Samer Hanna,Samurdhi Karunaratne,Danijela Cabric

DOI: https://doi.org/10.1109/spawc48557.2020.9154254

2020-05-01

Abstract:Wireless signals contain transmitter specific features, which can be used to verify the identity of transmitters and assist in implementing an authentication and authorization system. Most recently, there has been a wide interest in using deep learning for transmitter identification. However, the existing deep learning work has posed the problem as closed set classification, where a neural network classifies among a finite set of known transmitters. No matter how large this set is, it will not include all transmitters that exist. Malicious transmitters outside this closed set, once within communications range, can jeopardize the system security. In this paper, we propose a deep learning approach for transmitter authorization based on open set recognition. Our proposed approach identifies a set of authorized transmitters, while rejecting any other unseen transmitters by recognizing their signals as outliers. We propose three approaches for this problem and show their ability to reject signals from unauthorized transmitters on a dataset of WiFi captures. We consider the structure of training data needed, and we show that the accuracy improves by having signals from known unauthorized transmitters in the training set.

Samurdhi Karunaratne,Samer Hanna,Danijela Cabric

DOI: https://doi.org/10.1109/globecom46510.2021.9685335

2021-12-01

Abstract:RF devices can be identified by unique imperfections embedded in the signals they transmit called RF fingerprints. The closed set classification of such devices, where the identification must be made among an authorized set of transmitters, has been well explored. However, the much more difficult problem of open set classification, where the classifier needs to reject unauthorized transmitters while recognizing authorized transmitters, has only been recently visited. So far, efforts at open set classification have largely relied on the utilization of signal samples captured from a known set of unauthorized transmitters to aid the classifier learn unauthorized transmitter fingerprints. Since acquiring new transmitters to use as known transmitters is highly expensive, we propose to use generative deep learning methods to emulate unauthorized signal samples for the augmentation of training datasets. We develop two different data augmentation techniques, one that exploits a limited number of known unauthorized transmitters and the other that does not require any unauthorized transmitters. Experiments conducted on a dataset captured from a WiFi testbed indicate that data augmentation allows for significant increases in open set classification accuracy, especially when the authorized set is small.

Ningning Yu,Jiajun Wu,Chengwei Zhou,Zhiguo Shi,Jiming Chen

DOI: https://doi.org/10.1109/iccc62479.2024.10681914

2024-01-01

Abstract:As the explosive increase of drone classes, most existing radio frequency (RF) based drone detection methods belong to the supervised learning approaches, which brings the risk of misclassifying unknown classes. To address this problem, an open set signal recognition method for unknown drone detection is proposed to deal with such a scenario where testing classes do not exactly match training classes. In particular, dilated convolution layers with multi-level receptive fields are used in the process of signal semantic construction, which facilitates feature extraction by jointly exploiting the image-transmission signals and the flight control signals of drones. Besides, an outlier analysis-based classifier is designed in the semantic classification process, which relaxes the necessity of manually setting the bounding thresholds. Furthermore, a newly established real-world dataset DroneRFaSpectra is also released, which includes 12 drone classes with a total number of 8334 samples. Experimental results demonstrate that the proposed method outperforms the compared detection methods, achieving the highest detection rate of 99.26% for unknown drones.

Yuxiang Lin,Yi Gao,Bingji Li,Wei Dong

DOI: https://doi.org/10.1145/3536423

2022-01-01

ACM Transactions on Sensor Networks

Abstract:The broadcast nature of wireless media makes WLANs easily attacked by rogue Access Points (APs) . Rogue AP attacks can potentially cause severe privacy leakage and financial loss. Hardware fingerprinting is the state-of-the-art technology to detect rogue APs since an attacker would find it difficult to set up a rogue AP with specific hardware fingerprints. However, existing hardware fingerprints not only depend on the AP but also depend on the client, significantly limiting their application scenarios. In this work, we investigate two novel client-agnostic fingerprints, which can be extracted using commercial off-the-shelf WiFi devices, to detect rogue APs. One is the power amplifier non-linearity fingerprint and the other is the frame interval distribution fingerprint . These two fingerprints remain consistent over time and space for the same AP but vary across different APs even with the same brand, model, and firmware. We use the fingerprint similarity between the candidate AP and the authorized AP for device authentication in typical indoor environments. We have also proposed a threshold-improved authentication scheme to improve the robustness of our system in dynamic environments. Our schemes can be implemented without modifying the infrastructural APs and can work well with new clients without rebuilding the fingerprint database. We evaluate our scheme in both in-lab and field scenarios, by analyzing 18 million WiFi packets. Results show that our scheme achieves an overall 96.55% positive detection rate and a 4.31% false alarm rate. Moreover, the threshold-improved authentication scheme can further reduce the false alarm rate by 13.0%-44.8% for dynamic environments.

