1 / 39

On Physical-Layer Identification of Wireless Devices

On Physical-Layer Identification of Wireless Devices. BORIS DANEV, DAVIDE ZANETTI, and SRDJAN CAPKUN, 2012. Presented by: Vinit Patel Wichita State University. Outline of the Paper. Introduction on Physical-layer device identification

sevita
Download Presentation

On Physical-Layer Identification of Wireless Devices

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. On Physical-Layer Identification of Wireless Devices BORIS DANEV, DAVIDE ZANETTI, and SRDJAN CAPKUN, 2012 Presented by: Vinit Patel Wichita State University

  2. Outline of the Paper • Introduction on Physical-layer device identification • Physical-Layer Device Identification system and it’s components • Physical-Layer Identification techniques and approaches • Attacks within Physical-Layer Identification • Implication and examples. • Conclusion

  3. Introduction • Physical Layer Identification: technique that allows wireless devices to be identified by unique characteristics of their analog(radio) circuitry. (Fingerprinting) • This is possible due to the imperfections in the analog circuitry that is made in the manufacturing process.

  4. Introduction • Different purpose of PLI (Physical Layer Identification) • Intrusion detection • Access Control • Wormhole detection • Cloning detection • Location and anonymity privacy • Also for RFID(as we saw in Tuesday’s class)

  5. Physical-Layer Device Identification system and it’s components • Involves three entities

  6. Physical-Layer Device Identification system and it’s components • Two modules for a PLI • Enrollment: Signals are captured from device and fingerprints of the device is stored in a database • Identification: Fingerprints that are obtained are matched with the fingerprints in the DB that are stored during enrollment • Can identify a device • Can identify from among many devices • Can verify that device matches a claimed identity

  7. Device under Identification • Any device that uses radio communication can be subject to PLI • Different classes of device that can be identified by PLI: VHF(very high frequency) transmitters, HF RFID, UHF(Ultra high) RFID, Bluetooth, and IEEE 802.11 and IEEE 802.15.4 transceivers • What makes the device unique? Imperfections in design and manufacturing. [Toonstra and Kinser 1995, 1996]

  8. Identification Signals • Identification Signals: Signals that are collected • for the purpose of identifying the device • Different signal characteristics are observed here such as amplitude, frequency, and phase

  9. Acquisition Setup • Responsible for the acquisition and digitalization of the identification signals. • Should never influence the signal (adding noise) • Should be preserved and keep the same characteristics the PLI relies on • High quality may be necessary

  10. Acquisition Setup • Two types of identification: • Passive: Acquires the signal without interacting with the device. • Active: Acquires the signal after challenging the device to transmit them.

  11. Feature Extraction Module • Responsible for extracting characteristics from the signals that can then be used to distinguish devices or classes of devices • Two types of features involved: • Predefined Features: Well understood characteristics that are known in advance prior to recording of the signals • Inferred Features: Features that are not known from a predefined feature set. • Can be used for dimensionality reduction • Take out redundant information from the sample and use that as it’s feature that contains only relevant information

  12. Device Fingerprints • Fingerprints are SET of features that are used to identify devices. • Properties of fingerprints: • Universality: Every device should have considered features • Uniqueness: No two devices should have same fingerprint • Permanence: Fingerprints obtained should not change over time • Collectability: should capture signals with existing equipment • Robustness: should be able to be evaluated even with other interference radio signals • Data Dependency: Fingerprints need to be obtained from features extracted from a specific signal pattern

  13. Fingerprint matcher and Database • Compares extracted device fingerprints with the fingerprints that are stored in the DB during the enrollment phase of the device • Matcher is implemented by a distance measures such as: • Euclidean • Mahalanobis distances • Probabilistic Neural Networks (PNN) (complex) • Support vector machines (SVM) (complex)

  14. System Performance and Design Issues • System performance expressed in error rates • FAR(False accept rate) • FRR(False reject rate) • EER(Equal error rate) • When FAR and FRR are equal • Most commonly used metric

  15. System Performance and Design Issues • Performance of PLI all depends on: • Resources available • Cost • Higher the quality and speed, higher the cost • Acquisition setups • Certain signals may be hard to get a different locations

  16. Proposed improvements for PLI systems • System properties that always needs improving: accuracy(most significant), computational speed, exception handling, and costs. • Four different strategies can be deployed to achieve this task.

