Conference PaperPDF Available

A Multi-Sampling Convolutional Neural Network-Based RF Fingerprinting Approach for Low-Power Devices

Authors:
  • Purple Mountain Laboritaries (China)
  • Southeast University
Conference Paper

A Multi-Sampling Convolutional Neural Network-Based RF Fingerprinting Approach for Low-Power Devices

Abstract and Figures

Radio frequency (RF) fingerprint-based identification and authentication can improve the security of the Inter-net of Things (IoT). However, with the ever-increasing scale of low-power devices in IoT, how to address the semi-steady behavior of low-power devices owing to sleep mode switching and improve the identification accuracy in large-scale scenario become a new challenge. To tackle the above problems, this paper presents a multi-sampling convolutional neural network (MSCNN) to extract RF fingerprint based on the adaptive region of interest (ROI) selection strategy. The proposed MSCNN use multiple downsampling transformations for multi-scale feature extraction and classification automatically. Extensive experiments with 54 CC2530 devices as targets are conducted to demonstrate the feasibility and reliability of this method. The classification accuracy is as high as 97.0% under the line-of-sight (LOS) scenarios around SNR=30 dB. Our scheme is robust over a wide range of SNRs under the LOS scenarios as well as under the non-line-of-sight (NLOS) scenarios.
Content may be subject to copyright.
A Multi-Sampling Convolutional Neural
Network-Based RF Fingerprinting Approach for
Low-Power Devices
Jiabao Yu, Aiqun Hu, Guyue Li, Linning Peng
Institute of Information Science and Engineering,
Southeast University, Nanjing, China.
Corresponding author: aqhu@seu.edu.cn
Abstract—Radio frequency (RF) fingerprint-based identifica-
tion and authentication can improve the security of the Inter-
net of Things (IoT). However, with the ever-increasing scale
of low-power devices in IoT, how to address the semi-steady
behavior of low-power devices owing to sleep mode switching
and improve the identification accuracy in large-scale scenario
become a new challenge. To tackle the above problems, this
paper presents a multi-sampling convolutional neural network
(MSCNN) to extract RF fingerprint based on the adaptive region
of interest (ROI) selection strategy. The proposed MSCNN use
multiple downsampling transformations for multi-scale feature
extraction and classification automatically. Extensive experiments
with 54 CC2530 devices as targets are conducted to demonstrate
the feasibility and reliability of this method. The classification
accuracy is as high as 97.0% under the line-of-sight (LOS)
scenarios around SNR=30 dB. Our scheme is robust over a wide
range of SNRs under the LOS scenarios as well as under the
non-line-of-sight (NLOS) scenarios.
Index Terms—RF fingerprint, multi-sampling convolutional
neural network, ROI selection, ZigBee.
I. INTRODUCTION
The Internet of Things (IoT) aims to offer various comfort-
able and convenient services (e.g., smart city, smart healthcare,
and intelligent transportation) to people. With the popular-
ization and application of IoT technology, IoT will have
an important and profound impact on the future intelligent
society. Specifically, research has shown that security is the
key to a trustable and robust IoT [1]. How to properly identify
and authenticate an object is the first important issue as
well as the foundation of IoT [2]. Traditionally, identification
and authentication are achieved through bit-level identification
credentials and pre-shared cryptographic keys. In the IoT
context, due to the rapidly growing number and complexity of
objects, traditional identification and authentication methods
may not be applicable. For instance, cryptographic keys are
also possible to be recovered [3]. An efficient resolution
scheme needs to be set to identify different objects and
augment bit-level authentication.
RF fingerprinting is a viable alternative for identifying
and authenticating IoT entities by extracting device-specific
features from their emitted RF signals [4], [5]. RF fingerprints
are the intrinsic characteristics of wireless devices due to the
tolerated hardware variation primarily in the device’s analog
transmitter components [6]. They are inherently more arduous
to mimic.
In general, existing RF fingerprinting techniques fall into
two categories, i.e., transient approaches and steady-state
approaches [7]. Compared to transient approaches, steady-
state approaches can be realized by low-end receivers with
an acceptable performance degradation compared to high-end
receivers [8], which has remarkably improved the practicality.
Typically, steady-state approaches extract features from the
steady-state portion which represents the unintentional wave-
form modulation effects. However, there are many low-power
devices in IoT networks such as ZigBee devices that spend
most of their time in a low-power mode for power saving [9].
As a result, the majority of signals are sent after waking up
from low-power modes for these devices. In this scenario, due
to the relative long circuit start-up time, it is indispensable
to investigate the steady-state signal and further select the
appropriate signal region of interest (ROI) for RF fingerprint
extraction.
Feature extraction is the most critical aspect of RF fin-
gerprinting. Various hand-crafted features have been con-
sidered in prior works, including auto gain control (AGC)
responds [10], amplifier nonlinearity characteristics [11], In-
phase/Quadrature (I/Q) offset [12], carrier frequency offset
(CFO) [13], time-frequency statistics analysis of target signal
regions [14], etc. These features are proved to be effective
in identifying a limited number of target devices, usually less
than 10. It is doubtful that whether these features are enough to
classify a large number of devices in IoT pratice. Furthermore,
it is universally acknowledged that feature engineering is
costly which heavily depends on the experience and domain
knowledge of researchers. A feature extractor that can extract
more comprehensive features in an automatical way is more
preferred.
In this paper, we propose a RF fingerprinting ap-
proach based on multi-sampling convolutional neural network
(MSCNN) and adaptive ROI selection for low-power IoT de-
vices. We first preprocess the received time-domain baseband
signals for power normalization, frequency offset (FO) com-
pensation, phase offset (PO) compensation, and I/Q aligning.
Then different ROIs of the preprocessed preamble signals are
selected according to the estimated SNR. Finally, selected ROI
is input into an MSCNN for feature extraction and classifica-
tion in an automatical way. We also construct a testbed with
a low-end USRP platform operating as the receiver and 54 Ti
CC2530 ZigBee devices as the target devices for classification.
