Exploitation of RF-DNA for Device Classification and Verification Using GRLVQI Processing

This dissertation introduces a GRLVQI classifier into an RF-DNA fingerprinting process and demonstrates applicability for device classification and ID verification. Unlike MDA/ML processing, GRLVQI provides a measure of feature relevance that enables Dimensional Reduction Analysis (DRA) to enhance the experimental-to-operational transition potential of RF-DNA fingerprinting. Using 2D Gabor Transform RF-DNA fingerprints extracted from experimentally collected OFDM-based 802.16 WiMAX and 802.11 WiFi device emissions, average GRLVQI classification accuracy of %C greater than or equal to 90% is achieved using full and reduced dimensional feature sets at SNR greater than or equal to 10.0 dB and SNR greater than or equal to 12.0 dB, respectively. Performance with DRA approximately 90% reduced feature sets included %C greater than or equal to 90% for 1) WiMAX features at SNR greater than or equal to 12.0 dB and 2) WiFi features at SNR greater than or equal to 13.0 dB. For device ID verification with DRA approximately 90% feature sets, GRLVQI enabled: 1) 100% ID verification of authorized WiMAX devices and 97% detection of spoofing attacks by rogue devices at SNR=18.0 dB, and 2) 100% ID verification of authorized WiFi devices at SNR=15.0 dB

OFDM-Based Signal Exploitation Using Quadrature Mirror Filter Bank (QMFB) Processing

By performing QMFB processing with a given signal it is possible to obtain Frequency-Time (F-T) outputs that represent signal features such as bandwidth (W), center frequency (fc), signal duration (Ts), modulation type (AM, FM, BPSK, QAM, etc), frequency content and time allocation. Because of its unique structure, two widely used signals based on Orthogonal Frequency Division Multiplexing (OFDM) were chosen as signals of interest for demonstration. The general implementation of the QMFB process is described along with the basic structure of OFDM signals related to the physical layer perspective of 802.11a Wi-Fi and 802.16e WiMAX frame structures are described. The adopted methodology is aimed at exploiting signal of interest features accounting for the effects of signal resampling and zeropadding. Computed simulation results are obtained after applying the defined methodology to each signal of interest. Initial time domain and frequency domain responses are presented for each input signal along with the initial and computed resampled parameters for each case. Results for selected QMFB outputs are presented using 2D F-T QMFB plots and 1D average frequency and average time plots. These plots enable qualitative visual assessment such as may be used by a human operator. The 1D responses are computed for the input signal and output QMFB responses and compared using overlay plots for single burst and multiple integrated burst inputs. Resultant time delta t) and frequency (delta f) resolutions were consistent and validate the usefulness of QMFB processing

Real-Time RF-DNA Fingerprinting of ZigBee Devices Using a Software-Defined Radio with FPGA Processing

ZigBee networks are increasingly popular for use in medical, industrial, and other applications. Traditional security techniques for ZigBee networks are based on presenting and verifying device bit-level credentials (e.g. keys). While historically effective, ZigBee networks remain vulnerable to attack by any unauthorized rogue device that can obtain and present bit-level credentials for an authorized device. This research focused on utilizing a National Instruments (NI) X310 Software-Defined Radio (SDR) hosting an on-board Field Programmable Gate Array (FPGA). The demonstrations included device discrimination assessments using like-model ZigBee AVR RZUSBstick devices and included generating RF fingerprints in real-time, as an extension to AFIT\u27s RF-DNA fingerprinting work. The goal was to develop a fingerprinting process that was both 1) effective at discriminating between like-model ZigBee devices and 2) efficient for implementation in FPGA hardware. As designed and implemented, the full-dimensional FPGA fingerprint generator only utilized approximately 7% of the X310 Kintex-7 FPGA resources. The full-dimensional fingerprinting performance of using only 7% of FPGA resources demonstrates the feasibility for real-time RF-DNA fingerprint generation and like-model ZigBee device discrimination using an SDR platform

