Fingerprinting Smart Devices Through Embedded Acoustic Components

The widespread use of smart devices gives rise to both security and privacy concerns. Fingerprinting smart devices can assist in authenticating physical devices, but it can also jeopardize privacy by allowing remote identification without user awareness. We propose a novel fingerprinting approach that uses the microphones and speakers of smart phones to uniquely identify an individual device. During fabrication, subtle imperfections arise in device microphones and speakers which induce anomalies in produced and received sounds. We exploit this observation to fingerprint smart devices through playback and recording of audio samples. We use audio-metric tools to analyze and explore different acoustic features and analyze their ability to successfully fingerprint smart devices. Our experiments show that it is even possible to fingerprint devices that have the same vendor and model; we were able to accurately distinguish over 93% of all recorded audio clips from 15 different units of the same model. Our study identifies the prominent acoustic features capable of fingerprinting devices with high success rate and examines the effect of background noise and other variables on fingerprinting accuracy

Implementation of a Radio Frequency Fingerprint Detector Based on GNSS Signals

Geolocation is one of the most significant manifestations of the current development of information technologies and it is used for multiple applications, such as mobile networks, military systems, or in the stock market. For that reason, it is important to verify the source of this type of signals, as they could be susceptible to being tricked by spoofing attacks, namely fake transmitters. This thesis is based on the development of a GNSS signal type classifier based on radio frequency (RF) fingerprinting methods that will determine if a signal belongs to an authorized transmitter or if it comes from a non-authorized GNSS signal generator/repeater. First, a total of 620 signals have been recorded in lab environments, follows: 40 different scenarios of real GNSS signal (with antennas located on the roof of the university) and 580 scenarios of the generated signal (using a GNSS signal generator). Each of the scenarios contains different types of signals (different GNSS constellations and/or bands, different satellites, etc.). Then, using a MATLAB-based simulator, the recorded signal is read, a certain time-frequency transform is applied (in this case the discrete Wavelet Transform), and an image of the wavelet transform of each sample is saved. These images include the features of the signal's RF fingerprinting. Next, a machine learning algorithm called SVM, also designed in MATLAB, is used. This algorithm classifies two or more different signal classes, and finally evaluate the classification accuracy. We used 80% of the images in each category for training and the remaining 20% for testing. Finally, a confusion matrix is obtained showing the accuracy obtained by the SVM algorithm in the testing phase. The analysis of the results has shown that the SVM classification algorithm can be a very effective model for the identification of GNSS transmitters through the use of fingerprinting features. It has been observed that when the Spectracom scenario is configured with more than one satellite, accuracy is lower compared to being configured with only one. This is because the signal obtained when more than one satellite is configured is more similar to the signal obtained from the antenna in comparison to the single satellite configuration, and for that reason, SVM has more difficulty in classifying it correctly. Another observation is that accuracy is also reduced when more than two categories are classified at the same time compared to a binary classification. Despite this, the accuracy is very high in the scenarios used, with 99.47% being the lowest value obtained and 100% the highest. Therefore, this implementation of RF fingerprinting methods is very promising in the context of determining whether a signal belongs to the actual GNSS satellite constellation or to a signal generator with a high level of accuracy

Sequential Transient Detection for RF Fingerprinting

In this paper, a sequential transient detection method for radio frequency (RF) fingerprinting used in the identification of wireless devices is proposed. To the best knowledge of the authors, sequential detection of transient signals for RF fingerprinting has not been considered in the literature. The proposed method is based on an approximate implementation of the generalized likelihood ratio algorithm. The method can be implemented online in a recursive manner with low computational and memory requirements. The transients of wireless transmitters are detected by using the likelihood ratio of the observations without the requirement of any a priori knowledge about the transmitted signals. The performance of the method was evaluated using experimental data collected from 16 Wi-Fi transmitters and compared to those of two existing methods. The experimental test results showed that the proposed method can be used to detect the transient signals with a low detection delay. Our proposed method estimates transient starting points 20-times faster compared to an existing robust method, as well as providing a classification performance of a mean accuracy close to 95%

On the Performance of Energy Criterion Method in Wi-Fi Transient Signal Detection

In the development of radiofrequency fingerprinting (RFF), one of the major challenges is to extract subtle and robust features from transmitted signals of wireless devices to be used in accurate identification of possible threats to the wireless network. To overcome this challenge, the use of the transient region of the transmitted signals could be one of the best options. For an efficient transient-based RFF, it is also necessary to accurately and precisely estimate the transient region of the signal. Here, the most important difficulty can be attributed to the detection of the transient starting point. Thus, several methods have been developed to detect transient start in the literature. Among them, the energy criterion method based on the instantaneous amplitude characteristics (EC-a) was shown to be superior in a recent study. The study reported the performance of the EC-a method for a set of Wi-Fi signals captured from a particular Wi-Fi device brand. However, since the transient pattern varies according to the type of wireless device, the device diversity needs to be increased to achieve more reliable results. Therefore, this study is aimed at assessing the efficiency of the EC-a method across a large set of Wi-Fi signals captured from various Wi-Fi devices for the first time. To this end, Wi-Fi signals are first captured from smartphones of five brands, for a wide range of signal-to-noise ratio (SNR) values defined as low (−3 to 5 dB), medium (5 to 15 dB), and high (15 to 30 dB). Then, the performance of the EC-a method and well-known methods was comparatively assessed, and the efficiency of the EC-a method was verified in terms of detection accuracy.publishedVersio

