M.A. Temple

Air Force Institute of Technology, Patterson, California, United States

Are you M.A. Temple?

Claim your profile

Publications (134)70.95 Total impact

  • Samuel J. Stone, Michael A. Temple, Rusty O. Baldwin
    [Show abstract] [Hide abstract]
    ABSTRACT: Industrial control systems are used to operate critical infrastructure assets in the civilian and military sectors. Current industrial control system architectures are predominantly based on networked digital computers that enable reliable monitoring and control of critical functions via localized and distributed operations. Many industrial control systems, in particular, supervisory control and data acquisition (SCADA) systems, implement monitoring and control using programmable logic controllers, which have served as gateways through which cyber attacks have been orchestrated against high-profile industrial control system targets.
    International Journal of Critical Infrastructure Protection 02/2015; DOI:10.1016/j.ijcip.2015.02.001 · 0.43 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: Low-data-rate wireless networks incorporated in critical infrastructure applications can be protected through 128-bit encryption keys and address-based access control lists. However, these bit-level credentials are vulnerable to interception, extraction and spoofing using software tools available free of charge on the Internet. Recent research has demonstrated that wireless physical layer device fingerprinting can be used to defend against replay and spoofing attacks. However, radio frequency (RF) fingerprinting typically uses expensive signal collection systems; this is because fingerprinting wireless devices with low-cost receivers has been reported to have inconsistent accuracy. This paper demonstrates a robust radio frequency fingerprinting process that is consistently accurate with both high-end and low-cost receivers. Indeed, the results demonstrate that low-cost software-defined radios can be used to perform accurate radio frequency fingerprinting and to identify spoofing attacks in critical IEEE 802.15.4-based infrastructure networks such as ZigBee.
    International Journal of Critical Infrastructure Protection 01/2015; 8:27-39. DOI:10.1016/j.ijcip.2014.11.002 · 0.43 Impact Factor
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Side-channel analysis has been used to successfully attack many cryptographic systems. However, to improve trace quality and make collection of side-channel data easier, the attacker typically modifies the target device to add a trigger signal. This trigger implies a very powerful attacker with virtually complete control over the device. This paper describes a method to collect side-channel data using a software defined radio (SDR) in real-time without requiring a collection device trigger. A correlation-based frequency-dependent leakage mapping technique is introduced to evaluate a 32-bit microprocessor, revealing that individual key bytes leak at different frequencies. Key byte-dependent leakage is observed in both SDR collected and triggered oscilloscope-based collections (which serve to validate the SDR data). This research is the first to demonstrate effective differential attack using SDRs. Successful attacks are presented using two SDRs, including a US$20 digital television receiver with modified drivers.
    IEEE Transactions on Information Forensics and Security 12/2013; 8(12):2101-2114. DOI:10.1109/TIFS.2013.2287600 · 2.07 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: Orthogonal Frequency Division Multiplexing (OFDM) has been considered as a strong candidate for next generation wireless communication systems. Compared to traditional OFDM, Single Carrier OFDM (SC-OFDM) has demonstrated excellent bit error rate (BER) performance, as well as low peak to average power ratio (PAPR). Similar to other multi-carrier transmission technologies, SC-OFDM suffers significant performance degradation resulting from intercarrier interference (ICI) in high mobility environments. Existing techniques for OFDM can be directly adopted in SC-OFDM to improve performance, however, this improved performance comes at costs such as decreased throughput. In this paper, we analyze the effect of ICI on an SC-OFDM system and propose a novel modulation scheme. The proposed Magnitude-Keyed Modulation (MKM) modulation provides SC-OFDM system immunity to ICI and with an easy implementation it significantly outperforms OFDM, SC-OFDM and MC-CDMA systems with Phase Shift Keying (PSK) modulation and Quadrature Amplitude Modulation (QAM) in severe ICI environment. Analysis also illustrates the proposed SC-OFDM system with MKM modulation maintains low PAPR compared to traditional OFDM and SC-OFDM systems with PSK and QAM modulations. Simulation results for different modulation schemes in various ICI environments confirm the effectiveness of the proposed system.