Luke Puppo,Weng-Keen Wong,Bechir Hamdaoui,Abdurrahman Elmaghbub

2023-05-17

Abstract:New capabilities in wireless network security have been enabled by deep learning, which leverages patterns in radio frequency (RF) data to identify and authenticate devices. Open-set detection is an area of deep learning that identifies samples captured from new devices during deployment that were not part of the training set. Past work in open-set detection has mostly been applied to independent and identically distributed data such as images. In contrast, RF signal data present a unique set of challenges as the data forms a time series with non-linear time dependencies among the samples. We introduce a novel open-set detection approach based on the patterns of the hidden state values within a Convolutional Neural Network (CNN) Long Short-Term Memory (LSTM) model. Our approach greatly improves the Area Under the Precision-Recall Curve on LoRa, Wireless-WiFi, and Wired-WiFi datasets, and hence, can be used successfully to monitor and control unauthorized network access of wireless devices.

Cryptography and Security,Machine Learning,Signal Processing

Yuxiang Lin,Yi Gao,Bingji Li,Wei Dong

DOI: https://doi.org/10.1109/percom45495.2020.9127375

2020-01-01

Abstract:The broadcast nature of wireless medium makes WLANs easily be attacked by rogue Access Points (APs). Rogue AP attacks can potentially cause severe privacy leakage and financial lost. Hardware fingerprinting is the state-of-the-art technology to detect rogue APs, since an attacker would find it difficult to set up a rogue AP with specific hardware fingerprints. However, existing hardware fingerprints not only depend on the AP, but also depend on the client, significantly limiting their applicable scenarios. In this work, we investigate two novel client-agnostic fingerprints, which can be extracted using commercial off-the-shelf WiFi devices, to detect rogue APs. One is the power amplifier non-linearity fingerprint and the other is the frame interval distribution fingerprint. These two fingerprints remain consistent over time and space for the same AP but vary across different APs even with the same brand, model and firmware. We use the fingerprint similarity between the candidate AP and the authorized AP for device authentication. Our scheme can be implemented without modifying the infrastructural APs and can work well with new clients without rebuilding the fingerprint database. We evaluate our scheme in both in-lab and field scenarios, by analyzing 12 million WiFi packets. Results shows that our scheme achieves an overall 96.55% positive detection rate and a 4.31% false alarm rate.

Ningning Yu,Jiajun Wu,Chengwei Zhou,Zhiguo Shi,Jiming Chen

DOI: https://doi.org/10.1109/tifs.2024.3463535

IF: 7.231

2024-01-01

IEEE Transactions on Information Forensics and Security

Abstract:The abuse of drones has raised critical concerns about public security and personal privacy, bringing an urgent requirement for drone recognition. Existing radio frequency (RF)-based recognition methods follow the assumption of the closed set, resulting in the unknown signals being misclassified as known classes. To address this problem, we propose a Signal Semantic-based open Set Recognition (S3R) method in this paper. First, the short-time Fourier transform is introduced to construct the signal spectra, decoupling the drone signals with other interference signals. Then, we design a texture extractor and a position extractor to extract the texture features and position features from the spectra, respectively. The extracted features are further fused and structurally optimized to construct distinguishable signal semantics. Based on the structural characteristics of signal semantics, an outlier analysis-based semantic classifier is proposed, which searches the outliers of each known class in the closed set as the bounding thresholds to detect unknown instances. Finally, the detected unknown instances are further classified into their exact classes by implementing clustering in a new semantic space, where semantics are augmented by introducing basic features from the intermediate layers of the texture extractor. Besides, a real-world spectrogram dataset of commonly-used drones is released, which includes 24 classes and covers 7 brands. Extensive experiments demonstrate that the proposed S3R method outperforms the state-of-the-art methods in terms of accuracy and generalizability for both the closed set and the open set.