Master of Science

thesisLocation of an object or person in in-door environments is a vital piece of in-formation. Traditionally, global positioning system-based devices do an excellent job in providing location information but are limited in in-door environments due to lack of an unobstructed line of sight. Wireless environments, with their extreme sensitivity to the positioning of objects inside them, provide excellent opportunities for obtaining location information of subjects. Received signal strength (RSS) based localization methods attract special attention as they can be readily implemented with "off-the-shelf" hardware and software. Device-free localization (DFL) presents a new and promising dimension in RSS-based localization research by providing a non-intrusive method of localization. However, existing RSS-based localization schemes assume a fixed or known transmit power. Any unexpected change in transmit power, not known to the receivers in the wireless network, can introduce errors in location estimate. Previous work has shown that meticulously planned power attacks can result in expected errors, in location of a transmitting sensor, in excess of 18 meters for an area of 75 X 50 m2. We find that the localization error in DFL can increase by four-fold when under power attack of 15 dB amplitude by multiple adversaries. Certain nonadversarial circumstances can also lead to unexpected changes in transmit power which would result in increased localization error. In this thesis, we focus on detection and isolation of wireless sensor nodes in a network which vary their transmit power to cause unexpected changes in RSS measurements and lead to increased localization errors in DFL. In the detection methods presented in this thesis, we do not require a training phase and hence, our methods are robust for use in dynamic environments where the training data may get obsolete frequently. We present our work with special focus on DFL methods using wireless sensor networks. However, the methods developed are generic and can be easily extended to active localization methods using both wireless sensor networks (WSN) and IEEE 802.11 protocols. To evaluate the effectiveness of our detection method, we perform extensive experiments in indoor settings using a network of 802.15.4 (Zigbee) compliant wireless sensor nodes and present evaluation results in the form of average detection rate, ROC curves, probability of missed detection and false alarm

Survey on the state of the art of wireless sensor networks

Este artículo presenta un estudio del estado del arte de las redes de sensores inalámbricas, las cuales siguen un desarrollo creciente y presentan una gran variedad de aplicaciones. Estas redes constituyen un campo actual y emergente de estudio donde se combina el desarrollo de computadores, comunicaciones inalámbricas y dispositivos móviles e integración con otras disciplinas como agricultura, biología, medicina, etc. Se presenta el concepto principal, los componentes, topologías, estándares, aplicaciones, problemas y desafíos, luego se profundiza en soluciones de seguridad y se concluye con herramientas básicas de simulación.This article presents a survey of the state of the art of wireless sensor networks, which follows a growing development and a wide variety of applications. These networks provide a current and emerging field of study where combines the development of computers, wireless communications and mobile devices and integration with other disciplines such as agriculture, biology, medicine, etc. Presents the main concept, components, topologies, standards,  applications,  problems  and  challenges,  deepens  security  solutions  and conclude with basic tools of simulation

Stay Connected, Leave no Trace: Enhancing Security and Privacy in WiFi via Obfuscating Radiometric Fingerprints

The intrinsic hardware imperfection of WiFi chipsets manifests itself in the transmitted signal, leading to a unique radiometric fingerprint. This fingerprint can be used as an additional means of authentication to enhance security. In fact, recent works propose practical fingerprinting solutions that can be readily implemented in commercial-off-the-shelf devices. In this paper, we prove analytically and experimentally that these solutions are highly vulnerable to impersonation attacks. We also demonstrate that such a unique device-based signature can be abused to violate privacy by tracking the user device, and, as of today, users do not have any means to prevent such privacy attacks other than turning off the device. We propose RF-Veil, a radiometric fingerprinting solution that not only is robust against impersonation attacks but also protects user privacy by obfuscating the radiometric fingerprint of the transmitter for non-legitimate receivers. Specifically, we introduce a randomized pattern of phase errors to the transmitted signal such that only the intended receiver can extract the original fingerprint of the transmitter. In a series of experiments and analyses, we expose the vulnerability of adopting naive randomization to statistical attacks and introduce countermeasures. Finally, we show the efficacy of RF-Veil experimentally in protecting user privacy and enhancing security. More importantly, our proposed solution allows communicating with other devices, which do not employ RF-Veil.Comment: ACM Sigmetrics 2021 / In Proc. ACM Meas. Anal. Comput. Syst., Vol. 4, 3, Article 44 (December 2020