AoA-aware Probabilistic Indoor Location Fingerprinting using Channel State Information

With expeditious development of wireless communications, location fingerprinting (LF) has nurtured considerable indoor location based services (ILBSs) in the field of Internet of Things (IoT). For most pattern-matching based LF solutions, previous works either appeal to the simple received signal strength (RSS), which suffers from dramatic performance degradation due to sophisticated environmental dynamics, or rely on the fine-grained physical layer channel state information (CSI), whose intricate structure leads to an increased computational complexity. Meanwhile, the harsh indoor environment can also breed similar radio signatures among certain predefined reference points (RPs), which may be randomly distributed in the area of interest, thus mightily tampering the location mapping accuracy. To work out these dilemmas, during the offline site survey, we first adopt autoregressive (AR) modeling entropy of CSI amplitude as location fingerprint, which shares the structural simplicity of RSS while reserving the most location-specific statistical channel information. Moreover, an additional angle of arrival (AoA) fingerprint can be accurately retrieved from CSI phase through an enhanced subspace based algorithm, which serves to further eliminate the error-prone RP candidates. In the online phase, by exploiting both CSI amplitude and phase information, a novel bivariate kernel regression scheme is proposed to precisely infer the target's location. Results from extensive indoor experiments validate the superior localization performance of our proposed system over previous approaches

Exploitation of Unintentional Ethernet Cable Emissions Using Constellation Based-Distinct Native Attribute (CB-DNA) Fingerprints to Enhance Network Security

This research contributed to the AFIT\u27s Radio Frequency Intelligence (RFINT) program by developing a new device discrimination technique called Constellation-Based Distinct Native Attribute (CB-DNA) Fingerprinting. This is of great interest to the Air Force Research Lab (AFRL), Sensor Directorate, who supported the research and now have new method for improving network security. CB-DNA fingerprints are used to authenticate wired network device identities, thwart unauthorized access, and augment traditional bit-level security measures that area easily bypassed by skilled hackers. Similar to human fingerprint features that uniquely identify individuals, CB-DNA uniquely identifies communication devices and improves the rate at which unauthorized rogue devices are granted network access

Securing ZigBee Commercial Communications Using Constellation Based Distinct Native Attribute Fingerprinting

This work provides development of Constellation Based DNA (CB-DNA) Fingerprinting for use in systems employing quadrature modulations and includes network protection demonstrations for ZigBee offset quadrature phase shift keying modulation. Results are based on 120 unique networks comprised of seven authorized ZigBee RZSUBSTICK devices, with three additional like-model devices serving as unauthorized rogue devices. Authorized network device fingerprints are used to train a Multiple Discriminant Analysis (MDA) classifier and Rogue Rejection Rate (RRR) estimated for 2520 attacks involving rogue devices presenting themselves as authorized devices. With MDA training thresholds set to achieve a True Verification Rate (TVR) of TVR = 95% for authorized network devices, the collective rogue device detection results for SNR ≥ 12 dB include average burst-by-burst RRR ≈ 94% across all 2520 attack scenarios with individual rogue device attack performance spanning 83.32% \u3c RRR \u3c 99.81%

Physical Layer Defenses Against Primary User Emulation Attacks

Cognitive Radio (CR) is a promising technology that works by detecting unused parts of the spectrum and automatically reconfiguring the communication system\u27s parameters in order to operate in the available communication channels while minimizing interference. CR enables efficient use of the Radio Frequency (RF) spectrum by generating waveforms that can coexist with existing users in licensed spectrum bands. Spectrum sensing is one of the most important components of CR systems because it provides awareness of its operating environment, as well as detecting the presence of primary (licensed) users of the spectrum

Radio Frequency Fingerprinting Exploiting Non-Linear Memory Effect

Radio frequency fingerprint (RFF) identification distinguishes wireless transmitters by exploiting their hardware imperfection that is inherent in typical radio frequency (RF) front ends. This can reduce the risks for the identities of legitimate devices being copied, or forged, which can also occur in conventional software-based identification systems. This paper analyzes the feasibility of device identification exploiting the unique non-linear memory effect of the transmitter RF chains consisting of matched pulse shaping filters and non-linear power amplifiers (PAs). This unique feature can be extracted from the received distorted constellation diagrams (CDs) with the help of image recognition-based classification algorithms. In order to validate the performance of the proposed RFF approach, experiments are carried out in cabled and over the air (OTA) scenarios. In the cabled experiment, the average classification accuracy among systems of 8 PAs (4 PAs of the same model and the other 4 of different models) is around 92% at signal to noise ratio (SNR) of 10 dB. For the OTA line-of-sight (LOS) scenario, the average classification accuracy is 90% at SNR of 10 dB; for the non-line-of-sight (NLOS) scenario, the average classification accuracy is 79% at SNR of 12 dB

