Exploitation of RF-DNA for Device Classification and Verification Using GRLVQI Processing

This dissertation introduces a GRLVQI classifier into an RF-DNA fingerprinting process and demonstrates applicability for device classification and ID verification. Unlike MDA/ML processing, GRLVQI provides a measure of feature relevance that enables Dimensional Reduction Analysis (DRA) to enhance the experimental-to-operational transition potential of RF-DNA fingerprinting. Using 2D Gabor Transform RF-DNA fingerprints extracted from experimentally collected OFDM-based 802.16 WiMAX and 802.11 WiFi device emissions, average GRLVQI classification accuracy of %C greater than or equal to 90% is achieved using full and reduced dimensional feature sets at SNR greater than or equal to 10.0 dB and SNR greater than or equal to 12.0 dB, respectively. Performance with DRA approximately 90% reduced feature sets included %C greater than or equal to 90% for 1) WiMAX features at SNR greater than or equal to 12.0 dB and 2) WiFi features at SNR greater than or equal to 13.0 dB. For device ID verification with DRA approximately 90% feature sets, GRLVQI enabled: 1) 100% ID verification of authorized WiMAX devices and 97% detection of spoofing attacks by rogue devices at SNR=18.0 dB, and 2) 100% ID verification of authorized WiFi devices at SNR=15.0 dB

Application of Wavelet Denoising to Improve OFDM‐based Signal Detection and Classification

The developmental emphasis on improving wireless access security through various OSI PHY layer mechanisms continues. This work investigates the exploitation of RF waveform features that are inherently unique to specific devices and that may be used for reliable device classification (manufacturer, model, or serial number). Emission classification is addressed here through detection, location, extraction, and exploitation of RF [fingerprints] to provide device‐specific identification. The most critical step in this process is burst detection which occurs prior to fingerprint extraction and classification. Previous variance trajectory (VT) work provided sensitivity analysis for burst detection capability and highlighted the need for more robust processing at lower signal‐to‐noise ratio (SNR). The work presented here introduces a dual‐tree complex wavelet transform (DT‐ℂWT) denoising process to augment and improve VT detection capability. The new method\u27s performance is evaluated using the instantaneous amplitude responses of experimentally collected 802.11a OFDM signals at various SNRs. The impact of detection error on signal classification performance is then illustrated using extracted RF fingerprints and multiple discriminant analysis (MDA) with maximum likelihood (ML) classification. Relative to previous approaches, the DT‐ℂWT augmented process emerges as a better alternative at lower SNR and yields performance that is 34% closer (on average) to [perfect] burst location estimation performance. Abstract © 2009 John Wiley & Sons, Ltd

Spectral Domain RF Fingerprinting for 802.11 Wireless Devices

The increase in availability and reduction in cost of commercial communication devices (e.g. IEEE compliant such as 802.11, WiFi, 802.16, Bluetooth etc.) has increased wireless user exposure and the need for techniques to properly identify/classify signals for increased security measures. Communication device emissions include intentional modulation that enables correct device operation. Hardware and environmental factors alter the ideal response and induce unintentional modulation effects. If these effects (features) are sufficiently unique, it becomes possible to identify a device using its fingerprint, with potential discrimination of not only the manufacturer but possibly the serial number for a given manufacturer. Many techniques in many domains have been investigated to extract features, identify a fingerprint, classify signals, and each technique has certain benefits and limitations. Previous AFIT research has demonstrated the effectiveness of RF Fingerprinting using 802.11A signals with 1) spectral correlation on Power Spectral Density (PSD) fingerprints, 2) Multiple Discriminant Analysis/Maximum Likelihood (MDA/ML) classification with fingerprints obtained from Time Domain (TD) and Wavelet Domain (WD) statistical features. Performance \gain , defined as the difference in Signal-to-Noise ratio (SNR) required to achieve comparable classification performance, has been used to demonstrate considerable improvement. Spectral Domain (SD) fingerprinting uses PSD features for device discrimination. Results presented here show some improvement over the WD approach (gain ≈ 3 dB) and significant improvement over the TD approach (gain ≈ 8 dB)

Application of Dual-Tree Complex Wavelet Transforms to Burst Detection and RF Fingerprint Classification

