Application of Dual-Tree Complex Wavelet Transforms to Burst Detection and RF Fingerprint Classification

This work addresses various Open Systems Interconnection (OSI) Physical (PHY) layer mechanisms to extract and exploit RF waveform features (”fingerprints”) that are inherently unique to specific devices and that may be used to provide hardware specific identification (manufacturer, model, and/or serial number). This is addressed by applying a Dual-Tree Complex Wavelet Transform (DT-CWT) to improve burst detection and RF fingerprint classification. A ”Denoised VT” technique is introduced to improve performance at lower SNRs, with denoising implemented using a DT-CWT decomposition prior to Traditional VT processing. A newly developed Wavelet Domain (WD) fingerprinting technique is presented using statistical WD fingerprints with Multiple Discriminant Analysis/Maximum Likelihood (MDA/ML) classification. The statistical fingerprint features are extracted from coefficients of a DT-CWT decomposition. Relative to previous Time Domain (TD) results, the enhanced WD statistical features provide improved device classification performance. Additional performance sensitivity results are presented to demonstrate WD fingerprinting robustness for variation in burst location error, MDA/ML training and classification SNRs, and MDA/ML training and classification signal types. For all cases considered, the WD technique proved to be more robust and exhibited less sensitivity when compared with the TD Technique

Application of Wavelet Denoising to Improve OFDM‐based Signal Detection and Classification

The developmental emphasis on improving wireless access security through various OSI PHY layer mechanisms continues. This work investigates the exploitation of RF waveform features that are inherently unique to specific devices and that may be used for reliable device classification (manufacturer, model, or serial number). Emission classification is addressed here through detection, location, extraction, and exploitation of RF [fingerprints] to provide device‐specific identification. The most critical step in this process is burst detection which occurs prior to fingerprint extraction and classification. Previous variance trajectory (VT) work provided sensitivity analysis for burst detection capability and highlighted the need for more robust processing at lower signal‐to‐noise ratio (SNR). The work presented here introduces a dual‐tree complex wavelet transform (DT‐ℂWT) denoising process to augment and improve VT detection capability. The new method\u27s performance is evaluated using the instantaneous amplitude responses of experimentally collected 802.11a OFDM signals at various SNRs. The impact of detection error on signal classification performance is then illustrated using extracted RF fingerprints and multiple discriminant analysis (MDA) with maximum likelihood (ML) classification. Relative to previous approaches, the DT‐ℂWT augmented process emerges as a better alternative at lower SNR and yields performance that is 34% closer (on average) to [perfect] burst location estimation performance. Abstract © 2009 John Wiley & Sons, Ltd

Preprint: Using RF-DNA Fingerprints To Classify OFDM Transmitters Under Rayleigh Fading Conditions

The Internet of Things (IoT) is a collection of Internet connected devices capable of interacting with the physical world and computer systems. It is estimated that the IoT will consist of approximately fifty billion devices by the year 2020. In addition to the sheer numbers, the need for IoT security is exacerbated by the fact that many of the edge devices employ weak to no encryption of the communication link. It has been estimated that almost 70% of IoT devices use no form of encryption. Previous research has suggested the use of Specific Emitter Identification (SEI), a physical layer technique, as a means of augmenting bit-level security mechanism such as encryption. The work presented here integrates a Nelder-Mead based approach for estimating the Rayleigh fading channel coefficients prior to the SEI approach known as RF-DNA fingerprinting. The performance of this estimator is assessed for degrading signal-to-noise ratio and compared with least square and minimum mean squared error channel estimators. Additionally, this work presents classification results using RF-DNA fingerprints that were extracted from received signals that have undergone Rayleigh fading channel correction using Minimum Mean Squared Error (MMSE) equalization. This work also performs radio discrimination using RF-DNA fingerprints generated from the normalized magnitude-squared and phase response of Gabor coefficients as well as two classifiers. Discrimination of four 802.11a Wi-Fi radios achieves an average percent correct classification of 90% or better for signal-to-noise ratios of 18 and 21 dB or greater using a Rayleigh fading channel comprised of two and five paths, respectively.Comment: 13 pages, 14 total figures/images, Currently under review by the IEEE Transactions on Information Forensics and Securit