Implementation of a Radio Frequency Fingerprint Detector Based on GNSS Signals

Geolocation is one of the most significant manifestations of the current development of information technologies and it is used for multiple applications, such as mobile networks, military systems, or in the stock market. For that reason, it is important to verify the source of this type of signals, as they could be susceptible to being tricked by spoofing attacks, namely fake transmitters. This thesis is based on the development of a GNSS signal type classifier based on radio frequency (RF) fingerprinting methods that will determine if a signal belongs to an authorized transmitter or if it comes from a non-authorized GNSS signal generator/repeater. First, a total of 620 signals have been recorded in lab environments, follows: 40 different scenarios of real GNSS signal (with antennas located on the roof of the university) and 580 scenarios of the generated signal (using a GNSS signal generator). Each of the scenarios contains different types of signals (different GNSS constellations and/or bands, different satellites, etc.). Then, using a MATLAB-based simulator, the recorded signal is read, a certain time-frequency transform is applied (in this case the discrete Wavelet Transform), and an image of the wavelet transform of each sample is saved. These images include the features of the signal's RF fingerprinting. Next, a machine learning algorithm called SVM, also designed in MATLAB, is used. This algorithm classifies two or more different signal classes, and finally evaluate the classification accuracy. We used 80% of the images in each category for training and the remaining 20% for testing. Finally, a confusion matrix is obtained showing the accuracy obtained by the SVM algorithm in the testing phase. The analysis of the results has shown that the SVM classification algorithm can be a very effective model for the identification of GNSS transmitters through the use of fingerprinting features. It has been observed that when the Spectracom scenario is configured with more than one satellite, accuracy is lower compared to being configured with only one. This is because the signal obtained when more than one satellite is configured is more similar to the signal obtained from the antenna in comparison to the single satellite configuration, and for that reason, SVM has more difficulty in classifying it correctly. Another observation is that accuracy is also reduced when more than two categories are classified at the same time compared to a binary classification. Despite this, the accuracy is very high in the scenarios used, with 99.47% being the lowest value obtained and 100% the highest. Therefore, this implementation of RF fingerprinting methods is very promising in the context of determining whether a signal belongs to the actual GNSS satellite constellation or to a signal generator with a high level of accuracy

Extending Critical Infrastructure Element Longevity using Constellation-based ID Verification

This work supports a technical cradle-to-grave protection strategy aimed at extending the useful lifespan of Critical Infrastructure (CI) elements. This is done by improving mid-life operational protection measures through integration of reliable physical (PHY) layer security mechanisms. The goal is to improve existing protection that is heavily reliant on higher-layer mechanisms that are commonly targeted by cyberattack. Relative to prior device ID discrimination works, results herein reinforce the exploitability of constellation-based PHY layer features and the ability for those features to be practically implemented to enhance CI security. Prior work is extended by formalizing a device ID verification process that enables rogue device detection demonstration under physical access attack conditions that include unauthorized devices mimicking bit-level credentials of authorized network devices. The work transitions from distance-based to probability-based measures of similarity derived from empirical Multivariate Normal Probability Density Function (MVNPDF) statistics of multiple discriminant analysis radio frequency fingerprint projections. Demonstration results for Constellation-Based Distinct Native Attribute (CB-DNA) fingerprinting of WirelessHART adapters from two manufacturers includes 1) average cross-class percent correct classification of %C \u3e 90% across 28 different networks comprised of six authorized devices, and 2) average rogue rejection rate of 83.4% ≤ RRR ≤ 99.9% based on two held-out devices serving as attacking rogue devices for each network (a total of 120 individual rogue attacks). Using the MVNPDF measure proved most effective and yielded nearly 12% RRR improvement over a Euclidean distance measure