The impact of Rayleigh fading channel effects on the RF-DNA fingerprinting process

The Internet of Things (IoT) consists of many electronic and electromechanical devices connected to the Internet. It is estimated that the number of connected IoT devices will be between 20 and 50 billion by the year 2020. The need for mechanisms to secure IoT networks will increase dramatically as 70% of the edge devices have no encryption. Previous research has proposed RF-DNA fingerprinting to provide wireless network access security through the exploitation of PHY layer features. RF-DNA fingerprinting takes advantage of unique and distinct characteristics that unintentionally occur within a given radio’s transmit chain during waveform generation. In this work, the application of RF-DNA fingerprinting is extended by developing a Nelder-Mead-based algorithm that estimates the coefficients of an indoor Rayleigh fading channel. The performance of the Nelder-Mead estimator is compared to the Least Square estimator and is assessed with degrading signal-to-noise ratio. The Rayleigh channel coefficients set estimated by the Nelder-Mead estimator is used to remove the multipath channel effects from the radio signal. The resulting channel-compensated signal is the region where the RF-DNA fingerprints are generated and classified. For a signal-to-noise ratio greater than 21 decibels, an average percent correct classification of more than 95% was achieved in a two-reflector channel

An Assessment of Entropy-Based Data Reduction for SEI Within IoT Applications

The research community remains focused on addressing Internet of Things (IoT) security concerns due to its continued proliferation and use of weak or no encryption. Specific Emitter Identification (SEI) has been introduced to combat this security vulnerability. Recently, Deep Learning (DL) has been leveraged to accelerate SEI using the signals’ Time-Frequency (TF) representation. While TF representations improve DL-based SEI accuracy–over raw signal learning–these transforms generate large amounts of data that are computationally expensive to store and process by the DL network. This study investigates the use of entropy-based data reduction applied to “tiles” selected from the signals’ TF representations. Our results show that entropy-based data reduction lowers the average SEI performance by as little as 0.86% while compressing the memory and training time requirements by as much as 92.65% and 80.7%, respectively

A Comparison of RF-DNA Fingerprinting Using High/Low Value Receivers with ZigBee Devices

The ZigBee specification provides a niche capability, extending the IEEE 802.15.4 standard to provide a wireless mesh network solution. ZigBee-based devices require minimal power and provide a relatively long-distance, inexpensive, and secure means of networking. The technology is heavily utilized, providing energy management, ICS automation, and remote monitoring of Critical Infrastructure (CI) operations; it also supports application in military and civilian health care sectors. ZigBee networks lack security below the Network layer of the OSI model, leaving them vulnerable to open-source hacking tools that allow malicous attacks such as MAC spoofing or Denial of Service (DOS). A method known as RF-DNA Fingerprinting provides an additional level of security at the Physical (PHY) level, where the transmitted waveform of a device is examined, rather than its bit-level credentials which can be easily manipulated. RF-DNA fingerprinting allows a unique human-like signature for a device to be obtained and a subsequent decision made whether to grant access or deny entry to a secure network. Two NI receivers were used here to simultaneously collect RF emissions from six Atmel AT86RF230 transceivers. The time-domain response of each device was used to extract features and generate unique RF-DNA fingerprints. These fingeprints were used to perform Device Classification using two discrimination processes known as MDA/ML and GRLVQI. Each process (classifier) was used to examine both the Full-Dimensional (FD) and reduced dimensional feature-sets for the high-value PXIe and low-value USRP receivers. The reduced feature-sets were determined using DRA for both quantitative and qualitative subsets. Additionally, each classifier performed Device Classification using a hybrid interleaved set of fingerprints from both receivers

Using RF-DNA Fingerprints to Discriminate ZigBee Devices in an Operational Environment