This work addresses various Open Systems Interconnection (OSI) Physical (PHY) layer mechanisms to extract and exploit RF waveform features (”fingerprints”) that are inherently unique to specific devices and that may be used to provide hardware specific identification (manufacturer, model, and/or serial number). This is addressed by applying a Dual-Tree Complex Wavelet Transform (DT-CWT) to improve burst detection and RF fingerprint classification. A ”Denoised VT” technique is introduced to improve performance at lower SNRs, with denoising implemented using a DT-CWT decomposition prior to Traditional VT processing. A newly developed Wavelet Domain (WD) fingerprinting technique is presented using statistical WD fingerprints with Multiple Discriminant Analysis/Maximum Likelihood (MDA/ML) classification. The statistical fingerprint features are extracted from coefficients of a DT-CWT decomposition. Relative to previous Time Domain (TD) results, the enhanced WD statistical features provide improved device classification performance. Additional performance sensitivity results are presented to demonstrate WD fingerprinting robustness for variation in burst location error, MDA/ML training and classification SNRs, and MDA/ML training and classification signal types. For all cases considered, the WD technique proved to be more robust and exhibited less sensitivity when compared with the TD Technique

Assessing the Feasibility of RF Fingerprinting for Security in Unmanned Aerial Vehicles

The wireless network of consumer drones is particularly vulnerable to remote attacks due to the weak encryption scheme involving the exchange of a Global Unique Identifier (GUID) between transceiver pairs using the binding process, thus exposing the technology to a host of attack vectors such as data spoofing and malicious authentication, among others, leading to security breaches that threaten the prospects of the consumer drone. This study assesses the feasibility of RF fingerprinting as a complementary layer of security devoid of cryptography in the wireless network of unmanned aerial vehicles for enhanced resilience. We evaluate the feature performance of the toy-grade and the universal-grade drone RC transmitters to discern the prospects for device identification in inexpensive, low-end device and the high-end device. Instantaneous amplitude and phase features extracted from the transient phase of time-domain signals acquired off-the-air in the near-field show a high recognition rate in a support vector machine and k-Nearest Neighbour, suggestive of device classification in unmanned aerial vehicle RF hardware, irrespective of built quality

A Comparison of RF-DNA Fingerprinting Using High/Low Value Receivers with ZigBee Devices

The ZigBee specification provides a niche capability, extending the IEEE 802.15.4 standard to provide a wireless mesh network solution. ZigBee-based devices require minimal power and provide a relatively long-distance, inexpensive, and secure means of networking. The technology is heavily utilized, providing energy management, ICS automation, and remote monitoring of Critical Infrastructure (CI) operations; it also supports application in military and civilian health care sectors. ZigBee networks lack security below the Network layer of the OSI model, leaving them vulnerable to open-source hacking tools that allow malicous attacks such as MAC spoofing or Denial of Service (DOS). A method known as RF-DNA Fingerprinting provides an additional level of security at the Physical (PHY) level, where the transmitted waveform of a device is examined, rather than its bit-level credentials which can be easily manipulated. RF-DNA fingerprinting allows a unique human-like signature for a device to be obtained and a subsequent decision made whether to grant access or deny entry to a secure network. Two NI receivers were used here to simultaneously collect RF emissions from six Atmel AT86RF230 transceivers. The time-domain response of each device was used to extract features and generate unique RF-DNA fingerprints. These fingeprints were used to perform Device Classification using two discrimination processes known as MDA/ML and GRLVQI. Each process (classifier) was used to examine both the Full-Dimensional (FD) and reduced dimensional feature-sets for the high-value PXIe and low-value USRP receivers. The reduced feature-sets were determined using DRA for both quantitative and qualitative subsets. Additionally, each classifier performed Device Classification using a hybrid interleaved set of fingerprints from both receivers

Signal fingerprinting and machine learning framework for UAV detection and identification.

