigate the risk of key exposure over RF. LightGuard derives session keys over a LiFi link and installs them on the WiFi interface, ensuring cryptographic material never traverses the open RF medium. A prototype with off-the-shelf WiFi NICs and our LiFi transceiver frontend validates the design.

翻译：WiFi本质上易受窃听攻击，因为射频信号可能穿透墙壁、地板等许多物理边界。相比之下，LiFi作为一种光学通信方式，受限于视距传播且会被不透明表面遮挡。基于这一发现，我们提出LightGuard——一种双链路架构：将密钥建立过程从WiFi迁移至物理受限的LiFi信道，从而降低密钥通过射频暴露的风险。LightGuard通过LiFi链路生成会话密钥并将其安装至WiFi接口，确保密码学材料永不通过开放的射频介质传输。采用商用WiFi网卡与自研LiFi收发前端构建的原型系统验证了该设计方案。