Exploitation of Unintentional Ethernet Cable Emissions Using Constellation Based-Distinct Native Attribute (CB-DNA) Fingerprints to Enhance Network Security

This research contributed to the AFIT\u27s Radio Frequency Intelligence (RFINT) program by developing a new device discrimination technique called Constellation-Based Distinct Native Attribute (CB-DNA) Fingerprinting. This is of great interest to the Air Force Research Lab (AFRL), Sensor Directorate, who supported the research and now have new method for improving network security. CB-DNA fingerprints are used to authenticate wired network device identities, thwart unauthorized access, and augment traditional bit-level security measures that area easily bypassed by skilled hackers. Similar to human fingerprint features that uniquely identify individuals, CB-DNA uniquely identifies communication devices and improves the rate at which unauthorized rogue devices are granted network access

Spectral Domain RF Fingerprinting for 802.11 Wireless Devices

The increase in availability and reduction in cost of commercial communication devices (e.g. IEEE compliant such as 802.11, WiFi, 802.16, Bluetooth etc.) has increased wireless user exposure and the need for techniques to properly identify/classify signals for increased security measures. Communication device emissions include intentional modulation that enables correct device operation. Hardware and environmental factors alter the ideal response and induce unintentional modulation effects. If these effects (features) are sufficiently unique, it becomes possible to identify a device using its fingerprint, with potential discrimination of not only the manufacturer but possibly the serial number for a given manufacturer. Many techniques in many domains have been investigated to extract features, identify a fingerprint, classify signals, and each technique has certain benefits and limitations. Previous AFIT research has demonstrated the effectiveness of RF Fingerprinting using 802.11A signals with 1) spectral correlation on Power Spectral Density (PSD) fingerprints, 2) Multiple Discriminant Analysis/Maximum Likelihood (MDA/ML) classification with fingerprints obtained from Time Domain (TD) and Wavelet Domain (WD) statistical features. Performance \gain , defined as the difference in Signal-to-Noise ratio (SNR) required to achieve comparable classification performance, has been used to demonstrate considerable improvement. Spectral Domain (SD) fingerprinting uses PSD features for device discrimination. Results presented here show some improvement over the WD approach (gain ≈ 3 dB) and significant improvement over the TD approach (gain ≈ 8 dB)

Real-Time RF-DNA Fingerprinting of ZigBee Devices Using a Software-Defined Radio with FPGA Processing

ZigBee networks are increasingly popular for use in medical, industrial, and other applications. Traditional security techniques for ZigBee networks are based on presenting and verifying device bit-level credentials (e.g. keys). While historically effective, ZigBee networks remain vulnerable to attack by any unauthorized rogue device that can obtain and present bit-level credentials for an authorized device. This research focused on utilizing a National Instruments (NI) X310 Software-Defined Radio (SDR) hosting an on-board Field Programmable Gate Array (FPGA). The demonstrations included device discrimination assessments using like-model ZigBee AVR RZUSBstick devices and included generating RF fingerprints in real-time, as an extension to AFIT\u27s RF-DNA fingerprinting work. The goal was to develop a fingerprinting process that was both 1) effective at discriminating between like-model ZigBee devices and 2) efficient for implementation in FPGA hardware. As designed and implemented, the full-dimensional FPGA fingerprint generator only utilized approximately 7% of the X310 Kintex-7 FPGA resources. The full-dimensional fingerprinting performance of using only 7% of FPGA resources demonstrates the feasibility for real-time RF-DNA fingerprint generation and like-model ZigBee device discrimination using an SDR platform

Learning Robust Radio Frequency Fingerprints Using Deep Convolutional Neural Networks

Radio Frequency Fingerprinting (RFF) techniques, which attribute uniquely identifiable signal distortions to emitters via Machine Learning (ML) classifiers, are limited by fingerprint variability under different operational conditions. First, this work studied the effect of frequency channel for typical RFF techniques. Performance characterization using the multi-class Matthews Correlation Coefficient (MCC) revealed that using frequency channels other than those used to train the models leads to deterioration in MCC to under 0.05 (random guess), indicating that single-channel models are inadequate for realistic operation. Second, this work presented a novel way of studying fingerprint variability through Fingerprint Extraction through Distortion Reconstruction (FEDR), a neural network-based approach for quantifying signal distortions in a relative distortion latent space. Coupled with a Dense network, FEDR fingerprints were evaluated against common RFF techniques for up to 100 unseen classes, where FEDR achieved best performance with MCC ranging from 0.945 (5 classes) to 0.746 (100 classes), using 73% fewer training parameters than the next-best technique