The experiment results show a superior overall performance,
especially surpassing the existing CNN-based models by a
large margin. We demonstrate 97.0% identification accuracy
under line-of-sight (LOS) situations around SNR=30dB and
84.6% identification accuracy under non-line-of-sight (NLOS)
situations around SNR=15dB, respectively. The contributions
of this paper are summarized as follows:
We propose an SNR-adaptive ROI selection strategy to
make a trade-off between effective information for device
discrimination and jitter in the semi-steady region.
We design a MSCNN contains multiple branches per-
forming different downsampling transformations to ex-
tract long-term features indicating overall trends and
short-term features reflecting subtle changes in local
regions simultaneously.
The remainder of this paper is organized as follows. Section
II is related work. Section III discusses the system and the pro-
posed scheme. Section IV shows the performance evaluation
of the proposed scheme, and the section V closes this work
with conclusions.
II. RE LATE D WOR K
Recently, deep learning has an overwhelming performance
for feature extraction. A key advantage of deep learning is its
ability to automatically learn high-level feature representations
from data that has complex structures and inner correlations,
which tremendously simplifies the prior relevant features se-
lection manually. There are several existing reports of RF
fingerprinting modeling, feature extraction and classification
base on deep learning approaches.
Mkadem et al. [15] introduced neural networks for power
amplifier (PA) modeling and digital predistortion in RF trans-
mitters. Ureten et al. [16] adopted a probabilistic neural
network (PNN) as the classifier to recognize the target feature
vectors of 8 WiFi cards, although these feature vectors were
handcrafted from the transient amplitudes of WiFi waveforms.
The most significant advantage of deep learning, automatical
feature extraction, is still underutilized in the works mentioned
above. Lately, Robyns et al. [17] proposed an automated
supervised per-symbol classification methodology including
both MLPs and CNNs to distinguish 22 LoRa devices with 3
different chipsets. Merchant et al. [18] developed a framework
to train a convolutional neural network (CNN) using the time-
domain complex baseband error signal to identify 7 ZigBee
devices, and its robustness was proved over a wide range of
SNRs. However, the performance of the above methods is still
far from practical application, as they only operate at a single
sampling rate.
III. SYS TE M OVE RVIEW
In this section, we propose our RF fingerprint classification
system consisting of signal collection, preprocessing, ROI
Preprocessing
Collected Signal
ROI
Selection MSCNN Predicted
Label
Signal
Collection
(MATLAB)
SNR Estimation
(Tensorflow)
(USRP)
Fig. 1. System architecture of RF fingerprinting process.
(a) (b)
Fig. 2. (a) Photo of the USRP receiver and PC. (b) Photo of 54 target ZigBee
devices.
selection, and MSCNN stages as illustrated in Fig. 1. USRP
captures and oversamples the target device signals on the 2.4
GHz band. The preprocessing block normalizes the power and
conducts synchronization to remove the frequency offset and
phase offset. After that, the ROI selection block chooses the
best ROI according to the estimated SNR to make a trade-
off between effective information for device discrimination
and jitter in the semi-steady region. After ROI selection, we
apply an MSCNN with multiple downsampling branches for
RF fingerprint extraction and classification. Each block is
described in details in the following subsections.
A. Signal Collection
As shown in Fig. 2, we developed an experimental system
comprising an Ettus Research N210 USRP as the receiver, a
PC as the computing platform, and 54 TI CC2530 ZigBee
devices as targets. Since the chip rate of ZigBee per channel
is 1 Mbps, the sampling rate of USRP is set to 10MHz
for oversampling. The received signals are down-converted to
baseband in the USRP and then sent to the PC for further
processing. In order to emulate different SNR levels, additive
white Gaussian noises (AWGN) with different power levels
are imposed on each captured transmission in the MATLAB.
B. Preprocessing
Before RF fingerprint extraction, there are mainly four pre-
processing steps in the MATLAB: extraction, normalization,
synchronization and I/Q aligning.
1) Extraction:The objective of the extraction stage is to
determine the rough start and end time of each frame based
on the change point detection principle [16]. The detector
estimates the time instant at which the received signal power
level exhibits an increase or decrease. After the location of the
start and end sample number, samples in between are stored
for further processing.
0 160 320 480 640 800 960 1120 1280 1440
-1.5
-1
-0.5
0
0.5
1
1.5
Transient
Portion
Channel
Noise
Preamble
Semi-Steady Portion Steady-State Portion
Fig. 3. Preprocessed in-phase signal of one CC2530 device at SNR = 30 dB.
2) Normalization:Each remaining signal is normalized
to unit power by dividing all samples by the root mean
square (RMS) of the amplitude signal. By doing this, received
power level difference due to transmitter power and distance
difference has almost no impact on the final identification
accuracy. Besides, normalization is useful for our synchro-
nization method.
3) Synchronization:To the best of our knowledge, fre-
quency offset and phase offset could easily be spoofed by
a malicious transmitter [18] with a precise oscillator. It is
not wise to use FO and PO as features. Therefore, we apply
frequency and phase offset compensation to each transmission
to ensure that the following neural network learns FO and PO
independent characteristics of the devices. The details can be
found in [7].
4) I/Q Aligning:Owing to the OQPSK modulation format
with half-sine chip shaping for target ZigBee devices, the
timing of odd and even chips are offset by half a chip-period.
Therefore, after above preprocessing steps, the quadrature
signal should be shifted half a chip-period (5 samples in our
experiment at 10 MHz sampling rate) forward for I/Q aligning.
Finally, the aligned 1280 preamble samples in the in-phase
and quadrature channels, respectively, are saved for training
and testing.
C. ROI Selection
Previous steady-state approaches have generally used the
whole preamble of ZigBee signals as ROI for RF fingerprint
extraction and identification. However, we found that the first
few symbols in the preamble are unstable in the sleep mode
switching scenarios. We define this unstable part during the
settling time as the semi-steady portion to distinguish from
the traditional steady-state definition as illustrated in Fig. 3.
In consideration of the semi-steady behavior of ZigBee
devices, it is natural to ask a question: is it more appropriate
to abandon the semi-steady portion given that fingerprint
robustness is desired? By studying our target devices at various
SNRs, we found that the semi-steady behavior is gradually
covered by noise with the decreasing of SNR. Hence, it
is a benefit for improving classification accuracy by further
optimizing the ROI length selection, especially at high SNRs.
As a result, we propose an adaptive ROI selection strategy
based on SNR estimation before RF fingerprint extraction and
classification.
In the training stage, we select the last ROIjsymbols in
the preamble as ROI at SNR=j dB:
ROIj= arg max
i
accSi
j,(1)
where Si
jis the signal subset with SNR=j dB in the validation
set Di
val, and Di
val is composed of the last isymbols of
each sample in the original validation set Dval,accSi
jis the
classification accuracy on Si
j. The best ROIs are save as a
table for look-up. In the testing stage, the SNR of the target
is first estimated and according to which the best ROI length
is found. After that, the best ROI of the preprocessed signal
is used as the input to the corresponding trained network for
classification.
D. Multi-Sampling Convolutional Neural Network
Existing CNN-based approaches in [17], [18] can automat-
ically learn features and classify devices at a single sampling
rate. What is more, a higher sampling rate results in a
higher granularity, which allows detecting more fine-grained
fingerprint. Meanwhile, more unexpected subtle variations
could also be included leading to performance deterioration at
different SNRs. To address these problems for RF fingerprint
extraction and classification, we propose a multi-sampling
convolutional neural network framework to learn multi-scale
features for classification. The whole MSCNN framework con-
tains three sequential stages: downsampling, local convolution
and full connection as demonstrated in Fig. 4.
1) Downsampling Stage:Convolutions in CNNs are typi-
cally quite small, while in DSP applications, filters are often
wide. To make a tradeoff of these two, we use convolutions
with appropriate size to filter downsampled signals. In this
way, our RF fingerprint method captures temporal patterns at
different time scales by downsampling transformation. Gen-
erally, short-term features are obtained at a higher sampling
rate reflecting subtle variations in local regions, whereas long-
term features are obtained at a lower sampling rate indicating
overall trends [19]. Both of these features could be vital for
device identification.
Suppose the original input to the network with length nis:
I1I2· · · In1In
Q1Q2· · · Qn1Qn,(2)
where the first and second rows represent the in-phase and
quadrature channels of the baseband signal, respectively. If the
downsampling rate is k, then we will generate a new baseband
signal branch by only keeping every k-th sampling points:
"I1I1+k· · · I1+ki· · · I1+k∗b n1
kc
Q1Q1+k· · · Q1+ki· · · Q1+k∗b n1
kc#.(3)
I
Q
I
Q
I
Q
I
Q
Original signal
Downsampling factor = 2
Downsampling factor = 4
Convolution
+ Max
Pooling
Multi-Sam pling
Baseband Signals
Input baseband signal
Convolution
+ Spatial
Pyramid
Pooling
Concatenation Fully
connected
Fully
connected Softmax
Labels
Full Connection Stage
Local Convolution Stage
Downsampling Stage
ing
Fig. 4. The architecture of multi-sampling convolutional neural network framework.
By setting different sampling rates, we obtain the multi-
sampling baseband signals from which we can extract the
long-term and short-term features simultaneously with the
same convolutions.
2) Local Convolution Stage:After downsampling stage,
we obtain multi-sampling baseband signals with different
lengths from a single input. Then, each branch is fed into
the same local convolution stage. The downsampled branches
would get larger local receptive field than the original base-
band signal branch. Instead of increasing convolutional filter
size, the application of downsampling can reduce the number
of parameters in the convolutional layers to avoid overfitting
and improve computation efficiency.
Pooling operators significantly reduce the number of pa-
rameters needed to be trained in the subsequent layers. In the
first pooling layer, we use a small pooling size like 3. While
in the second pooling layer, we will pool the feature maps
to a fixed size inspired by spatial pyramid pooling [20]. In
this way, despite the varying original input length, the length
of the input vector to the next full connection stage remains
constant, and the contribution of each branch to this vector is
the same.
3) Full Connection Stage:For the extracted multi-
sampling features from local convolution stage, the intuitive
way of integrating these feature maps is to concatenate them
vertically into a vector and feed them into the fully con-
nected layers. Each fully connected layer represents some
transformations based on a parametric transfer function with
some set of learned weights. Then, as is usually done in
the multi-class classification tasks, the MSCNN outputs the
predicted probability distribution of each possible label with
a Softmax layer. Finally, the predicted probability distribution
is converted to a one-hot encoding for classification purpose.
To train the MSCNN, we use categorical cross-entropy as the
TABLE I
OVE RVIE W OF TH E DATASE TS US ED I N THI S PAPE R.
ID Scenario Frames Date
I LOS 2433 June, 2016
II LOS 3277 December, 2017
III LOS 3270 February, 2018
IV NLOS 1403 April, 2018
loss function which is a measure of the difference between
the predicted probability distribution and the real probability
distribution.
IV. EVALUATION
This section presents the evaluation on our proposed
method. We carried out many experiments both in the LOS
and NLOS scenarios and obtained four datasets given in
Table I. Dataset I, II, and III were collected on three dif-
ferent days across 20 months, where the USRP receiver and
ZigBee transmitters were closely located about 1 meter in
a lab environment with LOS between them. Dataset IV was
collected in the NLOS scenario, where the USRP was fixed
in the same place as the LOS scenarios did, while the ZigBee
transmitters were located in a long corridor outside the room.
The distance between them was approximately 20 meters. The
estimated inband SNRs of the received transmissions in the
LOS and NLOS scenarios were approximately 30 dB and
15 dB, respectively. The LOS dataset including dataset I, II
and III was randomly partitioned into 60% training data, 20%
validation data, and 20% testing data. The following neural
networks were trained on this full LOS dataset.