Tianyi Zhao,Shamik Sarkar,Enes Krijestorac,Danijela Cabric

2024-02-18

Abstract:Radio frequency fingerprinting has been proposed for device identification. However, experimental studies also demonstrated its sensitivity to deployment changes. Recent works have addressed channel impacts by developing robust algorithms accounting for time and location variability, but the impacts of receiver impairments on transmitter fingerprints are yet to be solved. In this work, we investigate the receiver-agnostic transmitter fingerprinting problem, and propose a novel two-stage supervised learning framework (RXA) to address it. In the first stage, our approach calibrates a receiver-agnostic transmitter feature-extractor. We also propose two deep-learning approaches (SD-RXA and GAN-RXA) in this first stage to improve the receiver-agnostic property of the RXA framework. In the second stage, the calibrated feature-extractor is utilized to train a transmitter classifier with only one receiver. We evaluate the proposed approaches on the transmitter identification problem using a large-scale WiFi dataset. We show that when a trained transmitter-classifier is deployed on new receivers, the RXA framework can improve the classification accuracy by 19.5%, and the outlier detection ROC AUC by 12.0% compared to a naive approach without calibration. Moreover, GAN-RXA can further increase the closed-set classification accuracy by 5.0%, and the outlier detection ROC AUC by 12.5% compared to the RXA approach.

Signal Processing

Jialiang Gong,Xiaowei Qin,Xiaodong Xu

DOI: https://doi.org/10.1109/tccn.2021.3118456

IF: 6.359

2022-03-01

IEEE Transactions on Cognitive Communications and Networking

Abstract:Wireless signal identification plays an important role in effectively implementing spectrum monitoring and management. However, in ISM (Industrial, Science and Medical) band, it becomes a challenging task due to the heterogeneity of variously emerging wireless techniques, and part of the potential unknown spectral occupants may even hinder the feasibility of wireless signal identification. To overcome such difficulties, we focus on open-set recognition (OSR) in this paper and present a multi-task learning architecture based on deep neural network for identifying known and unknown spectral occupants. A novel structured extension of the counterfactual GAN (CountGAN) architecture is proposed and we introduce a multi-tasking architecture to take advantage of the modulation-domain information from the captured signal, thus improving the representation of individual wireless signals and further enhancing model robustness and adaptability to open-set scenarios. In particular, Circle-loss in metric learning and extreme value theory are also applied to make tighter and clearer decision boundaries for signal identification, and further enhance the optimization of the decision boundaries between known and unknown classes. Numerical results indicate that the proposed framework consistently outperforms state-of-the-art OSR algorithms and several baselines for wireless signal identification task, both in terms of convergence performance and classification accuracy.

telecommunications

Samer S. Hanna,Danijela Cabric

DOI: https://doi.org/10.1109/iccnc.2019.8685569

2019-02-01

Abstract:The imperfections in the RF frontend of different transmitters can be used to distinguish them. This process is called transmitter identification using RF fingerprints. The nonlinearity in the power amplifier of the RF frontend is a significant cause of the discrepancy in RF fingerprints, which enables transmitter identification. In this work, we use deep learning to identify different transmitters using their nonlinear characteristics. By developing a nonlinear model generator based on extensive measurements, we were able to extend the evaluation of transmitter identification to include a larger number of transmitters beyond what exists in the literature. We were also able to study the impact of transmitter variability on identification accuracy. Additionally, many other factors were considered including modulation type, length of data used for identification, and type of data being transmitted whether identical or random under a realistic channel model. Simulation results were compared with experiments which confirmed similar trends.

Rajshekhar Das,Akshay Gadre,Shanghang Zhang,Swarun Kumar,Jose M. F. Moura

DOI: https://doi.org/10.1109/icc.2018.8422832

2018-01-01

Abstract:At its peak, the Internet-of-Things will largely be composed of low-power devices with wireless radios attached. Yet, secure authentication of these devices amidst adversaries with much higher power and computational capability remains a challenge, even for advanced cryptographic and wireless security protocols. For instance, a high-power software radio could simply replay chunks of signals from a low-power device to emulate it. This paper presents a deep-learning classifier that learns hardware imperfections of low-power radios that are challenging to emulate, even for high- power adversaries. We build an LSTM framework, specifically sensitive to signal imperfections that persist over long durations. Experimental results from a testbed of 30 low-power nodes demonstrate high resilience to advanced software radio adversaries.

