Real-Time RF-DNA Fingerprinting of ZigBee Devices Using a Software-Defined Radio with FPGA Processing

ZigBee networks are increasingly popular for use in medical, industrial, and other applications. Traditional security techniques for ZigBee networks are based on presenting and verifying device bit-level credentials (e.g. keys). While historically effective, ZigBee networks remain vulnerable to attack by any unauthorized rogue device that can obtain and present bit-level credentials for an authorized device. This research focused on utilizing a National Instruments (NI) X310 Software-Defined Radio (SDR) hosting an on-board Field Programmable Gate Array (FPGA). The demonstrations included device discrimination assessments using like-model ZigBee AVR RZUSBstick devices and included generating RF fingerprints in real-time, as an extension to AFIT\u27s RF-DNA fingerprinting work. The goal was to develop a fingerprinting process that was both 1) effective at discriminating between like-model ZigBee devices and 2) efficient for implementation in FPGA hardware. As designed and implemented, the full-dimensional FPGA fingerprint generator only utilized approximately 7% of the X310 Kintex-7 FPGA resources. The full-dimensional fingerprinting performance of using only 7% of FPGA resources demonstrates the feasibility for real-time RF-DNA fingerprint generation and like-model ZigBee device discrimination using an SDR platform

Exploitation of RF-DNA for Device Classification and Verification Using GRLVQI Processing

This dissertation introduces a GRLVQI classifier into an RF-DNA fingerprinting process and demonstrates applicability for device classification and ID verification. Unlike MDA/ML processing, GRLVQI provides a measure of feature relevance that enables Dimensional Reduction Analysis (DRA) to enhance the experimental-to-operational transition potential of RF-DNA fingerprinting. Using 2D Gabor Transform RF-DNA fingerprints extracted from experimentally collected OFDM-based 802.16 WiMAX and 802.11 WiFi device emissions, average GRLVQI classification accuracy of %C greater than or equal to 90% is achieved using full and reduced dimensional feature sets at SNR greater than or equal to 10.0 dB and SNR greater than or equal to 12.0 dB, respectively. Performance with DRA approximately 90% reduced feature sets included %C greater than or equal to 90% for 1) WiMAX features at SNR greater than or equal to 12.0 dB and 2) WiFi features at SNR greater than or equal to 13.0 dB. For device ID verification with DRA approximately 90% feature sets, GRLVQI enabled: 1) 100% ID verification of authorized WiMAX devices and 97% detection of spoofing attacks by rogue devices at SNR=18.0 dB, and 2) 100% ID verification of authorized WiFi devices at SNR=15.0 dB

Authorized and rogue device discrimination using dimensionally reduced RF-DNA fingerprints for security purposes in wireless communication systems

La nature des réseaux de capteurs sans fil comme ZigBee, permettant la communication entre différents types de nœuds du réseau, les rend très vulnérables à divers types de menaces. Dans différentes applications des technologies sans fil modernes comme SmartHome, les informations privées et sensibles produites par le réseau peuvent être transmises au monde extérieur par des moyens filaires ou sans fil. Outre les avantages offerts, cette intégration augmentera certainement les exigences en matière de protection des communications. Les nœuds capteurs du réseau étant souvent placés à proximité d'autres appareils, le réseau peut être plus vulnérable aux attaques potentielles. Cette recherche de doctorat a pour but d'utiliser les attributs natifs distincts de radiofréquence RF-DNA sécurisés produits par le processus d'empreinte numérique dans le but de fournir un support de communication sans fil sécurisé pour les communications de réseau ZigBee. Ici, nous visons à permettre une discrimination d'appareil en utilisant des préambules physiques (PHY) extraits des signaux émis pas de différents appareils. Grâce à cette procédure, nous pouvons établir une distinction entre différents appareils produits par différents fabricants ou par le même fabricant. Dans un tel cas, nous serons en mesure de fournir aux appareils des identifications physiques de niveau binaire non clonables qui empêchent l'accès non autorisé des appareils non autorisés au réseau par la falsification des identifications autorisées.The nature of wireless networks like ZigBee sensors, being able to provide communication between different types of nodes in the network makes them very vulnerable to various types of threats. In different applications of modern wireless technologies like Smart Home, private and sensitive information produced by the network can be conveyed to the outside world through wired or wireless means. Besides the advantages, this integration will definitely increase the requirements in the security of communications. The sensor nodes of the network are often located in the accessible range of other devices, and in such cases, a network may face more vulnerability to potential attacks. This Ph.D. research aims to use the secure Radio Frequency Distinct Native Attributes (RF-DNA) produced by the fingerprinting process to provide a secure wireless communication media for ZigBee network device communications. Here, we aim to provide device discrimination using Physical (PHY) preambles extracted from the signal transmitted by different devices. Through this procedure, we are able to distinguish between different devices produced by different manufacturers, or by the same one. In such cases, we will be able to provide devices with unclonable physical bit-level identifications that prevent the unauthorized access of rogue devices to the network through the forgery of authorized devices' identifications