Advancement in technology has led to creative and innovative inventions. One such invention includes unmanned aerial vehicles (UAVs). UAVs (also known as drones) are now an intrinsic part of our society because their application is becoming ubiquitous in every industry ranging from transportation and logistics to environmental monitoring among others. With the numerous benign applications of UAVs, their emergence has added a new dimension to privacy and security issues. There are little or no strict regulations on the people that can purchase or own a UAV. For this reason, nefarious actors can take advantage of these aircraft to intrude into restricted or private areas. A UAV detection and identification system is one of the ways of detecting and identifying the presence of a UAV in an area. UAV detection and identification systems employ different sensing techniques such as radio frequency (RF) signals, video, sounds, and thermal imaging for detecting an intruding UAV. Because of the passive nature (stealth) of RF sensing techniques, the ability to exploit RF sensing for identification of UAV flight mode (i.e., flying, hovering, videoing, etc.), and the capability to detect a UAV at beyond visual line-of-sight (BVLOS) or marginal line-of-sight makes RF sensing techniques promising for UAV detection and identification. More so, there is constant communication between a UAV and its ground station (i.e., flight controller). The RF signals emitting from a UAV or UAV flight controller can be exploited for UAV detection and identification. Hence, in this work, an RF-based UAV detection and identification system is proposed and investigated. In RF signal fingerprinting research, the transient and steady state of the RF signals can be used to extract a unique signature. The first part of this work is to use two different wavelet analytic transforms (i.e., continuous wavelet transform and wavelet scattering transform) to investigate and analyze the characteristics or impacts of using either state for UAV detection and identification. Coefficient-based and image-based signatures are proposed for each of the wavelet analysis transforms to detect and identify a UAV. One of the challenges of using RF sensing is that a UAV\u27s communication links operate at the industrial, scientific, and medical (ISM) band. Several devices such as Bluetooth and WiFi operate at the ISM band as well, so discriminating UAVs from other ISM devices is not a trivial task. A semi-supervised anomaly detection approach is explored and proposed in this research to differentiate UAVs from Bluetooth and WiFi devices. Both time-frequency analytical approaches and unsupervised deep neural network techniques (i.e., denoising autoencoder) are used differently for feature extraction. Finally, a hierarchical classification framework for UAV identification is proposed for the identification of the type of unmanned aerial system signal (UAV or UAV controller signal), the UAV model, and the operational mode of the UAV. This is a shift from a flat classification approach. The hierarchical learning approach provides a level-by-level classification that can be useful for identifying an intruding UAV. The proposed frameworks described here can be extended to the detection of rogue RF devices in an environment

Implementation of a Radio Frequency Fingerprint Detector Based on GNSS Signals

Geolocation is one of the most significant manifestations of the current development of information technologies and it is used for multiple applications, such as mobile networks, military systems, or in the stock market. For that reason, it is important to verify the source of this type of signals, as they could be susceptible to being tricked by spoofing attacks, namely fake transmitters. This thesis is based on the development of a GNSS signal type classifier based on radio frequency (RF) fingerprinting methods that will determine if a signal belongs to an authorized transmitter or if it comes from a non-authorized GNSS signal generator/repeater. First, a total of 620 signals have been recorded in lab environments, follows: 40 different scenarios of real GNSS signal (with antennas located on the roof of the university) and 580 scenarios of the generated signal (using a GNSS signal generator). Each of the scenarios contains different types of signals (different GNSS constellations and/or bands, different satellites, etc.). Then, using a MATLAB-based simulator, the recorded signal is read, a certain time-frequency transform is applied (in this case the discrete Wavelet Transform), and an image of the wavelet transform of each sample is saved. These images include the features of the signal's RF fingerprinting. Next, a machine learning algorithm called SVM, also designed in MATLAB, is used. This algorithm classifies two or more different signal classes, and finally evaluate the classification accuracy. We used 80% of the images in each category for training and the remaining 20% for testing. Finally, a confusion matrix is obtained showing the accuracy obtained by the SVM algorithm in the testing phase. The analysis of the results has shown that the SVM classification algorithm can be a very effective model for the identification of GNSS transmitters through the use of fingerprinting features. It has been observed that when the Spectracom scenario is configured with more than one satellite, accuracy is lower compared to being configured with only one. This is because the signal obtained when more than one satellite is configured is more similar to the signal obtained from the antenna in comparison to the single satellite configuration, and for that reason, SVM has more difficulty in classifying it correctly. Another observation is that accuracy is also reduced when more than two categories are classified at the same time compared to a binary classification. Despite this, the accuracy is very high in the scenarios used, with 99.47% being the lowest value obtained and 100% the highest. Therefore, this implementation of RF fingerprinting methods is very promising in the context of determining whether a signal belongs to the actual GNSS satellite constellation or to a signal generator with a high level of accuracy