    IEEE Transactions on Communications 02/2013; 61(2):658-668. DOI:10.1109/TCOMM.2012.122112.110214 · 1.98 Impact Factor
  • P.K. Harmer, D.R. Reising, M.A. Temple
    [Show abstract] [Hide abstract]
    ABSTRACT: Cognitive Radio (CR) networks create an environment that presents unique security challenges, with reliable user authentication being essential for mitigating Primary User Emulation (PUE) spoofing and ensuring the cognition engine is using reliable information when dynamically reconfiguring the network. Unfortunately, wireless network edge devices increase spoofing potential as all devices can “see” all network traffic within RF range. Conventional bit-level security helps, but additional security based on physical-layer (PHY) attributes is required to ensure unauthorized devices do not adversely impact CR reliability during environmental assessment. RF Distinct Native Attribute (RF-DNA) fingerprinting is one PHY technique for reliably identifying devices based on inherent emission differences. These differences are exploited to uniquely identify, by serial number, hardware devices and aid cognitive network security. Reliable device discrimination has been achieved using Multiple Discriminant Analysis, Maximum Likelihood (MDA/ML) processing. However, MDA/ML provides no insight into feature relevance which limits its use for optimizing feature selection. This limitation is addressed here using Generalized Relevance Learning Vector Quantization-Improved (GRLVQI) and Learning from Signals (LFS) classifiers. Comparative assessment shows that GRLVQI and LFS classification performance rivals that of MDA/ML, overcomes inherent MDA/ML limitations, and provides benefit for CR network applications where reliable RF environment assessment and PUE mitigation is essential.
    Communications (ICC), 2013 IEEE International Conference on; 01/2013
  • Qian Han, Xue Li, M. Temple, Zhiqiang Wu
    [Show abstract] [Hide abstract]
    ABSTRACT: It is well known that Orthogonal Frequency Division Multiplexing (OFDM) systems suffer from intercarrier interference (ICI) in mobile environment due to loss of orthogonality among subcarriers caused by Doppler shifts. There exist many ICI mitigation techniques in the literature to improve the performance of OFDM systems. However, most of the existing ICI mitigation techniques assume the OFDM transmission bandwidth is narrow enough that the frequency offsets on all subcarriers are identical. In a wideband OFDM transmission or a non-contiguous OFDM spanning over large bandwidth, the Doppler shifts on different subcarriers are different, especially in high speed aerial vehicle communication systems. In this paper, we analyze the wideband OFDM system in high mobility environment where the frequency offsets vary from subcarrier to subcarrier. We then propose a novel ICI cancellation scheme to eliminate the ICI effect and offer the wideband OFDM system significantly improved BER performance. Simulation results in AWGN channel and multipath fading channel confirm the effectiveness of the proposed scheme in the presence of frequency offset and time variations in the channel, offering the best BER performance available which matches the BER performance of wideband OFDM system without ICI. To our knowledge, this paper is the first to address the ICI problem of varying frequency offsets across subcarriers in wideband OFDM system.
    Computing, Networking and Communications (ICNC), 2013 International Conference on; 01/2013
  • P.K. Harmer, M.A. Temple
    [Show abstract] [Hide abstract]
    ABSTRACT: Security and privacy within existing wireless architectures remain a major concern and may be further compounded when considering multi-node wireless cognitive networks. However, the same computational capabilities that enable cognitive transceiver operation can also be used to enhance physical-layer security at each node. The approach here uses RF Distinct Native Attribute (RF-DNA) features that embody unique statistical properties of received RF emissions. The baseline system uses a Multiple Discriminant Analysis, Maximum Likelihood (MDA/ML) process to classify devices by exploiting RF-DNA uniqueness that enables serial number discrimination. MDA/ML limitations, to include a lack of feature relevance indication, are addressed using a previously investigated Learning From Signals (LFS) process. Of significance here is the expansion of LFS capability which will be readily implementable in envisioned cognitive network architectures. By coupling Kernel Regression (KR) with a Differential Evolution (DE) genetic algorithm, LFS is able to “learn” an improved model of the signal environment. Results here for experimentally collected 802.11a WiFi signals demonstrate recent improvements to the LFS engine that enable it to operate more effectively within a higher-dimensional RF-DNA feature space. The addition of a fractional Euclidean Distance (ED) similarity metric and vector class labeling provide improvement of 9 % to 23 % in average percent correct classification over the earlier LFS implementation.
