Application of Wavelet-Based RF Fingerprinting to Enhance Wireless Network Security

  • Klein, Randall W. (Air Force Institute of Technology, Wright-Patterson AFB) ;
  • Temple, Michael A. (Air Force Institute of Technology, Wright-Patterson AFB) ;
  • Mendenhall, Michael J. (Air Force Institute of Technology, Wright-Patterson AFB)
  • Published : 2009.12.31

Abstract

This work continues a trend of developments aimed at exploiting the physical layer of the open systems interconnection (OSI) model to enhance wireless network security. The goal is to augment activity occurring across other OSI layers and provide improved safeguards against unauthorized access. Relative to intrusion detection and anti-spoofing, this paper provides details for a proof-of-concept investigation involving "air monitor" applications where physical equipment constraints are not overly restrictive. In this case, RF fingerprinting is emerging as a viable security measure for providing device-specific identification (manufacturer, model, and/or serial number). RF fingerprint features can be extracted from various regions of collected bursts, the detection of which has been extensively researched. Given reliable burst detection, the near-term challenge is to find robust fingerprint features to improve device distinguishability. This is addressed here using wavelet domain (WD) RF fingerprinting based on dual-tree complex wavelet transform (DT-$\mathbb{C}WT$) features extracted from the non-transient preamble response of OFDM-based 802.11a signals. Intra-manufacturer classification performance is evaluated using four like-model Cisco devices with dissimilar serial numbers. WD fingerprinting effectiveness is demonstrated using Fisher-based multiple discriminant analysis (MDA) with maximum likelihood (ML) classification. The effects of varying channel SNR, burst detection error and dissimilar SNRs for MDA/ML training and classification are considered. Relative to time domain (TD) RF fingerprinting, WD fingerprinting with DT-$\mathbb{C}WT$ features emerged as the superior alternative for all scenarios at SNRs below 20 dB while achieving performance gains of up to 8 dB at 80% classification accuracy.