  17. Proposed improvements for PLI systems • (1) Acquire signals from multiple acquisition setups • Getting signal from different location at same time • (2) Acquire signals from multiple transmitters on same device (MIMO) • More robust fingerprints, (two fingerprints instead of one) • (3) collect several acquisitions of the same signal • To obtain more reliable fingerprints. Samples are Averaged out into one significant sample and that is used to create the fingerprint • (4) Consider different signal parts • Different modularties of signals are combined to improve accuracy and robustness

  18. Physical-Layer Identification techniques and approaches • Identification of radio signals became very important during WWII. • Two main techniques/approaches discussed in paper: • Transient based approach and Modulation based approach.

  19. Transient Based Approach • Techniques that use the turn on/off transient of a radio signal. Analog to digital converter

  20. Transient Based Approach • Fingerprinting Approach Details 1. Extract the transient part − Threshold-based algorithm 2. Extract features from thetransient signal (fingerprints) − Transient length − Number of peaks in transient − Amplitudein transient 3. Classify unknown fingerprintsto the reference fingerprints (using a Kalman filter) − Compute the classificationerror rate

  21. Transient Based Approach Experiments

  22. Modulation Based Approach • This technique is used by extracting unique features from the signal part that has been modulated (data). • New approach that is still being researched

  23. 01 00 11 10 QPSK Signal Constellation Modulation Based Approach • Fingerprinting Approach Details • Capture the signals using the vector signal analyzer • QPSK constellation • Signal spectrum • Extract the following errorsdue to QPSK modulation − I/Q origin offset − Frequency offset − Error Vector Magnitude • Fingerprints are representedby a vector of the above threeerrors • Compute the classificationerror rate (CER) • Ratio of incorrectly classified device fingerprints over all classified fingerprints

  24. Other Approaches/Techniques • Baseband power spectrum density of packet preambles • 20% CER • Using near transient and midamble regions of GSM-GMSK(Global System for mobile communication)(Gaussian minimum shift keying) burst signals • The CER was higher in the midamble than using the transient regions. • For UHF RFID: • Using timing properties of the tags • Showed that the duration of response can be used to distinguish same manufacturer and RFID type. • For HF RFID: • Timing and modulation shape features can only be used to identify between manufacturers.

  25. Attacks within Physical-Layer Identification • This section discusses attacks that aim to subvert the decision of an application and anonymity of wireless devices that aims to identify even if the device is not willing to. • Assumes a “Dolev-Yao style attacker” • Attacker can observe, capture, modify, compose, and (re)play signals transmitted by device

  26. Signal Replay Attack • Goal is to observe the signals of device, capture them in digital form, and then transmit the signal again towards the PLI. • Attacker does not modify the signal • Attackers knowledge: • Not assumed for the feature extraction and matching • Assumed for how to observe, capture, and submit signals to system is needed. • Why replay attacks ? • To gain access to resources by replacing an authentication message • In DOS, to confuse the destination host

  27. Signal Replay Attack • Aims at preserving the digital sample of the signal. • Note: replay of digital signals can never be exact as opposed to information bits. • High end hardware and controlled wireless medium needed to improve accuracy. • Could be relayed without being stored in digital form. • Need amplifiers and multiple antennas are needed.

  28. Feature Replay Attacks • This attack creates, modifies, or composes signals that reproduce ONLY the features that is considered by a PLI system. • Similar to message forging but…. • This attack only requires the information bits unlike the analog/digital signal samples and data payload in forging.