    Computing, Networking and Communications (ICNC), 2013 International Conference on; 01/2013
  • Samuel Stone, Michael Temple
    [Show abstract] [Hide abstract]
    ABSTRACT: Advances in the processing power and efficiency of computers have led to the proliferation of information technology (IT) systems in nearly every aspect of our daily lives. The pervasiveness and reliance on IT systems, however, have increased the susceptibility to cyber attacks. This is of particular concern with regard to supervisory control and data acquisition (SCADA) systems in the critical infrastructure. Compromises of SCADA systems–in particular, the programmable logic controllers (PLCs) used as field devices to control and monitor remote processes–could have devastating consequences. However, because of their limited onboard computing resources (e.g., processing power and memory), conventional bit-level IT security mechanisms are not well suited to safeguarding PLCs.This paper describes a methodology for detecting anomalous operations of PLCs. The methodology uses information extracted from radio frequency (RF) features to identify changes in operating characteristics due to malicious actions or system failure. The experimental results demonstrate the utility of the RF-based anomaly detection methodology for PLC verification.
    International Journal of Critical Infrastructure Protection 07/2012; 5(2):66–73. DOI:10.1016/j.ijcip.2012.05.001 · 0.43 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: Template attacks are a very powerful form of side-channel analysis. It is assumed an adversary has access to a training device, identical to the device under attack, to build a precise multivariate characterization of the side-channel emissions. The training and test devices are assumed to have identical, or at least very similar, electromagnetic emissions. Often, when evaluating the effectiveness of a template attack, training and test data are from the same-device. The effectiveness of collecting training and test data from different devices, or cross-device attacks, are evaluated here using 40 PIC microcontroller devices. When the standard template attack methodology fails to produce adequate results, each step is evaluated to identify device-dependent variations. A simple pre-processing technique, normalizing the trace means and variances from the training and test devices, is evaluated for various test data set sizes. This step improves the success key-byte extraction rate for same part number cross-device template attacks from 65.1 to 100 % and improves attacks against similar devices in the same-device family. Additionally, it is demonstrated that due to differences in device leakage, minimizing the number of distinguishing features reduces the effectiveness of cross-device attacks.
    06/2012; 3(2). DOI:10.1007/s13389-012-0038-y
  • W.E. Cobb, E.D. Laspe, R.O. Baldwin, Michael A. Temple, Y.C. Kim
    [Show abstract] [Hide abstract]
    ABSTRACT: Radio-frequency distinct native attribute (RF-DNA) fingerprinting is adapted as a physical-layer technique to improve the security of integrated circuit (IC)-based multifactor authentication systems. Device recognition tasks (both identification and verification) are accomplished by passively monitoring and exploiting the intrinsic features of an IC's unintentional RF emissions without requiring any modification to the device being analyzed. Device discrimination is achieved using RF-DNA fingerprints comprised of higher order statistical features based on instantaneous amplitude, phase, and frequency responses as a device executes a sequence of operations. The recognition system is trained using multiple discriminant analysis to reduce data dimensionality while retaining class separability, and the resultant fingerprints are classified using a linear Bayesian classifier. Demonstrated identification and verification performance includes average identification accuracy of greater than 99.5% and equal error rates of less than 0.05% for 40 near-identical devices. Depending on the level of required classification accuracy, RF-DNA fingerprint-based authentication is well-suited for implementation as a countermeasure to device cloning, and is promising for use in a wide variety of related security problems.