Keywords

References

  1. S. Bratus, C. Cornelius, D. Kotz, and D. Peebles, 'Active behavioral fingerprinting of wireless devices,' Tech. Report TR2008-610, Institute for Security Technology Studies, Dartmouth College, Mar. 2006
  2. J. Franklin, D. McCoy, P. Tabriz, V. Neagoe, J. Randwyk, and D. Sicker, 'Passive data link layer 802.11 wireless device driver fingerprinting,' in Proc. USENIX Annual Technical Conference, June 2006, pp. 1–12
  3. T. Kohno, A. Broido, and K. C. Claffy, 'Remote physical device fingerprinting,' IEEE Trans. Dependable and Secure Commun., vol. 2, no. 2, pp. 93–108, 2005 https://doi.org/10.1109/TDSC.2005.26
  4. O. Ureten and N. Serinken, 'Wireless security through RF fingerprinting,' Canadian J. Elect. Comp. Eng., vol. 32, no. 1, pp. 27–33, Winter 2007 https://doi.org/10.1109/CJECE.2007.364330
  5. J. Hall, M. Barbeau, and E. Kranakis, 'Using transceiverprints for anomaly based intrusion detection,' in Proc. 3rd IASTED Int. Conf. Comm, Internet and Info Technology (CIIT), Nov. 2004
  6. J. Hall, M. Barbeau, and E. Kranakis, 'Detection of transient in radio frequency fingerprinting using signal phase,' in Proc. IASTED Int. Conf. Wireless and Optical Comm (WOC), May 2003
  7. O. Ureten and N. Serinken, 'Detection of radio transmitter turn-on transients,' IEE Electron. Lett., vol. 35, no. 23, pp. 1996–1997, Nov. 1999 https://doi.org/10.1049/el:19991369
  8. O. Ureten and N. Serinken, 'Bayesian detection of WiFi transmitter RF fingerprints,' IEE Electron. Lett., vol. 41, no. 6, pp. 373–374, Mar. 2005 https://doi.org/10.1049/el:20057769
  9. N. Serinken and O. Ureten, 'Generalised dimension characterization of radio transmitter turn-on transients,' IEE Electron. Lett., vol. 36, no. 12, pp. 1064–1064, June 2000 https://doi.org/10.1049/el:20000735
  10. K. J. Ellis and N. Serinken, 'Characteristics of radio transmitter fingerprints,' Radio Science, vol. 36, no. 4, pp. 585–597, 2001 https://doi.org/10.1029/2000RS002345
  11. Y. Chen, W. Trappe, and R. Martin, 'Detecting and localizing wireless spoofing attacks,' in Proc. IEEE Conf. Sensor, Mesh and Ad Hoc Comm and Nets (SECON), June 2007, pp. 193–202 https://doi.org/10.1109/SAHCN.2007.4292831
  12. Y. Sheng, K. Tan, G. Chen, D. Kotz, and A. Campbell, 'Detecting 802.11 MAC layer spoofing using received signal strength,' in Proc. IEEE INFOCOM, Apr. 2008, pp. 1768–1776
  13. B. Danev and S. Kapkun, 'Implications of radio fingerprinting on the security of sensor networks,' in Proc. 3rd Int. Conf. Security and Privacy in Communication Networks (ICST), Sept. 2007, pp. 1–5
  14. W. C. Suski, M. A. Temple, M. J. Mendenhall, and R. F. Mills, 'Using spectral fingerprints to improve wireless network security,' in Proc. IEEE GLOBECOM, Nov. 2008, pp. 1–5 https://doi.org/10.1109/GLOCOM.1995.500210
  15. W. C. Suski, M.A. Temple, M. J. Mendenhall, and R. F. Mills, 'Radio frequency fingerprinting commercial communication devices to enhance electronic security,' Int. J. Electronic Security and Digital Forensics, vol. 1, no. 3, pp. 301–322, 2008 https://doi.org/10.1504/IJESDF.2008.020946
  16. B. Danev and S. Kapkun, 'Transient-based identification of wireless sensor nodes,' in Proc. the ACM/IEEE Int. Conf. Information Processing in Sensor Networks (IPSN), Apr. 2009, pp. 25–36
  17. R. W. Klein, M. A. Temple, M. J. Mendenhall, and D. R. Reising, 'Sensitivity analysis of burst detection and RF fingerprinting classification performance,' in Proc. IEEE ICC, June 2009, pp. 1–5 https://doi.org/10.1109/ICC.2009.5199451
  18. R.W. Klein, M. A. Temple, and M. J.Mendenhall, 'Application of wavelet denoising to improve OFDM-based signal detection and classification,' J. Security and Communication Networks, Special Issue: Security in Next Generation Wireless Networks, vol. 2, no. 6, 2009 https://doi.org/10.1002/sec.115
  19. O. Ureten and N. Serinken, 'Improved coarse timing for burst mode OFDM,' in Proc. IEEE GLOBECOM, Nov. 2007, pp. 2841–2846 https://doi.org/10.1109/GLOCOM.2007.538
  20. O. Ureten, R. A. Pacheco, N. Serinken, and D. Hatzinakos, 'Bayesian frame synchronization for 802.11a WLANs: Experimental results,' in Proc. Canadian Conf. Electrical and Computer Engineering (CCECE), May 2005, pp. 884–887 https://doi.org/10.1109/CCECE.2005.1557118
  21. R. A. Pacheco, O. Ureten, D. Hatzinakos, and N. Serinken, 'Bayesian frame synchronization using periodic preamble for OFDM-based WLANs,' IEEE Signal Process. Lett., vol. 12, no. 7, pp. 524–527, July 2005 https://doi.org/10.1109/LSP.2005.849490