TABLE II
THE L AYERS ,THE NUMBER OF PARAMETERS AND ACTIVATION
FUNCTIONS OF THE BASELINE NETWORK.
Layer Dimension Parameters Activation
Input 1280 ×2- -
Convolution 128 ×(10 ×1) 1280 RELU
Max Pooling 3 - -
Convolution 256 ×(3 ×2) 1536 RELU
Max Pooling Pool to 30 - -
Flatten - - -
Fully Connected 128 983040 RELU
Dropout(0.5) - - -
Fully Connected 54 6912 Softmax
TABLE III
THE B EST RO I LENGTH TABLE IN THE TRAINING STAGE.
SNR (jdB) 0 5 10 15 20 25 30
ROIj(symbols) 8885554
A. Baseline Convolution Network
We start with a baseline CNN similar to the MSCNN
architecture depicted in Fig. 4. While the baseline CNN only
has an original signal branch in the downsampling stage. The
network structure is given in Table II. The baseline CNN
has two convolutional layers and two fully connected layers
before Softmax classifier. The results from [17] and [18]
have shown significant improvement upon expert methods by
using a similar network, any further improvements should be
considered state of the art.
Our networks were trained and tested running on Tensor-
Flow 1.4.0 with an NVIDIA GeForce GTX 1070 Ti GPU. The
training is conducted through optimizing the cross-entropy loss
function using an Adam solver with batch size setting to 256
on our LOS dataset. Moreover, we use dropout operators with
dropout ratio of 0.5 in the first fully connected layer and an
L2 regularization of 0.001 in both fully connected layers to
prevent overfitting.
We adopt grid search for tuning hyper-parameters of the
baseline CNN based on cross-validation. After grid searching,
the best hyper-parameters in each layer are shown in Table II.
The best filter size of the first convolutional layer is 10 ×1,
which is consistent with our expectation based on the expert
knowledge of ZigBee that the sampling number on each chip is
just 10. For the remaining experiments, we view these hyper-
parameters as unimportant and keep them fixed rather than
optimize them again. It helps in comparing the classification
performance of different architectures.
B. ROI Selection
After training, the resulting best ROI length for each SNR
is exhibited in Table III. According to the ROI table, ROI
selection can be divided into three cases:
10 15 20 25 30
SNR (dB)
75
80
85
90
95
100
Accuracy (%)
k=1
k=1,2
k=1,2,3
k=1,2,4
k=1,2,4,6
Fig. 5. MSCNN performance with different sampling rates.
1) In the low SNR case where SNR falls into {0,5,10}dB,
the best ROI length is 8 symbols;
2) In the medium SNR case where SNR falls into
{15,20,25}dB, the best ROI length is 5 symbols;
3) In the high SNR case where SNR falls into {30}dB,
the best ROI length is 4 symbols.
It is worth noting that the parameters of the corresponding
network with different ROI length should be stored.
C. Performance on MSCNN
1) Downsampling Factor Selection:For comparing
MSCNN against CNN, we carried out experiments for MC-
NNs which differ in the downsampling stage. The baseline
CNN can be considered as an MSCNN with downsampling
factor k= 1. The search space for the downsampling factor is
{1, 2, 3, 4, 6}. Fig. 5 illustrates the test accuracies of MCNNs
with various downsampling factor configurations on the LOS
dataset. We can see that MSCNNs with appropriate downsam-
pling branches achieve better results than the baseline CNN
(k= 1). The MSCNN with three downsampling branches and
k= 1,2,4for each branch, respectively, performs significantly
better than the baseline CNN at approximately 1% level.
However, increasing further to four downsampling branches
with k= 1,2,4,6for each, the test performance is even worse
than the baseline CNN without using downsampling rather
than our expected improvement. Therefore, too many down-
sampling branches will result in overfitting on the training
dataset and deteriorate the test accuracy. Three branches with
downsampling factors {1, 2, 4}are best for our experiment.
2) LOS Scenario:In order to comprehensively analyze
the superiority of our proposed method, we compared it with
one state-of-the-art approach using CNN techniques tested on
ZigBee devices in the LOS scenario [18]. The comparison
results are illustrated in Fig. 6, from which we can observe
that the proposed MSCNN with ROI selection improves the
classification accuracies at all SNRs, especially at high SNRs.
At SNR=30dB, MSCNN has a very high classification accu-
racy as 97.0%. Besides, we also compared the performance of
our baseline CNN (CNN2) with the CNN approach in [18].
0
10
20
30
40
50
60
70
80
90
100
10 15 20 25 30
Accuracy ()%
SNR (dB)
CNN CNN2 MSCNN
Fig. 6. The overall performance comparison at different SNRs.
ROI selection is not employed in CNN2 for comparison with
CNN. It is evident that these two CNN approaches achieve
similar performance. Our baseline CNN performs better at
SNR=10 dB, while the compared CNN [18] achieves higher
accuracies at high SNRs. The performance difference is caused
by the different lengths and different regions of signals used
for identification. All these three networks perform better on
higher SNR transmissions with significant performance drop-
off below 20 dB.
3) NLOS Scenario:As above mentioned, the estimated
SNR of the received transmissions in the NLOS scenario is
around 15dB. The correct classification rate on the NLOS
dataset is 84.6% which is declined by 2.5% compared to
the LOS accuracy 87.1% at SNR=15 dB. It is reasonable
because our MSCNN is trained on the LOS dataset without
multipath fading, while there is obvious fading loss in the
NLOS case. To further improve the performance under NLOS
scenario, we need to generate datasets under various channel
conditions rather than LOS dataset with varying SNRs to train
the demanded MSCNN in the future work.
V. CONCLUSION
This paper has demonstrated a multi-sampling convolutional
neural network framework for RF fingerprint extraction and
classification on low-power devices based on ROI selection.
