Air Force Institute of Technology Air Force Institute of Technology The AFIT of Today is the Air Force of Tomorrow. Dimensional Reduction Analysis Dimensional Reduction Analysis for Physical Layer Device for Physical Layer Device Fingerprints with Application to Fingerprints with Application to ZigBee and Z ZigBee and Z- ZigBee and Z ZigBee and Z- -Wave Devices -Wave Devices Wave Devices Wave Devices Authors: Trevor J. Bihl Michael A. Temple Kenneth W. Bauer Benjamin Ramsey US Air Force Institute of Technology Wright-Patterson AFB OH 26-28 Oct 2015
Overview The AFIT of Today is the Air Force of Tomorrow. • Problem Statement • Background/Setup • ZigBee and Z-Wave Devices • Methodology • RF-DNA Fingerprinting Feature Generation • GRLVQI Device Discrimination • GRLVQI Device Discrimination ) • Dimensional Reduction Analysis (DRA) • p-value vs Test Statistic DRA • Results • Classification and Verification Results • Future Work • Extend to Additional Classifiers • Develop Additional DRA Methods for RF Fingerprinting
Problem Statement The AFIT of Today is the Air Force of Tomorrow. Investigate Suitability of p- Values and Test Statistic Based Dimensional Reduction Analysis Dimensional Reduction Analysis (DRA) Methods for Device Fingerprinting Using Radio Frequency Distinct Native Attribute (RF-DNA) Features.
Background ZigBee & Z-Wave Devices The AFIT of Today is the Air Force of Tomorrow. ZigBee Z-Wave Standard IEEE Proprietary Frequency 2.4 GHz 906 MHz Bit Rate 250 Kbits/s 40 Kbits/s None: 200 and 300 Series Security Security IEEE 802.15.4 Standard IEEE 802.15.4 Standard � AES 128: 400 Series Latency 50 to 100 mSec ~1000 mSec Range 10 to 100 m 30 to 100 m Message Size (Bytes) 127 (max) 64 (max)
Methodology ZigBee Emission Processing [2, 13, 14] The AFIT of Today is the Air Force of Tomorrow. • Experimentally Collected ZigBee Emissions • 10 Like-Model Devices • Collection Environments • CAGE – Anechoic Chamber • LOS – Hallway Line-of-Sight (LOS) ZigBee Experimental Collection Setup for LOS (A) & ZigBee Experimental Collection Setup for LOS (A) & ) • WALL – Through Wall Propagation • WALL – Through Wall Propagation WALL (B) Environment Emissions [19,54] • Authorized Devices • Emissions Collected in CAGE, LOS, & WALL for 4 of 10 Devs (Dev 1 – Dev 4) • N C = 4 Like-Model Auth Devs, Different Ser #s • Rogue Devices • N Rog = 9 Like-Model Rogue Devs, Different Ser #s (Dev 5 – Dev 10) • Emissions Collected in Selected ZigBee Rogue Device ID and Collection Environments (See Table) Environments [19,54] 5
Methodology AFIT’s RF-DNA Fingerprinting Process [7] The AFIT of Today is the Air Force of Tomorrow. 10 Short OFDM Sym 2 Long OFDM Sym ≈ ≈ ≈ ≈ 8 µ µ Sec Duration µ µ ≈ ≈ ≈ ≈ 8 µ µ µ µ Sec Duration Fingerprint Region 1 Fingerprint Region 2 (A) Agilent E3238S (RFSICS) t (A) Nat’l Instruments (NI) (B) Riscure Inspector 802.11a Preamble GSM Midamble Bluetooth Access Code Mod: 64 - OFDM Mod: Binary GMSK Mod: Binary GFSK T B ≈ ≈ 16 µSec T B ≈ ≈ 96 µSec T B ≈ ≈ 72 µSec ≈ ≈ ≈ ≈ ≈ ≈ Entire 802.11a Preamble 52 Spectral Comp 2 Spectral Comp 2 Spectral Comp Agilent E3238S ≈ 16 µ ≈ ≈ ≈ µ µ µ Sec Duration Fingerprint Region 3 RF Statistical Fingerprint Generation Burst AWGN Extraction Generation 1D Non-Transformed Signal Fingerprint Amplitude (a) Statistical Regions Metrics Phase ( φ φ φ φ ) Digital Filtering Region 1 Frequency (f) Variance ( σ σ 2 ) σ σ Region 2 ) Skewness ( γ Skewness ( γ γ γ γ ) γ γ γ ) Signal Signal Noise Noise • • • • • • 2D T-F Transforms • • • • • • Kurtosis ( k ) Region N R Post-Collection Fourier Processing Frac Fourier Power SNR Wavelet Norm Scaling (MATLAB) Gabor Etc. RF Statistical Fingerprint (1D Non-Transformed) Classification Statistical Analysis #Features ( N F ) = ( N R Regions X 3 Char X 3 Statistics ) and/or Fingerprint Signal F = = = = σ σ σ σ 2 γ γ γ γ κ κ κ κ σ σ σ σ 2 γ γ γ γ κ σ κ σ κ σ κ σ 2 γ γ γ γ κ κ κ κ Verification Generation φ φ φ φ φ φ a a a φ φ φ φ φ φ f f f Ri i i i i i i i i i × × × × 1 N F ⇒ ⇒ ⇒ ⇒ F = = = = F F F M M M M M K M K M K M K R R R 1 2 NR ( ( ( ( ) ) ) ) × × × × 1 N � � � � N R F Device Classification ROC Verification Model Development Representative Fingerprints 1 vs. M Assessment 1 vs. 1 Assessment 1 1 RF DNA Markers True Accept Rate Classification Equal Error % Correct Rate (EER) RF DNA Markers (TAR) .5 .5 Pct Correct Dev 1 Dev 2 Dev 3 SNR = 12 dB Dev 4 SNR = 15 dB Mean SNR = 18 dB 0 0 3 6 9 12 15 18 0 .2 .4 .6 .8 1 SNR (dB) False Accept Rate (FAR) MDA/ML Illustration NETGEAR CISCO LINKSYS Cisco Netgear Linksys 6
Methodology ZigBee Emission Processing [2, 13, 14] The AFIT of Today is the Air Force of Tomorrow. Time Domain (TD) RF-DNA Fingerprint Generation ZigBee SHR Inst Amp Response Non-Transformed Instantaneous: (a) Amplitude (b) Phase (c) Frequency ) (U) Region of Interest (ROI) th Region i = σ σ γ κ 2 F R i i i i × 1 4 i Composite Fingerprint F F F M M L M R R R 1 2 NR × × 1 4 N R Fingerprints Input to Classifier Model Development 7
Methodology Device Classification: GRLVQI The AFIT of Today is the Air Force of Tomorrow. • LVQ-Based Classifiers • Gradient Descent & Prototype Vector (PV) Approach for Classification • Gradient = 1 st Derivative of Cost Function • Iteratively Examines PV-to-Data Distances Artificial Neural Net (ANN) Learning Vector Quant. (LVQ) • Correctly Classified PVs N Move Toward data • Incorrectly Classified PVs N Move Away From Data ) • GRLVQI N LVQ Extension [2, 9, 14] • GRLVQI N LVQ Extension [2, 9, 14] LVQ Update LVQ Update Cls 1 • G = Generalized N Sigmoidal Cost Function Cls 3 LVQ Update [60,61] Cls 2 • R = Relevance N Gradient Descent Feature Iteration 0 GRLVQI Relevance Ranking p 3, j • I = Improved N Improved Logic, PV Freq, Add’l Learn Rate, Etc. • No Explicit Assumption / Knowledge Cls 1 Cls 3 Required for Data Distribution (PDF) Cls 2 • Appropriate PV Initialization Required • Normal PVs ⇒ ⇒ Standardized Data ⇒ ⇒ Iteration N p 3, j 8
Methodology Dimensional Reduction Analysis (DRA) The AFIT of Today is the Air Force of Tomorrow. • Method #1: (Distribution Based) : Two 600 Sample Kolmogorov–Smirnov (KS) [13,14, 17] Amp Phz Freq 500 ( ) = − KS max F (x) F (x) ay ANOVA F-test Values 1 2 400 300 • Method #2: (Distribution Based) : ANOVA One Way AN ) F-Statistics [18] F-Statistics 200 MS = Feature ( i ) 100 F 0 ( i ) MSE Model ( i ) 0 0 100 200 300 400 500 600 700 750 RF Fingerprint Component • Method #3: (Classifier Based) GRLVQI Amplitude ( a ) : ZigBee Feats #1 - #243 Relevance [9] Phase ( φ φ φ ) : ZigBee Feats #244 - #486 φ Frequency ( f ) : ZigBee Feats #487 - #729 • Method #4: Dimensionality Assessment [18, 21] 9
Methodology DRA: Dimensionality Assessment The AFIT of Today is the Air Force of Tomorrow. ZigBee Dimensionality Assessment by Significance Level • Selecting quantity of features in SIGNIFICANCE LEVEL SNR ( D B) M ETHOD subsets non-trivial 0.1% 1% 5% 10% • Qualitative DRA F- TEST 196 264 350 402 0 KS- TEST (Σ P - VALUES ) 37 74 130 160 • Previously Considered [13,14] F- TEST 589 639 674 688 10 • N DRA, ZigBee = [25, 50, 243] KS- TEST (Σ P - VALUES ) 337 414 512 557 • Quantitative DRA F- TEST 706 713 720 722 18 KS- TEST (Σ P - VALUES ) 666 692 711 716 • • Introduced Here Introduced Here F- TEST F- TEST 718 718 725 725 727 727 728 728 ) 30 • Removes Subjectively KS- TEST (Σ P - VALUES ) 727 729 729 729 • Intrinsic Data Dimensionality ZigBee Dimensionality Assessment by COV Eigenvalues • P-value and Data Eigenvalue Covariance Eigenvalues for Training Data at SNR 18dB 2 10 methods considered 0 • P-values Overestimate Required 10 N DRA -2 Magnitude 10 • Data Eigenvalue Methods Yield N DRA Consistent with Prior Work -4 10 COV Eigenvalues • N DRA, ZigBee = [17, 123] Broken Stick -6 10 • N DRA, Z-wave = [7, 34] Kaiser (> mean) Kaiser (> 1) -8 10 0 100 200 300 400 500 600 700 800 Eigenvalues
Recommend
More recommend