Da Huang,Akram Al-Hourani,Kandeepan Sithamparanathan,Wayne S.T. Rowe

DOI: https://doi.org/10.1109/jiot.2024.3361892

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Transmitter authentication is critical for secured Internet of Things (IoT) applications. Recently, there has been growing interest in utilizing the physical layer authentication technique, radio frequency (RF) fingerprinting, to introduce extra security measurements without adding additional components. This work presents a novel fingerprint exploitation modality, Density Trace Plot (DTP), to leverage RF fingerprints originating from symbol transition trajectories for transmitter authentication. With a particular focus on IQ imbalance as the source impairment for RF fingerprints, we investigate the feasibility of three types of DTPs based on constellation, eye, and phase traces. The potential fingerprints presented in the DTP modalities are then used in training three deep learning classifiers: 2D-convolutional neural network (CNN), 2D-CNN+bi-directional long short-term memory (biLSTM), and 3D-CNN for transmitter authentication. The feasibility of the proposed approach in both wired and wireless conditions is validated using an experimental setup built using ADALM-PLUTO software-defined radios (SDRs). Experimental results demonstrate the best authentication accuracy of 96.7% is achieved across signals of various modulation complexities.

computer science, information systems,telecommunications,engineering, electrical & electronic

Zhang Hong-xin,Liu Jia,Xu Jun,Zhang Fan,Cui Xiao-tong,Sun Shao-fei

DOI: https://doi.org/10.1186/s13638-020-01808-z

2020-01-01

EURASIP Journal on Wireless Communications and Networking

Abstract:The electromagnetic radiation of electronic equipment carries information and can cause information leakage, which poses a serious threat to the security system; especially the information leakage caused by encryption or other important equipment will have more serious consequences. In the past decade or so, the attack technology and means for the physical layer have developed rapidly. And system designers have no effective method for this situation to eliminate or defend against threats with an absolute level of security. In recent years, device identification has been developed and improved as a physical-level technology to improve the security of integrated circuit (IC)-based multifactor authentication systems. Device identification tasks (including device identification and verification) are accomplished by monitoring and exploiting the characteristics of the IC's unintentional electromagnetic radiation, without requiring any modification and process to hardware devices, thereby providing versatility and adapting existing hardware devices. Device identification based on deep residual networks and radio frequency is a technology applicable to the physical layer, which can improve the security of integrated circuit (IC)-based multifactor authentication systems. Device identification tasks (identification and verification) are accomplished by passively monitoring and utilizing the inherent properties of IC unintended RF transmissions without requiring any modifications to the analysis equipment. After the device performs a series of operations, the device is classified and identified using a deep residual neural network. The gradient descent method is used to adjust the network parameters, the batch training method is used to speed up the parameter tuning speed, the parameter regularization is used to improve the generalization, and finally, the Softmax classifier is used for classification. In the end, 28 chips of 4 models can be accurately identified into 4 categories, then the individual chips in each category can be identified, and finally 28 chips can be accurately identified, and the verification accuracy reached 100%. Therefore, the identification of radio frequency equipment based on deep residual network is very suitable as a countermeasure for implementing the device cloning technology and is expected to be related to various security issues.

Haifeng Xu,Xiaodong Xu

DOI: https://doi.org/10.1109/iccc54389.2021.9674605

2021-01-01

Abstract:Specific emitter identification (SEI) can verify the identity of emitters and plays an important role in a wide range of military and civilian fields. Most recently, there has been great interests in applying deep learning techniques for SEI. However, the vast majority of existing work limits SEI to closed-set classification, where deep networks only perform classification in a limited set of known emitters. These algorithms are not capable of handling transmitters that appear outside the closed set, compromising the security of the communication system once such emitters within the communication range. In this paper, we propose a novel deep learning method for SEI based on the open-set recognition. By using a combination of an improved Transformer and the modified intra-class splitting (ICS) method, our proposed method can identify unknown class of signals while maintaining a high accuracy of known classes. Numerical experiments demonstrate its ability to reject signals from unknown emitters with high accuracy on USRP-generated datasets, and its classification performance exceeds that of various existing open-set classification algorithms.