We have proposed an SNR-adaptive ROI selection strategy
to deal with the semi-steady behavior due to sleep mode
switching. Furthermore, the best MSCNN structure with three
downsampling branches with factors as {1,2,4}has signifi-
cantly enhanced device identification rate by extracting multi-
scale features of same sizes. The experimental results show
that MSCNN can achieve better performance than other re-
ported deep learning based RF fingerprinting schemes. In the
future work, we will further consider the practical time varying
channel and analyze its effect on the identification accuracy.
ACKNOWLEDGMENT
This work was supported in part by the National Nat-
ural Science Foundation of China under Grant 61571110,
61602113, 61601114, National Natural Science Youth Foun-
dation of China under Grant 61801115 and Purple Mountain
Laboratories (PML).
REFERENCES
[1] A. Riahi, Y. Challal, E. Natalizio, Z. Chtourou, and A. Bouabdallah, “A
systemic approach for iot security,” in Proc. IEEE Int. Conf. Distributed
Comput. Sensor Syst. (DCOSS), Massachusetts, USA, May 2013, pp.
351–355.
[2] Z. Zhang, M. C. Y. Cho, C. Wang, C. Hsu, C. Chen, and S. Shieh, “Iot
security: Ongoing challenges and research opportunities,” in Proc. IEEE
7th Int. Conf. Service-Oriented Comput. Appl. (SOCA), Matsue, Japan,
Nov 2014, pp. 230–234.
[3] P. Radmand, M. Domingo, J. Singh, and J. Arnedo, “ZigBee/ZigBee
PRO security assessment based on compromised cryptographic keys,
in Proc. Int. Conf. P2P, Par., Grid, Cloud Internet Comput. (3PGCIC),
Fukuoka, Japan, 2010, pp. 465–470.
[4] H. J. Patel, M. A. Temple, and R. O. Baldwin, “Improving ZigBee
device network authentication using ensemble decision tree classifiers
with radio frequency distinct native attribute fingerprinting,IEEE Trans.
Rel., vol. 64, no. 1, pp. 221–233, Mar. 2015.
[5] Y. Xing, A. Hu, J. Zhang, L. Peng, and G. Li, “On radio frequency
fingerprint identification for DSSS systems in low SNR scenarios,IEEE
Commun. Lett., vol. 22, no. 11, pp. 2326–2329, Nov. 2018.
[6] B. Danev, D. Zanetti, and S. Capkun, “On physical-layer identification
of wireless devices,ACM Comput. Surv., vol. 45, no. 1, pp. 1–29, Dec.
2012.
[7] L. Peng, A. Hu, J. Zhang, Y. Jiang, J. Yu, and Y. Yan, “Design of a
hybrid RF fingerprint extraction and device classification scheme,IEEE
Internet Things J., vol. 6, no. 1, pp. 349–360, Feb. 2019.
[8] H. Patel, M. A. Temple, and B. W. Ramsey, “Comparison of high-
end and low-end receivers for RF-DNA fingerprinting,” in Proc. IEEE
Military Commun. Conf. (MILCOM), Baltimore, USA, 2014, pp. 24–29.
[9] N. Vidgren, K. Haataja, J. L. Patinoandres, J. J. Ramirezsanchis, and
P. Toivanen, “Security threats in ZigBee-enabled systems: Vulnerability
evaluation, practical experiments, countermeasures, and lessons learned,
in Proc. Hawaii Int. Conf. Syst. Sci. (HICSS), Maui, USA, 2013, pp.
5132–5138.
[10] D. A. Knox and T. Kunz, “AGC-based RF fingerprints in wireless sensor
networks for authentication,” in Proc. IEEE Int. Symp. World Wireless
Mobile Multimedia Netw. (WoWMoM), Montreal, Canada, 2010, pp. 1–6.
[11] G. Huang, Y. Yuan, X. Wang, and Z. Huang, “Specific emitter identifi-
cation based on nonlinear dynamical characteristics,” Canadian J. Elect.
Comput. Eng., vol. 39, no. 1, pp. 34–41, winter 2016.
[12] V. Brik, S. Banerjee, M. Gruteser, and S. Oh, “Wireless device identi-
fication with radiometric signatures,” in Proc. ACM Int. Conf. Mobile
Comput. Netw. (MOBICOM), San Francisco, USA, 2008, pp. 116–127.
[13] C. G. Wheeler and D. R. Reising, “Assessment of the impact of CFO
on RF-DNA fingerprint classification performance,” in Proc. Int. Conf.
Comput. Netw. Commun. (ICNC), Silicon Valley, USA, 2017, pp. 110–
114.
[14] D. R. Reising, M. A. Temple, and J. A. Jackson, “Authorized and
rogue device discrimination using dimensionally reduced RF-DNA fin-
gerprints,” IEEE Trans. Inf. Forensics Secur., vol. 10, no. 6, pp. 1180–
1192, Jun. 2015.
[15] F. Mkadem and S. Boumaiza, “Physically inspired neural network model
for RF power amplifier behavioral modeling and digital predistortion,
IEEE Trans. Microw. Theory Tech., vol. 59, no. 4, pp. 913–923, Apr.
2011.
[16] O. Ureten and N. Serinken, “Wireless security through RF fingerprint-
ing,” Canadian J. Elect. Comput. Eng., vol. 32, no. 1, pp. 27–33, Winter
2007.
[17] P. Robyns, E. Marin, W. Lamotte, P. Quax, D. Singele, and B. Preneel,
“Physical-layer fingerprinting of LoRa devices using supervised and
zero-shot learning,” in Proc. ACM Conf. Secur. Privacy Wireless Mobile
Netw. (WiSec), Boston, USA, 2017, pp. 58–63.
[18] K. Merchant, S. Revay, G. Stantchev, and B. Nousain, “Deep learning for
RF device fingerprinting in cognitive communication networks,IEEE
J. Sel. Topics Signal Process., vol. 12, no. 1, pp. 160–167, Feb. 2018.
[19] Z. Cui, W. Chen, and Y. Chen, “Multi-scale convolutional neural net-
works for time series classification,” arXiv preprint arXiv:1603.06995,
2016.