    IEEE Transactions on Information Forensics and Security 02/2012; 7(1):14-24. DOI:10.1109/TIFS.2011.2160170 · 2.07 Impact Factor
  • Source
    Benjamin W Ramsey, Michael A Temple, Barry E Mullins
    [Show abstract] [Hide abstract]
    ABSTRACT: The ZigBee specification builds upon IEEE 802.15.4 low-rate wireless personal area standards by adding security and mesh networking functionality. ZigBee networks may be secured through 128-bit encryption keys and by MAC address access control lists, yet these credentials are vulnerable to interception and spoofing via free software tools available over the Internet. This work proposes a multi-factor PHY-MAC-NWK security framework for ZigBee that augments bit-level security using radio frequency (RF) PHY features. These features, or RF fingerprints, can be used to differentiate between dissimilar or like-model wireless devices. Previous PHY-based works on mesh network device differentiation predominantly exploited the signal turn-on region, measured in nanoseconds. For an arbitrary benchmark of 90% or better classification accuracy, this work shows that reliable PHY-based ZigBee device discrimination can be achieved at SNR ≥ 8 dB. This is done using the entire transmission preamble, which is less technically challenging to detect and is over 1000 times longer than the signal turn-on region. This work also introduces a statistical, pre-classification feature ranking technique for identifying relevant features that dramatically reduces the number of RF fingerprint features without sacrificing classification performance.
    01/2012; DOI:10.1109/GLOCOM.2012.6503210
  • D.R. Reising, Michael A. Temple, M.E. Oxley
    [Show abstract] [Hide abstract]
    ABSTRACT: Previous work has demonstrated the viability of using RF-DNA fingerprinting to provide serial number discrimination of IEEE 802.11a WiFi devices as a means to augment conventional bit-level security. This was done using RF-DNA extracted from signal regions containing standard pre-defined responses (preamble, midamble, etc.). Using these responses, proof-of-concept demonstrations with RF-DNA fingerprinting have shown some effectiveness for providing serial number discrimination. The discrimination challenge increases considerably when pre-defined signal responses are not present. This challenge is addressed here using experimentally collected IEEE 802.16e WiMAX signals from Alvarion BreezeMAX Mobile Subscriber (MS) devices. Relative to previous Time Domain (TD) and Spectral Domain (SD) fingerprint features, joint time-frequency Gabor (GT) and Gabor-Wigner (GWT) Transform features are considered here as a means to extract greater device discriminating information. For comparison, RF-DNA is extracted from TD, SD, GT, and GWT responses and MDA/ML feature extraction and classification performed. Preliminary assessment shows that Gabor-based RF-DNA fingerprinting is much more effective than either TD or SD methods. GT RF-DNA fingerprinting achieves individual WiMAX MS device classification of 98.5% or better for SNR ≥ -3 dB.
    Computing, Networking and Communications (ICNC), 2012 International Conference on; 01/2012
  • [Show abstract] [Hide abstract]
    ABSTRACT: Impersonation of authorized network devices is a serious concern in applications involving monitoring and control of battlefield operations and military installation infrastructure-ZigBee is among the ad hoc network alternatives used for such purposes. There are considerable security concerns given the availability of ZigBee “hacking” tools that have evolved from methods used for IEEE 802.11 Wi-Fi and IEEE 802.15.1 Bluetooth attacks. To mitigate the effectiveness of these bit-level attacks, RF waveform features within the lowest OSI physical (PHY) layer are used to augment bit-level security mechanisms within higher OSI layers. The evolution of RF 'Distinct Native Attribute' (RF-DNA) fingerprinting continues here with a goal toward improving defensive RF Intelligence (RFINT) measures and enhancing rogue device detection. Demonstrations here involve ZigBee burst collection and RF-DNA fingerprint generation using experimentally collected emissions from like-model CC2420 ZigBee devices operating at 2.4 GHz. RF-DNA fingerprints from 7 authorized devices are used for Multiple Discriminant Analysis (MDA) training and authorized device classification performance assessed, i.e. answering: “Is the device 1 of M authorized devices?” Additional devices are introduced as impersonating rogue devices attempting to gain unauthorized network access by presenting false bit-level credentials for one of the M authorized devices. Granting or rejecting rogue network access is addressed using a claimed identity verification process, i.e, answering: “Does the device's current RF-DNA match its claimed bit-level identity?” For authorized devices, arbitrary classification and verification benchmarks of %C>; 90% and %V >; 90% are achieved at SNR≈10.0 dB using a test statistic based on assumed Multivariate Gaussian (MVG) likelihood values. Overall, rogue device rejection capability is promising using the same verification test - tatistic, with %V
  • D.R. Reising, M.A. Temple
    [Show abstract] [Hide abstract]
    ABSTRACT: Considerable effort has been put forth to exploit physical layer attributes to augment network bit-level security mechanisms. RF-DNA fingerprints possess such attributes and can be used to uniquely identify authorized users and mitigate unauthorized network activity. These attributes are unique to a given electronic device and difficult to replicate for cloning, spoofing, etc. Device discrimination (identification) of WiMAX devices has been successfully demonstrated using a one-to-many comparison against a pool of unknown device fingerprints. The work here now addresses device authentication using a one-to-one comparison against the specific fingerprint associated with a claimed bit-level identity (MAC, SIM, IMEI, etc). The concept is demonstrated using Gabor-based RF-DNA extracted from near-transient burst responses of 802.16e WiMAX mobile subscriber devices-device identification of better than 96% is achieved with verification EER ≤ 1.6% for SNR ≥ -3 dB.