Saeif Al-Hazbi,Ahmed Hussain,Savio Sciancalepore,Gabriele Oligeri,Panos Papadimitratos

2024-04-16

Abstract:Radio Frequency Fingerprinting (RFF) techniques promise to authenticate wireless devices at the physical layer based on inherent hardware imperfections introduced during manufacturing. Such RF transmitter imperfections are reflected into over-the-air signals, allowing receivers to accurately identify the RF transmitting source. Recent advances in Machine Learning, particularly in Deep Learning (DL), have improved the ability of RFF systems to extract and learn complex features that make up the device-specific fingerprint. However, integrating DL techniques with RFF and operating the system in real-world scenarios presents numerous challenges, originating from the embedded systems and the DL research domains. This paper systematically identifies and analyzes the essential considerations and challenges encountered in the creation of DL-based RFF systems across their typical development life-cycle, which include (i) data collection and preprocessing, (ii) training, and finally, (iii) deployment. Our investigation provides a comprehensive overview of the current open problems that prevent real deployment of DL-based RFF systems while also discussing promising research opportunities to enhance the overall accuracy, robustness, and privacy of these systems.

Cryptography and Security,Artificial Intelligence,Signal Processing

Jinyin Chen,Jie Ge,Shilian Zheng,Linhui Ye,Haibin Zheng,Weiguo Shen,Keqiang Yue,Xiaoniu Yang

DOI: https://doi.org/10.1109/twc.2024.3374699

IF: 10.4

2024-01-01

IEEE Transactions on Wireless Communications

Abstract:A wireless communications system usually consists of a transmitter which transmits the information and a receiver which recovers the original information from the received distorted signal. Deep learning (DL) has been used to improve the performance of the receiver in complicated channel environments and state-of-the-art (SOTA) performance has been achieved. However, its robustness has not been investigated. In order to evaluate the robustness of DL-based information recovery models under adversarial circumstances, we investigate adversarial attacks on the SOTA DL-based information recovery model, i.e., DeepReceiver. We formulate the problem as an optimization problem with power and peak-to-average power ratio (PAPR) constraints. We design different adversarial attack methods according to the adversary’s knowledge of DeepReceiver’s model and/or testing samples. Extensive experiments show that the DeepReceiver is vulnerable to the designed attack methods in all of the considered scenarios. Even in the scenario of both model and test sample restricted, the adversary can attack the DeepReceiver and increase its bit error rate (BER) above 10%. It can also be found that the DeepReceiver is vulnerable to adversarial perturbations even with very low power and limited PAPR. These results suggest that defense measures should be taken to enhance the robustness of DeepReceiver.

telecommunications,engineering, electrical & electronic

Chaozheng Xue,Tao Li,Yongzhao Li,Yuhan Ruan,Rui Zhang,Octavia A. Dobre

DOI: https://doi.org/10.1109/tim.2023.3306822

IF: 5.6

2023-01-01

IEEE Transactions on Instrumentation and Measurement

Abstract:Identifying noncooperative drones has attracted much attention in recent years, which is critical to public safety. Extensive research has demonstrated that state-of-the-art deep learning (DL) is well-suited to address this problem. This article aims to improve the performance of the DL-based radio-frequency identification (RFI) systems for drones considering some major challenges faced in practical applications, including the unknown drone operating channels, the applicability of drone signal representations to the DL models, and the variation of wireless channels. First, a morphological-filtering-based carrier frequency offset estimation and compensation is proposed to adapt to the switchable operating channel of drones. Second, the applicability of typical drone signal representations revealing different signal features and typical DL models possessing different learning capabilities is investigated, in terms of classification accuracy, training time, and number of parameters. Third, a data augmentation scheme is proposed to generate training signals by injecting various channel distortions, including additive white Gaussian noise (AWGN), multipath, and Doppler shift. Finally, we set up a universal software radio peripheral-based experimental platform to identify 12 types of drones in a real wireless environment. Experimental results validate the improvement of the proposed schemes. The spectrogram combined with the real-valued CNN is recommended for drone classification, which achieves an accuracy of 97% with the least training time and parameters.