[20] Q. Liu, R. Hang, H. Song, and Z. Li, “Learning multiscale deep features
for high-resolution satellite image scene classification,” IEEE Trans.
Geosci. Remote Sens., vol. 56, no. 1, pp. 117–126, Jan. 2016.
... We also denote "HP" as the proposed hyperspherical projection. Except for the model in [9] which has 63 million parameters, the number of parameters for the other methods is restricted to 12 million. All models are trained using the training data set shown in Fig. 5 for 150 epochs using the Adam optimizer [49] with a learning rate of 10 −4 (β 1 = 0.5, β 2 = 0.99). ...
Article
Radio-frequency fingerprints (RFFs) are promising solutions for realizing low-cost physical layer authentication. Machine learning-based methods have been proposed for RFF extraction and discrimination. However, most existing methods are designed for the closed-set scenario where the set of devices is remains unchanged. These methods can not be generalized to the RFF discrimination of unknown devices. To enable the discrimination of RFF from both known and unknown devices, we propose a new end-to-end deep learning framework for extracting RFFs from raw received signals. The proposed framework comprises a novel preprocessing module, called neural synchronization (NS), which incorporates the data-driven learning with signal processing priors as an inductive bias from communication-model based processing. Compared to traditional carrier synchronization techniques, which are static, this module estimates offsets by two learnable deep neural networks jointly trained by the RFF extractor. Additionally, a hypersphere representation is proposed to further improve the discrimination of RFF. Theoretical analysis shows that such a data-and-model framework can better optimize the mutual information between device identity and the RFF, which naturally leads to better performance. Experimental results verify that the proposed RFF significantly outperforms purely data-driven DNN-design and existing handcrafted RFF methods in terms of both discrimination and network generalizability.
... However, such schemes don't provide integrity protection and cannot detect if the message has been manipulated or not. The RF fingerprint-based scheme [18][19][20] identifies a device according to the unique features of the waveform. RF fingerprint is caused by imperfections inherent in the hardware components. ...
Article
Full-text available
Authentication is a critical issue in wireless communication due to the impersonation and substitution attacks from the vulnerable air interface launched by the malicious node. There are currently two kinds of authentication research in wireless communication. One is based on cryptography and relies on computational complexity, the other is based on physical layer fingerprint and can not protect data integrity well. Both of these approaches will become insecure when facing attackers with infinite computing power. In this paper, we develop a wireless unconditional authentication framework based on one-time keys generated from wireless channel. The proposed unconditional authentication framework provides a new perspective to resist infinite computing power attackers. We study the performance of the unconditional authentication framework in this paper. First, a physical layer offered chain key (PHYLOCK) structure is proposed, which can provide one-time keys for unconditional authentication. The physical layer offered chain keys are generated by XORing the physical layer updated keys extracted from the current channel state information (CSI) and the previous chain keys. The security of PHYLOCK is analyzed from the perspective of information theory. Then, the boundary of the deception probability is conducted. It is shown that unconditional authentication can achieve a probability of deception 2−12Hk, where Hk is the entropy of the one-time key used for one message. Finally, the conditions for unconditional authentication are listed. Our analysis shows that the length of the key and the authentication code need to be twice the length of the message and the encoding rules of the authentication code need to satisfy the restrictions we listed.
... We also denote "HP" as the proposed hyperspherical projection. Except for the model in [9] which has 63 million parameters, the number of parameters for the other methods is restricted to 12 million. All models are trained using the training data set shown in Fig. 5 for 150 epochs using the Adam optimizer [49] with a learning rate of 10 −4 (β 1 = 0.5, β 2 = 0.99). ...
Preprint
Full-text available
Radio-frequency fingerprints~(RFFs) are promising solutions for realizing low-cost physical layer authentication. Machine learning-based methods have been proposed for RFF extraction and discrimination. However, most existing methods are designed for the closed-set scenario where the set of devices is remains unchanged. These methods can not be generalized to the RFF discrimination of unknown devices. To enable the discrimination of RFF from both known and unknown devices, we propose a new end-to-end deep learning framework for extracting RFFs from raw received signals. The proposed framework comprises a novel preprocessing module, called neural synchronization~(NS), which incorporates the data-driven learning with signal processing priors as an inductive bias from communication-model based processing. Compared to traditional carrier synchronization techniques, which are static, this module estimates offsets by two learnable deep neural networks jointly trained by the RFF extractor. Additionally, a hypersphere representation is proposed to further improve the discrimination of RFF. Theoretical analysis shows that such a data-and-model framework can better optimize the mutual information between device identity and the RFF, which naturally leads to better performance. Experimental results verify that the proposed RFF significantly outperforms purely data-driven DNN-design and existing handcrafted RFF methods in terms of both discrimination and network generalizability.
... The scarcity of spectrum resources is the most important issue facing IoT technology [5], and the research of electromagnetic spectrum space is related to the advantage of IoT technology in future smart cities [6,7]. And many technologies related to electromagnetic space have been developed, including wireless device identification [8], radio frequency fingerprint identification [9,10], and electromagnetic signal identification [11]. ...
Article
Full-text available
With the development of IoT in smart cities, the electromagnetic environment (EME) in cities is becoming more and more complex. A full understanding of the characteristics of past spectrum resource utilization is the key to improving the efficiency of spectrum management. In order to explore the characteristics of spectrum utilization more comprehensively, this paper designs an EME portrait model. By checking the statistical information of the spectrum data, including changes in the noise floor and channel utilization in each individual wireless service, the correlation between the spectrum and time or space of different channels and the information is merged into a high-dimensional model through consistency transformation to form the EME portrait. The portrait model is not only convenient for storage and retrieval but also beneficial for transfer and expansion, which will become an important foundation for intelligent electromagnetic spectrum management.