A Comparison of RF-DNA Fingerprinting Using High/Low Value Receivers with ZigBee Devices

The ZigBee specification provides a niche capability, extending the IEEE 802.15.4 standard to provide a wireless mesh network solution. ZigBee-based devices require minimal power and provide a relatively long-distance, inexpensive, and secure means of networking. The technology is heavily utilized, providing energy management, ICS automation, and remote monitoring of Critical Infrastructure (CI) operations; it also supports application in military and civilian health care sectors. ZigBee networks lack security below the Network layer of the OSI model, leaving them vulnerable to open-source hacking tools that allow malicous attacks such as MAC spoofing or Denial of Service (DOS). A method known as RF-DNA Fingerprinting provides an additional level of security at the Physical (PHY) level, where the transmitted waveform of a device is examined, rather than its bit-level credentials which can be easily manipulated. RF-DNA fingerprinting allows a unique human-like signature for a device to be obtained and a subsequent decision made whether to grant access or deny entry to a secure network. Two NI receivers were used here to simultaneously collect RF emissions from six Atmel AT86RF230 transceivers. The time-domain response of each device was used to extract features and generate unique RF-DNA fingerprints. These fingeprints were used to perform Device Classification using two discrimination processes known as MDA/ML and GRLVQI. Each process (classifier) was used to examine both the Full-Dimensional (FD) and reduced dimensional feature-sets for the high-value PXIe and low-value USRP receivers. The reduced feature-sets were determined using DRA for both quantitative and qualitative subsets. Additionally, each classifier performed Device Classification using a hybrid interleaved set of fingerprints from both receivers

RF Fingerprinting Unmanned Aerial Vehicles

As unmanned aerial vehicles (UAVs) continue to become more readily available, their use in civil, military, and commercial applications is growing significantly. From aerial surveillance to search-and-rescue to package delivery the use cases of UAVs are accelerating. This accelerating popularity gives rise to numerous attack possibilities for example impersonation attacks in drone-based delivery, in a UAV swarm, etc. In order to ensure drone security, in this project we propose an authentication system based on RF fingerprinting. Specifically, we extract and use the device-specific hardware impairments embedded in the transmitted RF signal to separate the identity of each UAV. To achieve this goal, AlexNet with the data augmentation technique was employed

Using RF-DNA Fingerprints to Discriminate ZigBee Devices in an Operational Environment

This research was performed to expand AFIT\u27s Radio Frequency Distinct Native Attribute (RF-DNA) fingerprinting process to support IEEE 802.15.4 ZigBee communication network applications. Current ZigBee bit-level security measures include use of network keys and MAC lists which can be subverted through interception and spoofing using open-source hacking tools. This work addresses device discrimination using Physical (PHY) waveform alternatives to augment existing bit-level security mechanisms. ZigBee network vulnerability to outsider threats was assessed using Receiver Operating Characteristic (ROC) curves to characterize both Authorized Device ID Verification performance (granting network access to authorized users presenting true bit-level credentials) and Rogue Device Rejection performance (denying network access to unauthorized rogue devices presenting false bit-level credentials). Radio Frequency Distinct Native Attribute (RF-DNA) features are extracted from time-domain waveform responses of 2.4 GHz CC2420 ZigBee transceivers to enable humanlike device discrimination. The fingerprints were constructed using a hybrid pool of emissions collected under a range of conditions, including anechoic chamber and an indoor office environment where dynamic multi-path and signal degradation factors were present. The RF-DNA fingerprints were input to a Multiple Discriminant Analysis, Maximum Likelihood (MDA/ML) discrimination process and a 1 vs. many Looks most like? classification assessment made. The hybrid MDA model was also used for 1 vs. 1 Looks how much like? verification assessment. ZigBee Device Classification performance was assessed using both full and reduced dimensional fingerprint sets. Reduced dimensional subsets were selected using Dimensional Reduction Analysis (DRA) by rank ordering 1) pre-classification KS-Test p-values and 2) post-classification GRLVQI feature relevance values. Assessment of Zigbee device ID verification capability