Radio Frequency Fingerprinting Exploiting Non-Linear Memory Effect

Radio frequency fingerprint (RFF) identification distinguishes wireless transmitters by exploiting their hardware imperfection that is inherent in typical radio frequency (RF) front ends. This can reduce the risks for the identities of legitimate devices being copied, or forged, which can also occur in conventional software-based identification systems. This paper analyzes the feasibility of device identification exploiting the unique non-linear memory effect of the transmitter RF chains consisting of matched pulse shaping filters and non-linear power amplifiers (PAs). This unique feature can be extracted from the received distorted constellation diagrams (CDs) with the help of image recognition-based classification algorithms. In order to validate the performance of the proposed RFF approach, experiments are carried out in cabled and over the air (OTA) scenarios. In the cabled experiment, the average classification accuracy among systems of 8 PAs (4 PAs of the same model and the other 4 of different models) is around 92% at signal to noise ratio (SNR) of 10 dB. For the OTA line-of-sight (LOS) scenario, the average classification accuracy is 90% at SNR of 10 dB; for the non-line-of-sight (NLOS) scenario, the average classification accuracy is 79% at SNR of 12 dB

ROLAX: LOCATION DETERMINATION TECHNIQUES IN 4G NETWORKS

In this dissertation, ROLAX location determination system in 4G networks is presented. ROLAX provides two primary solutions for the location determination in the 4G networks. First, it provides techniques to detect the error-prone wireless conditions in geometric approaches of Time of Arrival (ToA) and Time Difference of Arrival (TDoA). ROLAX provides techniques for a Mobile Station (MS) to determine the Dominant Line-of-Sight Path (DLP) condition given the measurements of the downlink signals from the Base Station (BS). Second, robust RF fingerprinting techniques for the 4G networks are designed. The causes for the signal measurement variation are identified, and the system is designed taking those into account, leading to a significant improvement in accuracy. ROLAX is organized in two phases: offline and online phases. During the offline phase, the radiomap is constructed by wardriving. In order to provide the portability of the techniques, standard radio measurements such as Received Signal Strength Indication (RSSI) and Carrier to Interference Noise Ratio(CINR) are used in constructing the radiomap. During the online phase, a MS performs the DLP condition test for each BS it can observe. If the number of the BSs under DLP is small, the MS attempts to determine its location by using the RF fingerprinting. In ROLAX, the DLP condition is determined from the RSSI, CINR, and RTD (Round Trip Delay) measurements. Features generated from the RSSI difference between two antennas of the MS were also used. The features, including the variance, the level crossing rate, the correlation between the RSSI and RTD, and Kullback-Leibler Divergence, were successfully used in detecting the DLP condition. We note that, compared to using a single feature, appropriately combined multiple features lead to a very accurate DLP condition detection. A number of pattern matching techniques are evaluated for the purpose of the DLP condition detection. Artificial neural networks, instance-based learning, and Rotation Forest are particularly used in the DLP detection. When the Rotation Forest is used, a detection accuracy of 94.8\% was achieved in the live 4G networks. It has been noted that features designed in the DLP detection can be useful in the RF fingerprinting. In ROLAX, in addition to the DLP detection features, mean of RSSI and mean of CINR are used to create unique RF fingerprints. ROLAX RF fingerprinting techniques include: (1) a number of gridding techniques, including overlapped gridding; (2) an automatic radiomap generation technique by the Delaunay triangulation-based interpolation; (3) the filtering of measurements based upon the power-capture relationship between BSs; and (4) algorithms dealing with the missing data. In this work, software was developed using the interfaces provided by Beceem/Broadcom chip-set based software. Signals were collected from both the home network (MAXWell 4G network) and the foreign network (Clear 4G network). By combining the techniques in ROLAX, a distance error in the order of 4 meters was achieved in the live 4G networks

On the Performance of Energy Criterion Method in Wi-Fi Transient Signal Detection

In the development of radiofrequency fingerprinting (RFF), one of the major challenges is to extract subtle and robust features from transmitted signals of wireless devices to be used in accurate identification of possible threats to the wireless network. To overcome this challenge, the use of the transient region of the transmitted signals could be one of the best options. For an efficient transient-based RFF, it is also necessary to accurately and precisely estimate the transient region of the signal. Here, the most important difficulty can be attributed to the detection of the transient starting point. Thus, several methods have been developed to detect transient start in the literature. Among them, the energy criterion method based on the instantaneous amplitude characteristics (EC-a) was shown to be superior in a recent study. The study reported the performance of the EC-a method for a set of Wi-Fi signals captured from a particular Wi-Fi device brand. However, since the transient pattern varies according to the type of wireless device, the device diversity needs to be increased to achieve more reliable results. Therefore, this study is aimed at assessing the efficiency of the EC-a method across a large set of Wi-Fi signals captured from various Wi-Fi devices for the first time. To this end, Wi-Fi signals are first captured from smartphones of five brands, for a wide range of signal-to-noise ratio (SNR) values defined as low (−3 to 5 dB), medium (5 to 15 dB), and high (15 to 30 dB). Then, the performance of the EC-a method and well-known methods was comparatively assessed, and the efficiency of the EC-a method was verified in terms of detection accuracy.publishedVersio

An Assessment of Entropy-Based Data Reduction for SEI Within IoT Applications

The research community remains focused on addressing Internet of Things (IoT) security concerns due to its continued proliferation and use of weak or no encryption. Specific Emitter Identification (SEI) has been introduced to combat this security vulnerability. Recently, Deep Learning (DL) has been leveraged to accelerate SEI using the signals’ Time-Frequency (TF) representation. While TF representations improve DL-based SEI accuracy–over raw signal learning–these transforms generate large amounts of data that are computationally expensive to store and process by the DL network. This study investigates the use of entropy-based data reduction applied to “tiles” selected from the signals’ TF representations. Our results show that entropy-based data reduction lowers the average SEI performance by as little as 0.86% while compressing the memory and training time requirements by as much as 92.65% and 80.7%, respectively

Feature Selection and Classifier Development for Radio Frequency Device Identification

The proliferation of simple and low-cost devices, such as IEEE 802.15.4 ZigBee and Z-Wave, in Critical Infrastructure (CI) increases security concerns. Radio Frequency Distinct Native Attribute (RF-DNA) Fingerprinting facilitates biometric-like identification of electronic devices emissions from variances in device hardware. Developing reliable classifier models using RF-DNA fingerprints is thus important for device discrimination to enable reliable Device Classification (a one-to-many looks most like assessment) and Device ID Verification (a one-to-one looks how much like assessment). AFITs prior RF-DNA work focused on Multiple Discriminant Analysis/Maximum Likelihood (MDA/ML) and Generalized Relevance Learning Vector Quantized Improved (GRLVQI) classifiers. This work 1) introduces a new GRLVQI-Distance (GRLVQI-D) classifier that extends prior GRLVQI work by supporting alternative distance measures, 2) formalizes a framework for selecting competing distance measures for GRLVQI-D, 3) introducing response surface methods for optimizing GRLVQI and GRLVQI-D algorithm settings, 4) develops an MDA-based Loadings Fusion (MLF) Dimensional Reduction Analysis (DRA) method for improved classifier-based feature selection, 5) introduces the F-test as a DRA method for RF-DNA fingerprints, 6) provides a phenomenological understanding of test statistics and p-values, with KS-test and F-test statistic values being superior to p-values for DRA, and 7) introduces quantitative dimensionality assessment methods for DRA subset selection