Using RF-DNA Fingerprints to Discriminate ZigBee Devices in an Operational Environment

This research was performed to expand AFIT\u27s Radio Frequency Distinct Native Attribute (RF-DNA) fingerprinting process to support IEEE 802.15.4 ZigBee communication network applications. Current ZigBee bit-level security measures include use of network keys and MAC lists which can be subverted through interception and spoofing using open-source hacking tools. This work addresses device discrimination using Physical (PHY) waveform alternatives to augment existing bit-level security mechanisms. ZigBee network vulnerability to outsider threats was assessed using Receiver Operating Characteristic (ROC) curves to characterize both Authorized Device ID Verification performance (granting network access to authorized users presenting true bit-level credentials) and Rogue Device Rejection performance (denying network access to unauthorized rogue devices presenting false bit-level credentials). Radio Frequency Distinct Native Attribute (RF-DNA) features are extracted from time-domain waveform responses of 2.4 GHz CC2420 ZigBee transceivers to enable humanlike device discrimination. The fingerprints were constructed using a hybrid pool of emissions collected under a range of conditions, including anechoic chamber and an indoor office environment where dynamic multi-path and signal degradation factors were present. The RF-DNA fingerprints were input to a Multiple Discriminant Analysis, Maximum Likelihood (MDA/ML) discrimination process and a 1 vs. many Looks most like? classification assessment made. The hybrid MDA model was also used for 1 vs. 1 Looks how much like? verification assessment. ZigBee Device Classification performance was assessed using both full and reduced dimensional fingerprint sets. Reduced dimensional subsets were selected using Dimensional Reduction Analysis (DRA) by rank ordering 1) pre-classification KS-Test p-values and 2) post-classification GRLVQI feature relevance values. Assessment of Zigbee device ID verification capability

Authorized and rogue device discrimination using dimensionally reduced RF-DNA fingerprints for security purposes in wireless communication systems

La nature des réseaux de capteurs sans fil comme ZigBee, permettant la communication entre différents types de nœuds du réseau, les rend très vulnérables à divers types de menaces. Dans différentes applications des technologies sans fil modernes comme SmartHome, les informations privées et sensibles produites par le réseau peuvent être transmises au monde extérieur par des moyens filaires ou sans fil. Outre les avantages offerts, cette intégration augmentera certainement les exigences en matière de protection des communications. Les nœuds capteurs du réseau étant souvent placés à proximité d'autres appareils, le réseau peut être plus vulnérable aux attaques potentielles. Cette recherche de doctorat a pour but d'utiliser les attributs natifs distincts de radiofréquence RF-DNA sécurisés produits par le processus d'empreinte numérique dans le but de fournir un support de communication sans fil sécurisé pour les communications de réseau ZigBee. Ici, nous visons à permettre une discrimination d'appareil en utilisant des préambules physiques (PHY) extraits des signaux émis pas de différents appareils. Grâce à cette procédure, nous pouvons établir une distinction entre différents appareils produits par différents fabricants ou par le même fabricant. Dans un tel cas, nous serons en mesure de fournir aux appareils des identifications physiques de niveau binaire non clonables qui empêchent l'accès non autorisé des appareils non autorisés au réseau par la falsification des identifications autorisées.The nature of wireless networks like ZigBee sensors, being able to provide communication between different types of nodes in the network makes them very vulnerable to various types of threats. In different applications of modern wireless technologies like Smart Home, private and sensitive information produced by the network can be conveyed to the outside world through wired or wireless means. Besides the advantages, this integration will definitely increase the requirements in the security of communications. The sensor nodes of the network are often located in the accessible range of other devices, and in such cases, a network may face more vulnerability to potential attacks. This Ph.D. research aims to use the secure Radio Frequency Distinct Native Attributes (RF-DNA) produced by the fingerprinting process to provide a secure wireless communication media for ZigBee network device communications. Here, we aim to provide device discrimination using Physical (PHY) preambles extracted from the signal transmitted by different devices. Through this procedure, we are able to distinguish between different devices produced by different manufacturers, or by the same one. In such cases, we will be able to provide devices with unclonable physical bit-level identifications that prevent the unauthorized access of rogue devices to the network through the forgery of authorized devices' identifications