... Pan et al. [29] used deep residual networks to train the Hilbert spectrum images of received signals to classify specific emitters. Yu et al. [31,32] used Multi-Sampling convolutional neural network (MSCNN) to identify ZigBee. Al-Shawabka et al. [33] used CNN to identify WiFi signal fragments, and Shen et al. [34] used spectrogram and CNN to identify Lora system. ...
Article
Full-text available
With the dramatic development of the internet of things (IoT), security issues such as identity authentication have received serious attention. The radio frequency (RF) fingerprint of IoT device is an inherent feature, which can hardly be imitated. In this paper, we propose a rogue device identification technique via RF fingerprinting using deep learning-based generative adversarial network (GAN). Being different from traditional classification problems in RF fingerprint identifications, this work focuses on unknown accessing device recognition without prior information. A differential constellation trace figure generation process is initially employed to transform RF fingerprint features from time-domain waveforms to two-dimensional figures. Then, by using GAN, which is a kind of unsupervised learning algorithm, we can discriminate rogue devices without any prior information. An experimental verification system is built with 54 ZigBee devices regarded as recognized devices and accessing devices. A universal software radio peripheral receiver is used to capture the signal and identify the accessing devices. Experimental results show that the proposed rogue device identification method can achieve 95% identification accuracy in a real environment.
Article
Full-text available
Radio frequency fingerprint (RFF) is an intrinsic hardware characteristic and has been employed for device identification. Its application in low signal-to-noise-ratio (SNR) has never been explored because its identification performance is greatly affected by the received signal quality. This paper proposes a novel RFF identification scheme for spread spectrum systems in low SNR scenarios. In the scheme, a signal preprocessing method, information data estimation based stacking (IDES) algorithm, is proposed, which leverages the repeated spreading sequences and stacks them together to eliminate the noise and interference effect. Simulation results demonstrate that the proposed scheme can achieve 98% identification rate when the received signal SNR is - 15 dB and the length of spreading sequence is 1023.
Article
Full-text available
Radio frequency (RF) fingerprint is the inherent hardware characteristics and has been employed to classify and identify wireless devices in many Internet of Things (IoT) applications. This paper extracts novel RF fingerprint features, designs a hybrid and adaptive classification scheme adjusting to the environment conditions, and carries out extensive experiments to evaluate the performance. In particular, four modulation features, namely differential constellation trace figure (DCTF), carrier frequency offset, modulation offset and I/Q offset extracted from constellation trace figure (CTF), are employed. The feature weights under different channel conditions are calculated at the training stage. These features are combined smartly with the weights selected according to the estimated signal to noise ratio (SNR) at the classification stage. We construct a testbed using universal software radio peripheral (USRP) platform as the receiver and 54 ZigBee nodes as the candidate devices to be classified, which are the most ZigBee devices ever tested. Extensive experiments are carried out to evaluate the classification performance under different channel conditions, namely line-of-sight (LOS) and non-line-of-sight (NLOS) scenarios. We then validate the robustness by carrying out the classification process 18 months after the training, which is the longest time gap. We also use a different receiver platform for classification for the first time. The classification error rate is as low as 0.048 in LOS scenario, and 0.1105 even when a different receiver is used for classification 18 months after the training. Our hybrid classification scheme has thus been demonstrated effective in classifying a large amount of ZigBee devices.
Conference Paper
Full-text available
Physical-layer fingerprinting investigates how features extracted from radio signals can be used to uniquely identify devices. This paper proposes and analyses a novel methodology to fingerprint LoRa devices, which is inspired by recent advances in supervised machine learning and zero-shot image classification. Contrary to previous works, our methodology does not rely on localized and low-dimensional features, such as those extracted from the signal transient or preamble, but uses the entire signal. We have performed our experiments using 22 LoRa devices with 3 different chipsets. Our results show that identical chipsets can be distinguished with 59% to 99% accuracy per symbol, whereas chipsets from different vendors can be fingerprinted with 99% to 100% accuracy per symbol. The fingerprinting can be performed using only inexpensive commercial off-the-shelf software defined radios, and a low sample rate of 1 Msps. Finally, we release all datasets and code pertaining to these experiments to the public domain.
Article
With the increasing presence of cognitive radio networks as a means to address limited spectral resources, improved wireless security has become a necessity. In particular, the potential of a node to impersonate a licensed user demonstrates the need for techniques to authenticate a radio's true identity. In this paper, we use deep learning to detect physical-layer attributes for the identification of cognitive radio devices, and demonstrate the performance of our method on a set of IEEE 802.15.4 devices. Our method is based on the empirical principle that manufacturing variability among wireless transmitters that conform to the same standard creates unique, repeatable signatures in each transmission, which can then be used as a fingerprint for device identification and verification. We develop a framework for training a convolutional neural network using the time-domain complex baseband error signal and demonstrate 92.29% identification accuracy on a set of 7 2.4 GHz commercial ZigBee devices. We also demonstrate the robustness of our method over a wide range of signal-to-noise ratios.
Conference Paper
In an effort to augment existing bit-level network security mechanisms, a significant amount of research has been conducted in the area of physical layer device discrimination. One such physical layer device discrimination technique, known as RF-DNA fingerprinting, has successfully demonstrated serial number device discrimination. This work extends the RF-DNA fingerprinting state-of-the-art by investigating the impact the existence of carrier frequency offset or the lack thereof has on RF-DNA fingerprint based device discrimination performance. A comparative assessment was conducted using various cases in which carrier frequency offset values were: 1) removed, 2) unique, 3) random, and 4) combinations thereof. This assessment included the use of RF-DNA fingerprints extracted from collected IEEE 802.11a WiFi preambles in which carrier frequency offset values were present. This work shows that RF-DNA fingerprints associated with devices whose preambles contained carrier frequency offset values which were unique, when compared to the values associated with the other devices, resulted in that device being easily discriminated from the others.