    Communications (ICC), 2012 IEEE International Conference on; 01/2012
  • 12/2011; 6(9):671-681. DOI:10.4304/jcm.6.9.671-681
  • [Show abstract] [Hide abstract]
    ABSTRACT: Computer and communication network attacks are commonly orchestrated through Wireless Access Points (WAPs). This paper summarizes proof-of-concept research activity aimed at developing a physical layer Radio Frequency (RF) air monitoring capability to limit unauthorized WAP access and improve network security. This is done using Differential Evolution (DE) to optimize the performance of a "Learning from Signals" (LFS) classifier implemented with RF "Distinct Native Attribute" (RF-DNA) fingerprints. Performance of the resultant DE-optimized LFS classifier is demonstrated using 802.11a WiFi devices under the most challenging conditions of intra-manufacturer classification, i.e., using emissions of like-model devices that only differ in serial number. Using identical classifier input features, performance of the DE-optimized LFS classifier is assessed relative to a Multiple Discriminant Analysis / Maximum Likelihood (MDA/ML) classifier that has been used for previous demonstrations. The comparative assessment is made using both Time Domain (TD) and Spectral Domain (SD) fingerprint features. For all combinations of classifier type, feature type, and signal-to-noise ratio considered, results show that the DE-optimized LFS classifier with TD features is superior and provides up to 20% improvement in classification accuracy with proper selection of DE parameters.
    13th Annual Genetic and Evolutionary Computation Conference, GECCO 2011, Proceedings, Dublin, Ireland, July 12-16, 2011; 01/2011
  • P.K. Harmer, M.D. Williams, Michael A. Temple
    [Show abstract] [Hide abstract]
    ABSTRACT: Wireless communication networks remain under attack with ill- intentioned "hackers" routinely gaining unauthorized access through Wireless Access Points-one of the most vulnerable points in an Information Technology (IT) system. The goal here is to demonstrate the feasibility of using Radio Frequency (RF) air monitoring to augment conventional bit-level security at WAPs. The specific networks of interest include those based on Orthogonal Frequency Division Multiplexing (OFDM), to include 802.11a/g WiFi and 4G 802.16 WiMAX. Proof-of-concept results are presented to demonstrate the effectiveness of a "Learning from Signals" (LFS) classifier with Gaussian kernel bandwidth parameters optimally determined using Differential Evolution (DE). The resultant DE-optimized LFS classifier is implemented within an RF "Distinct Native Attribute" (RF-DNA) fingerprinting process with both Time Domain (TD) and Spectral Domain (SD) features input to the classifier. The RF-DNA is used for intra-manufacturer (like-model devices from a given manufacturer) discrimination of IEEE compliant 802.11a WiFi devices and 802.16e WiMAX devices. A comparative performance assessment is provided using results from the proposed DE-optimized LFS classifier and a Bayesian-based Multiple Discriminant Analysis/Maximum Likelihood (MDA/ML) classifier as used in previous demonstrations. The assessment is performed using identical TD and SD fingerprint features for both classifiers. Preliminary results of the DE-optimized classifier are very promising, with correct classification improvement of 15% to 40% realized over the range of signal to noise ratios considered.