Using RF-DNA Fingerprints to Discriminate ZigBee Devices in an Operational Environment

This research was performed to expand AFIT\u27s Radio Frequency Distinct Native Attribute (RF-DNA) fingerprinting process to support IEEE 802.15.4 ZigBee communication network applications. Current ZigBee bit-level security measures include use of network keys and MAC lists which can be subverted through interception and spoofing using open-source hacking tools. This work addresses device discrimination using Physical (PHY) waveform alternatives to augment existing bit-level security mechanisms. ZigBee network vulnerability to outsider threats was assessed using Receiver Operating Characteristic (ROC) curves to characterize both Authorized Device ID Verification performance (granting network access to authorized users presenting true bit-level credentials) and Rogue Device Rejection performance (denying network access to unauthorized rogue devices presenting false bit-level credentials). Radio Frequency Distinct Native Attribute (RF-DNA) features are extracted from time-domain waveform responses of 2.4 GHz CC2420 ZigBee transceivers to enable humanlike device discrimination. The fingerprints were constructed using a hybrid pool of emissions collected under a range of conditions, including anechoic chamber and an indoor office environment where dynamic multi-path and signal degradation factors were present. The RF-DNA fingerprints were input to a Multiple Discriminant Analysis, Maximum Likelihood (MDA/ML) discrimination process and a 1 vs. many Looks most like? classification assessment made. The hybrid MDA model was also used for 1 vs. 1 Looks how much like? verification assessment. ZigBee Device Classification performance was assessed using both full and reduced dimensional fingerprint sets. Reduced dimensional subsets were selected using Dimensional Reduction Analysis (DRA) by rank ordering 1) pre-classification KS-Test p-values and 2) post-classification GRLVQI feature relevance values. Assessment of Zigbee device ID verification capability

PLC Hardware Discrimination using RF-DNA fingerprinting

Programmable Logic Controllers are used to control and monitor automated process in many Supervisory Control and Data Acquisition (SCADA) critical applications. As with virtually all electronic devices, PLCs contain Integrated Circuits (IC) that are often manufactured overseas. ICs that have been unknowingly altered (counterfeited, manufactured with hardware Trojans, etc.) pose a significant security vulnerability. To mitigate this risk, the RF-Distinct Native Attribute (RF-DNA) fingerprinting process is applied to PLC hardware devices to augment bit-level security. RF-DNA fingerprints are generated using two independent signal collection platforms. Two different classifiers are applied for device classification. A verification process is implemented for analysis of Authorized Device Identification and Rogue Device Rejection. Fingerprint feature dimensional reduction is evaluated both Qualitatively and Quantitatively to enhance experimental-to-operational transition potential. The findings of this research are that the higher quality signal collection platform had a classification performance gain of approximately 10dB SNR. Performance of the classifiers varied between signal collection platforms, and also with the application of fingerprint dimensional reduction. The lower quality signal collection platform saw a maximum gain of 5dB SNR using reduced dimensional feature sets compared against the full dimensional feature set

Physical Layer Discrimination of Electronic Control Units Using Wired Signal Distinct Native Attribute (WS-DNDA)