This research was performed to expand AFIT\u27s Radio Frequency Distinct Native Attribute (RF-DNA) fingerprinting process to support IEEE 802.15.4 ZigBee communication network applications. Current ZigBee bit-level security measures include use of network keys and MAC lists which can be subverted through interception and spoofing using open-source hacking tools. This work addresses device discrimination using Physical (PHY) waveform alternatives to augment existing bit-level security mechanisms. ZigBee network vulnerability to outsider threats was assessed using Receiver Operating Characteristic (ROC) curves to characterize both Authorized Device ID Verification performance (granting network access to authorized users presenting true bit-level credentials) and Rogue Device Rejection performance (denying network access to unauthorized rogue devices presenting false bit-level credentials). Radio Frequency Distinct Native Attribute (RF-DNA) features are extracted from time-domain waveform responses of 2.4 GHz CC2420 ZigBee transceivers to enable humanlike device discrimination. The fingerprints were constructed using a hybrid pool of emissions collected under a range of conditions, including anechoic chamber and an indoor office environment where dynamic multi-path and signal degradation factors were present. The RF-DNA fingerprints were input to a Multiple Discriminant Analysis, Maximum Likelihood (MDA/ML) discrimination process and a 1 vs. many Looks most like? classification assessment made. The hybrid MDA model was also used for 1 vs. 1 Looks how much like? verification assessment. ZigBee Device Classification performance was assessed using both full and reduced dimensional fingerprint sets. Reduced dimensional subsets were selected using Dimensional Reduction Analysis (DRA) by rank ordering 1) pre-classification KS-Test p-values and 2) post-classification GRLVQI feature relevance values. Assessment of Zigbee device ID verification capability

The manipulation of RF-DNA fingerprints through the use of a phase-modulated clock in IEEE802.11a Wi-Fi signals

The ubiquity of IoT devices has created an urgent need to augment existing network security mechanisms by leveraging discriminating, waveform characteristics to facilitate the detection of unauthorized devices. RF-DNA fingerprints are a waveform-based approach capable of distinguishing one device from others of the same manufacturer and model. This work investigates the extent to which the intentionally inserted changes can alter the RF-DNA fingerprints of the transmitted signal without negatively impacting the receiver’s ability to demodulate the received signal. The experiments presented herein investigate intentional changes caused by the external clock to the preamble of the 802.11a Wi-Fi waveform from which RF-DNA fingerprints are extracted. Analysis is conducted using the Gabor Transform. The results show the structure of the preamble remains intact when the clock signal is phase-modulated using sine waves oscillating frequencies up to 10 kHz with deviation of 1.5 degrees, or 2.5 kHz with deviation of 90 degrees

Physical Layer Discrimination of Electronic Control Units Using Wired Signal Distinct Native Attribute (WS-DNDA)

The Controller Area Network (CAN) bus is a communication system used in automobiles to connect the electronic components required for critical vehicle operations. These components are called Electronic Control Units (ECU) and each one exercises one or more functions within the vehicle. ECUs can provide autonomous safety features and increased comfort to drivers but these advancements may come at the expense of vehicle security. Researchers have shown that the CAN bus can be hacked by compromising authorized ECUs or by physically connecting unauthorized devices to the bus. Physical layer (PHY) device fingerprinting has emerged as one of the accepted approaches to establishing vehicle security. This paper uses a fingerprinting method called Wired Signal Distinct Native Attribute (WS-DNA) and classification algorithm called Multiple Discriminant Analysis Maximum Likelihood (MDA/ML) to achieve ECU discrimination which includes device classification and verification

Radio Frequency Based Programmable Logic Controller Anomaly Detection

The research goal involved developing improved methods for securing Programmable Logic Controller (PLC) devices against unauthorized entry and mitigating the risk of Supervisory Control and Data Acquisition (SCADA) attack by detecting malicious software and/or trojan hardware. A Correlation Based Anomaly Detection (CBAD) process was developed to enable 1) software anomaly detection discriminating between various operating conditions to detect malfunctioning or malicious software, firmware, etc., and 2) hardware component discrimination discriminating between various hardware components to detect malfunctioning or counterfeit, trojan, etc., components