    Computer Communications and Networks (ICCCN), 2011 Proceedings of 20th International Conference on; 01/2011
  • [Show abstract] [Hide abstract]
    ABSTRACT: Interest in Cognitive Radio (CR) remains strong as the communications community strives to solve the spectrum congestion problem. In conventional CR implementations, interference to primary users is minimized using either overlay waveforms that exploit unused (white) spectrum holes or underlay waveforms that spread their power spectrum density over an ultra-wide bandwidth. In Part I, we proposed a novel hybrid overlay/underlay waveform that realizes benefits of both waveforms and demonstrated its performance in an AWGN channel. This was done by extending the original Spectrally Modulated Spectrally Encoded (SMSE) framework to enable soft decision CR implementations that exploit both unused (white) and underused (gray) spectral areas. In Part II, we analyze and evaluate performance of the proposed hybrid overlay/underlay waveform in frequency selective fading channels. A simulated performance analysis of overlay, underlay and hybrid overlay/ underlay waveforms in frequency selective fading channels is presented and benefits discussed.
    IEEE Transactions on Communications 07/2010; DOI:10.1109/TCOMM.2010.06.090176 · 1.98 Impact Factor
  • E. Like, M. Temple, Zhiqiang Wu
    [Show abstract] [Hide abstract]
    ABSTRACT: Applicability of Spectrally Modulated, Spectrally Encoded (SMSE) waveform design has been expanded for future Cognitive Radio (CR)-based Software Defined Radio (SDR) applications. As previously demonstrated, the SMSE waveform design process can exploit statistical knowledge of PU spectral and temporal behavior to maximize SMSE system throughput (bits/second) while adhering to SMSE and Primary User (PU) spectral constraints. The capacity of SMSE systems is extended here using spectral partitioning with carrier-interferometry (CI) coding to increase SMSE waveform agility in the presence of a spectrally diverse transmission channel. By adaptively varying the modulation order and optimally allocating power within each spectral partition, inherent SMSE flexibility is more fully exploited and substantially increases system throughput while meeting Power Spectral Density (PSD) constraints. A coexistent scenario is provided in which the analytic optimization of the SMSE waveform is demonstrated while meeting spectral mask requirements. Results show that spectrally partitioned CI-SMSE waveforms have a significantly greater ability to adapt to varying spectral requirements.
    Communications (ICC), 2010 IEEE International Conference on; 06/2010
  • Eric C. Like, Michael A. Temple, Zhiqiang Wu
    [Show abstract] [Hide abstract]
    ABSTRACT: The impact of channel estimation error is investigated for Spectrally Modulated, Spectrally Encoded (SMSE) waveform designs in a coexistent environment containing multiple 802.11 Primary User (PU) systems. As previously demonstrated, the SMSE waveform design process can exploit statistical knowledge of PU spectral and temporal behavior to maximize SMSE system throughput (bits/second). This can be done by enforcing SMSE and PU bit error rate constraints while limiting mutual coexistent interference limited to manageable levels. Since maximum system performance requires accurate channel state knowledge at the SMSE transmitter, the presence of channel estimation error decreases the ability to design spectrally agile signals that optimally exploit coexistent spectral regions. Relative to a spectrally-only adapted system, the spectrally-temporally adapted SMSE system provides significant performance improvement by leveraging knowledge of PU temporal statistics to design temporally agile signals while maintaining desired performance levels for each system. Superiority of spectrally-temporally adapted signals is demonstrated here in terms of increased SMSE throughput (bits/symbol) and greater tolerance to increased channel estimation error.
    Wireless Communications and Networking Conference (WCNC), 2010 IEEE; 05/2010

Publication Stats

981 Citations
70.95 Total Impact Points


  • 1998–2015
    • Air Force Institute of Technology
      • Department of Electrical & Computer Engineering
      Patterson, California, United States
  • 2003–2012
    • Wright-Patterson Air Force Base
      Dayton, Ohio, United States
  • 2002–2012
    • United States Air Force
      New York City, New York, United States
  • 2010
    • Wright State University
      • Department of Electrical Engineering
      Dayton, Ohio, United States
  • 2005
    • Air Force Research Laboratory
      Washington, Washington, D.C., United States