  22. S. Haykin, 'Cognitive radio: Brain-empowered wireless communications,' IEEE J. Sel. Areas Commun., vol. 23, no. 2, pp. 201–220, Feb. 2005 https://doi.org/10.1109/JSAC.2004.839380
  23. W. C. Y. Lee, 'CS-OFDMA: A new wireless CDD physical layer scheme,' IEEE Commun. Mag., vol. 43, no. 2, pp. 74–79, Feb. 2005 https://doi.org/10.1109/MCOM.2005.1391504
  24. P. Zhang, X. Tao, J. Zhang, Y. Wang, and Y. Wang, 'A vision from the future: Beyond 3G TDD,' IEEE Commun. Mag., vol. 43, no. 1, pp. 38–44, Jan 2005 https://doi.org/10.1109/MCOM.2005.1381873
  25. D. Shaw andW. Kinsner, 'Multifractal modelling of radio transmitter transients for classification,' in Proc. Conf. IEEE WESCANEX 97: Communications, Power and Computing, May 1997, pp. 306–312 https://doi.org/10.1109/WESCAN.1997.627159
  26. O. Ureten and N. Serinken, Detection, characterisation and classification of radio transmitter turn-on transients, Kluwer Academic Publishers: Netherlands, 2000
  27. O. H. Tekbas and N. Serinken, 'Transmitter fingerprinting from turn-on transients,' in Proc. NATO SET Panel Symp. Passive and LPI Radio Fr quency Sensors, Warsaw, Poland, Apr. 2001
  28. O. H. Tekbas, O. Ureten, and N. Serinken, 'Improvement of transmitter identification system for low SNR transients,' IEE Electron. Lett., vol. 40, no. 3, pp. 182–183, Feb. 2004 https://doi.org/10.1049/el:20040160
  29. O. H. Tekbas, N. Serinken, and O. Ureten, "An experimental performance evaluation of a novel radio-transmitter identification system under diverse environmental conditions," Canadian J. Electrical and Computer Engineering, vol. 29, no. 3, pp. 203–209, July 2004 https://doi.org/10.1109/CJECE.2004.1532524
  30. J. Toonstra and W. Kinsner, 'Transient analysis and genetic algorithms for classification,' in Proc. IEEE WESCANEX: Communications, Power, and Computing, May 1995, pp. 432–437 https://doi.org/10.1109/WESCAN.1995.494069
  31. A. Prochazka and M. Storek, 'Wavelet transform use for signal classification by self-organizing neural networks,' in Proc. Int. Conf.Artificial Neural Networks, June 1995, pp. 295–299 https://doi.org/10.1049/cp:19950571
  32. J. Hall, "Detection of rogue devices in wireless networks," Ph.D. Thesis, School of Computer Science, Carleton University, Aug. 2006
  33. H. Hotelling, 'The generalization of students ratio,' Annals of Mathematical Statistics, 1931 https://doi.org/10.1214/aoms/1177732979
  34. I. Bayram and I. W. Selesnick, 'On the dual-tree complex wavelet packet and M-band transforms,' IEEE Trans. Signal Process., vol. 56, no. 6, pp. 2298–2310, June 2008 https://doi.org/10.1109/TSP.2007.916129
  35. R. A. Fisher, 'The use of multiple measurements in taxonomic problems,' Annals of Eugenics, vol. 7, pp. 179–188, 1936 https://doi.org/10.1111/j.1469-1809.1936.tb02137.x
  36. R. O. Duda, P. E. Hart, and D. G. Stork, Pattern Classification, 2nd ed., John Wiley & Sons, Inc.: New York, 2001
  37. J. A. Pitta, R. D. Hippenstiel, andM. P. Fargues, 'Transient detection using wavelets,' Masters Thesis, Naval Post Graduate School, Mar. 1995
  38. I.W. Selesnick, R. G. Baraniuk, and N. C. Kingsbury, "The dual-tree complex wavelet transform," IEEE Signal Process. Mag., vol. 22, no. 6, pp. 123–151, Nov. 2005 https://doi.org/10.1109/MSP.2005.1550194
  39. M. J. Mendenhall and E. Merenyi, 'Relevance-based feature extraction from hyperspectral images in the complex wavelet domain,' in Poc. IEEE Mountain Workshop on Adaptive and Learning Systems, July 2006, pp. 24–29 https://doi.org/10.1109/SMCALS.2006.250687
  40. I. W. Selesnick, Wavelet Software at Polytechnic University, Brooklyn, NY, [Online]. Available. http://taco.poly.edu/WaveletSoftware/
  41. Agilent Technologies Inc., USA. Agilent E3238 Signal Intercept and Collection Solutions: Family Overview, Pub 5989-1274EN, July 2004
  42. IEEE Computer Society. IEEE Std 802.11-2007, June 2007
  43. T. Hastie, R. Tibshirani, and J. Friedman, Data Mining, Inference, and Prediction, Springer: NY, 2001
  44. L. M. Leemis and S. K. Park, Discrete-Event Simulation: A First Course, Prentice Hall: New Jersey, 2006
  45. M. J. Mendenhall and E. Merenyi, 'Relevance-based feature extraction for hyperspectral images,' IEEE Trans. Neural Netw., vol. 19, no. 4, pp. 658–672, Apr. 2008 https://doi.org/10.1109/TNN.2007.914156
  46. M.J. Mendenhall and E. Merenyi, 'Generalized relevance learning vector quantization for classification-driven feature extraction from hyperspectral data,' in Proc. American Society for Photogrammetry and Remote Sensing, May 2006
  47. Ian H. Witten and Eibe Frank. Data Mining: Practical Machine Learning Tools and Techniques, Morgan Kaufmann, 2005