Article
In this paper, we propose a multi-scale deep feature learning method for high-resolution satellite image classification. Specifically, we firstly warp the original satellite image into multiple different scales. The images in each scale are employed to train a deep convolutional neural network (DCNN). However, simultaneously training multiple DCNNs is time-consuming. To address this issue, we explore DCNN with spatial pyramid pooling (SPP-net). Since different SPP-nets have the same number of parameters, which share the identical initial values, and only fine-tuning the parameters in fully-connected layers ensures the effectiveness of each network, thereby greatly accelerating the training process. Then, the multi-scale satellite images are fed into their corresponding SPP-nets respectively to extract multi-scale deep features. Finally, a multiple kernel learning method is developed to automatically learn the optimal combination of such features. Experiments on two difficult datasets show that the proposed method achieves favorable performance compared to other state-of-the-art methods.
Article
Time series classification (TSC), the problem of predicting class labels of time series, has been around for decades within the community of data mining and machine learning, and found many important applications such as biomedical engineering and clinical prediction. However, it still remains challenging and falls short of classification accuracy and efficiency. Traditional approaches typically involve extracting discriminative features from the original time series using dynamic time warping (DTW) or shapelet transformation, based on which an off-the-shelf classifier can be applied. These methods are ad-hoc and separate the feature extraction part with the classification part, which limits their accuracy performance. Plus, most existing methods fail to take into account the fact that time series often have features at different time scales. To address these problems, we propose a novel end-to-end neural network model, Multi-Scale Convolutional Neural Networks (MCNN), which incorporates feature extraction and classification in a single framework. Leveraging a novel multi-branch layer and learnable convolutional layers, MCNN automatically extracts features at different scales and frequencies, leading to superior feature representation. MCNN is also computationally efficient, as it naturally leverages GPU computing. We conduct comprehensive empirical evaluation with various existing methods on a large number of benchmark datasets, and show that MCNN advances the state-of-the-art by achieving superior accuracy performance than other leading methods.
Article
Specific emitter identification (SEI) designates the unique transmitter of a given signal, using only external feature measurements called the RF fingerprints of the signal. SEI is often used in military and civilian spectrum-management operations. The SEI technique has also been applied to enhance the security of wireless network, such as VHF radio networks, Wi-Fi networks, cognitive radios, and cellular networks. A novel SEI method based on nonlinear dynamical characteristics is proposed in this paper. The method works based on the actual signal's inherent nonlinear dynamical characteristics. The permutation entropy is extracted as the signal's RF fingerprint to identify the unique transmitter. The quadrature phase-shift keying (QPSK) signals from four wireless network cards and differential quadrature phase-shift keying (DQPSK) signals from three digital radios are utilized to evaluate the performance of the method. Experimental results demonstrate that the proposed method is effective. On the other hand, the proposed method is convenient to implement in a PC.
Conference Paper
The widespread adoption of ZigBee devices in critical infrastructure applications has justifiably heightened security concerns. Attack methods exist that allow unauthorized rogue devices to insert themselves into established networks. Radio Frequency (RF) fingerprinting provides one countermeasure to spoofing attacks by identifying hardware devices by their unique RF characteristics. To make such methods more practical, this paper compares RF fingerprinting performance of a low-cost software defined radio receiver with that of a high-cost receiver using six like-model ZigBee devices of the same manufacturer, representing the most challenging scenario for RF fingerprinting. Comparable discrimination performance is achieved across a range of SNR using a random forest classifier and observations from both receivers. Network intrusion detection performance was comparable as well, with the high-cost receiver identifying on average 10% more rogue devices than the low-cost receiver. The viability of using low-cost receivers for RF fingerprinting is demonstrated, improving the practicality of RF-based antispoofing countermeasures.
Article
The popularity of ZigBee devices continues to grow in home automation, transportation, traffic management, and Industrial Control System (ICS) applications given their low-cost and low-power. However, the decentralized architecture of ZigBee ad-hoc networks creates unique security challenges for network intrusion detection and prevention. In the past, ZigBee device authentication reliability was enhanced by Radio Frequency-Distinct Native Attribute (RF-DNA) fingerprinting using a Fisher-based Multiple Discriminant Analysis and Maximum Likelihood (MDA-ML) classification process to distinguish between devices in low Signal-to-Noise Ratio (SNR) environments. However, MDA-ML performance inherently degrades when RF-DNA features do not satisfy Gaussian normality conditions, which often occurs in real-world scenarios where radio frequency (RF) multipath and interference from other devices is present. We introduce non-parametric Random Forest (RndF) and Multi-Class AdaBoost (MCA) ensemble classifiers into the RF-DNA fingerprinting arena, and demonstrate improved ZigBee device authentication. Results are compared with parametric MDA-ML and Generalized Relevance Learning Vector Quantization-Improved (GRLVQI) classifier results using identical input feature sets. Fingerprint dimensional reduction is examined using three methods, namely a pre-classification Kolmogorov-Smirnoff Test (KS-Test), a post-classification RndF feature relevance ranking, and a GRLVQI feature relevance ranking. Using the ensemble methods, an SNR=18.0 dB improvement over MDA-ML processing is realized at an arbitrary correct classification rate (%C) benchmark of %C=90%; for all SNR ∈ [0, 30] dB considered, %C improvement over MDA-ML ranged from 9% to 24%. Relative to GRLVQI processing, ensemble methods again provided improvement for all SNR, with a best improvement of %C=10% achieved at the lowest tested SNR=0.0 dB. Network penetration, measured using rogue ZigBee devices, show that at the SNR=12.- dB (%C=90%) the ensemble methods correctly reject 31 of 36 rogue access attempts based on Receiver Operating Characteristic (ROC) curve analysis and an arbitrary Rogue Accept Rate of . This performance is better than MDA-ML, and GRLVQI which rejected 25/36, and 28/36 rogue access attempts respectively. The key benefit of ensemble method processing is improved rogue rejection in noisier environments; gains of 6.0 dB, and 18.0 dB are realized over GRLVQI, and MDA-ML, respectively. Collectively considering the demonstrated %C and rogue rejection capability, the use of ensemble methods improves ZigBee network authentication, and enhances anti-spoofing protection afforded by RF-DNA fingerprinting.