Jiayao Gao,Hongfei Fan,Yumei Zhao,Yang Shi

DOI: https://doi.org/10.3390/e25081191

2023-08-10

Abstract:With the increasing demand for Internet of Things (IoT) network applications, the lack of adequate identification and authentication has become a significant security concern. Radio frequency fingerprinting techniques, which utilize regular radio traffic as the identification source, were then proposed to provide a more secured identification approach compared to traditional security methods. Such solutions take hardware-level characteristics as device fingerprints to mitigate the risk of pre-shared key leakage and lower computational complexity. However, the existing studies suffer from problems such as location dependence. In this study, we have proposed a novel scheme for further exploiting the spectrogram and the carrier frequency offset (CFO) as identification sources. A convolutional neural network (CNN) is chosen as the classifier. The scheme addressed the location-dependence problem in the existing identification schemes. Experimental evaluations with data collected in the real world have indicated that the proposed approach can achieve 80% accuracy even if the training and testing data are collected on different days and at different locations, which is 13% higher than state-of-the-art approaches.

Yong Huang,Wei Wang,Hao Wang,Tao Jiang,Qian Zhang

DOI: https://doi.org/10.1109/twc.2020.2991111

IF: 10.4

2020-08-01

IEEE Transactions on Wireless Communications

Abstract:By adding users as a new dimension to connectivity, on-body Internet-of-Things (IoT) devices have gained considerable momentum in recent years, while raising serious privacy and safety issues. Existing approaches to authenticate these devices limit themselves to dedicated sensors or specified user motions, undermining their widespread acceptance. This paper overcomes these limitations with a general authentication solution by integrating wireless physical layer (PHY) signatures with upper-layer protocols. The key enabling techniques are constructing representative radio propagation profiles from received signals, and developing an adversarial multi-player neural network to accurately recognize underlying radio propagation patterns and facilitate on-body device authentication. Once hearing a suspicious transmission, our system triggers a PHY-based challenge-response protocol to defend in depth against active attacks. We prove that at equilibrium, our adversarial model can extract all information about propagation patterns and eliminate any irrelevant information caused by motion variances and environment changes. We build a prototype of our system using Universal Software Radio Peripheral (USRP) devices and conduct extensive experiments with various static and dynamic body motions in typical indoor and outdoor environments. The experimental results show that our system achieves an average authentication accuracy of 91.6%, with a high area under the receiver operating characteristic curve (AUROC) of 0.96 and a better generalization performance compared with the conventional non-adversarial approach.

telecommunications,engineering, electrical & electronic

Ebtesam Almazrouei,Gabriele Gianini,Nawaf Almoosa,Ernesto Damiani

DOI: https://doi.org/10.3390/s21072414

2021-04-01

Abstract:This paper proposes a novel Deep Learning (DL)-based approach for classifying the radio-access technology (RAT) of wireless emitters. The approach improves computational efficiency and accuracy under harsh channel conditions with respect to existing approaches. Intelligent spectrum monitoring is a crucial enabler for emerging wireless access environments that supports sharing of (and dynamic access to) spectral resources between multiple RATs and user classes. Emitter classification enables monitoring the varying patterns of spectral occupancy across RATs, which is instrumental in optimizing spectral utilization and interference management and supporting efficient enforcement of access regulations. Existing emitter classification approaches successfully leverage convolutional neural networks (CNNs) to recognize RAT visual features in spectrograms and other time-frequency representations; however, the corresponding classification accuracy degrades severely under harsh propagation conditions, and the computational cost of CNNs may limit their adoption in resource-constrained network edge scenarios. In this work, we propose a novel emitter classification solution consisting of a Denoising Autoencoder (DAE), which feeds a CNN classifier with lower dimensionality, denoised representations of channel-corrupted spectrograms. We demonstrate-using a standard-compliant simulation of various RATs including LTE and four latest Wi-Fi standards-that in harsh channel conditions including non-line-of-sight, large scale fading, and mobility-induced Doppler shifts, our proposed solution outperforms a wide range of standalone CNNs and other machine learning models while requiring significantly less computational resources. The maximum achieved accuracy of the emitter classifier is 100%, and the average accuracy is 91% across all the propagation conditions.