The Controller Area Network (CAN) bus is a communication system used in automobiles to connect the electronic components required for critical vehicle operations. These components are called Electronic Control Units (ECU) and each one exercises one or more functions within the vehicle. ECUs can provide autonomous safety features and increased comfort to drivers but these advancements may come at the expense of vehicle security. Researchers have shown that the CAN bus can be hacked by compromising authorized ECUs or by physically connecting unauthorized devices to the bus. Physical layer (PHY) device fingerprinting has emerged as one of the accepted approaches to establishing vehicle security. This paper uses a fingerprinting method called Wired Signal Distinct Native Attribute (WS-DNA) and classification algorithm called Multiple Discriminant Analysis Maximum Likelihood (MDA/ML) to achieve ECU discrimination which includes device classification and verification

Exploitation of Unintentional Ethernet Cable Emissions Using Constellation Based-Distinct Native Attribute (CB-DNA) Fingerprints to Enhance Network Security

This research contributed to the AFIT\u27s Radio Frequency Intelligence (RFINT) program by developing a new device discrimination technique called Constellation-Based Distinct Native Attribute (CB-DNA) Fingerprinting. This is of great interest to the Air Force Research Lab (AFRL), Sensor Directorate, who supported the research and now have new method for improving network security. CB-DNA fingerprints are used to authenticate wired network device identities, thwart unauthorized access, and augment traditional bit-level security measures that area easily bypassed by skilled hackers. Similar to human fingerprint features that uniquely identify individuals, CB-DNA uniquely identifies communication devices and improves the rate at which unauthorized rogue devices are granted network access

Extending Critical Infrastructure Element Longevity using Constellation-based ID Verification

This work supports a technical cradle-to-grave protection strategy aimed at extending the useful lifespan of Critical Infrastructure (CI) elements. This is done by improving mid-life operational protection measures through integration of reliable physical (PHY) layer security mechanisms. The goal is to improve existing protection that is heavily reliant on higher-layer mechanisms that are commonly targeted by cyberattack. Relative to prior device ID discrimination works, results herein reinforce the exploitability of constellation-based PHY layer features and the ability for those features to be practically implemented to enhance CI security. Prior work is extended by formalizing a device ID verification process that enables rogue device detection demonstration under physical access attack conditions that include unauthorized devices mimicking bit-level credentials of authorized network devices. The work transitions from distance-based to probability-based measures of similarity derived from empirical Multivariate Normal Probability Density Function (MVNPDF) statistics of multiple discriminant analysis radio frequency fingerprint projections. Demonstration results for Constellation-Based Distinct Native Attribute (CB-DNA) fingerprinting of WirelessHART adapters from two manufacturers includes 1) average cross-class percent correct classification of %C \u3e 90% across 28 different networks comprised of six authorized devices, and 2) average rogue rejection rate of 83.4% ≤ RRR ≤ 99.9% based on two held-out devices serving as attacking rogue devices for each network (a total of 120 individual rogue attacks). Using the MVNPDF measure proved most effective and yielded nearly 12% RRR improvement over a Euclidean distance measure

Comparison of Radio Frequency Distinct Native Attribute and Matched Filtering Techniques for Device Discrimination and Operation Identification

The research presented here provides a comparison of classification, verification, and computational time for three techniques used to analyze Unintentional Radio- Frequency (RF) Emissions (URE) from semiconductor devices for the purposes of device discrimination and operation identification. URE from ten MSP430F5529 16-bit microcontrollers were analyzed using: 1) RF Distinct Native Attribute (RFDNA) fingerprints paired with Multiple Discriminant Analysis/Maximum Likelihood (MDA/ML) classification, 2) RF-DNA fingerprints paired with Generalized Relevance Learning Vector Quantized-Improved (GRLVQI) classification, and 3) Time Domain (TD) signals paired with matched filtering. These techniques were considered for potential applications to detect counterfeit/Trojan hardware infiltrating supply chains and to defend against cyber attacks by monitoring executed operations of embedded systems in critical Supervisory Control And Data Acquisition (SCADA) networks