  29. Feature Replay Attacks • Needs to preserve the identification features. • Attacker needs to know features that the PLI extracts from device. • Needs to be able to forge signals while keeping the unique features. • Feature replay attacks can be launched by: • Using arbitrary waveform generators • Using a device with similar features of target device (large set of same model and manufac devices) • Replicate circuitry/components of target device(Hardest)

  30. Implication and examples of PLI(Intrusion Detection in WLAN networks) • (1) PLI can be used to enhance security of WLAN’s • By providing access control to prevent unauthorized devices on the network. • PLI deployed in AP’s to defend against cryptographic key compromise by attacker. • PLI can help determine multiple MAC’s or crypto keys that belong to same device. • Attacker who holds the crypto key(s) still cannot authenticate to network unless somehow gets pass the PLI system • (2) PLI techniques can be used to protect against rogue AP’s.

  31. Implication and examples of PLI(Intrusion Detection in WLAN networks) • System property requirements: • Physical layer device fingerprints need to be resilient to distance and location. • Transient signal samples can have wireless channel characteristics with the device specific information it already intends to have. • This still remains a open question on how to handle this. • Security Requirements: • Resilient to remote impersonation attacks • Resilient to attacks by signal and feature replays

  32. Implication and examples of PLI(Device Cloning Detection-RFID-Identify Documents) • RFID transponders in docs can be successfully cloned even if protective measures are in place • PLI can be applied to document cloning in two different ways: • (1) Fingerprints are measured before the RFID deployment, stored in back end database, indexed with unique ID. • (2) Fingerprints are measured before the RFID deployment, BUTstored in the transponders memory. • Advantage: document authenticity can be verified OFFLINE. • Disadvantage: Fingerprint is stored on transponder, so requires access protection. Also, Fingerprints need to compact enough to fit in the memory

  33. Implication and examples of PLI(Device Cloning Detection-RFID-Identify Documents) • System Property Requirements: • Special purpose built devices need to be made. • Need to measured in multiple locations(country border) • Devices should be high quality to preserve the fingerprint from distortions

  34. Implication and examples of PLI(Device Cloning Detection-RFID-Enabled Supply Chains) • PLI provides means to detect counterfeit products by creating PLI fingerprints that bind the RFID tag to the original, claimed identity. • Unlike E-Passports where the fingerprints is stored directly on the passport, the fingerprints would be stored in a database. • This can be compared later with those fingerprints obtained from the RFID tag.

  35. Implication and examples of PLI(Device Cloning Detection-RFID-Enabled Supply Chains) • System Property Requirements: • High computational speed • Large amount of products on pallets pass through identification gates in a short time. • Fingerprints need to be robust • Tags placed anywhere on pallets and may interfere with other wireless communication • High system accuracy • Verifying falses may slow down supply chain process • System Security Requirements: • Equipping each counterfeit product with a replaying device is too expensive • Equipping with RFID tags that have similar feature to tags on real products will pass identification requirement and smart choice in order of cost.

  36. Other Related Applications • Worm hole attack: • Creates a tunnel that connects two points in network and relays messages back and forth. • Can filter unwanted packets and refuse traffic forwarding • PLI can be used to verify the origin device of signal transmitted • Sybil Attack: • Attacker assigns different identities on the same node. • PLI’s can detect multiple device identities.

  37. Implication and examples of PLIAnonymity and Location Privacy • PLI techniques require few packets to identify the number of devices in the vicinity and classify individual packets to the corresponding transmitting device. • Example-Targeting UHF RFID • Shown to leak information which is independent to your position. • If user has a number of UFH tags, network of readers can track, regardless of location and distance. • Example: user has 5 cards • Can be identified among 6x10^6 users. • Shows that card holder privacy can be compromised by the ability to read UHF RFID from large distances

  38. Conclusion • Benefit applications such as access control, device cloning detection, and provide identity (location) privacy. • Has been investigated on a broad general spectrum of wireless technologies, but Primarily as defensive techniques. • A lot of future research is still available in this area • What are the exact causes of identification? • The feasibility or non feasibility needs to be considered • How much information entropy does fingerprints contain? • By analyzing the system, state of art approaches, attacks, security issues we can give a overview of physical layer identification on wireless devices.

  39. THANK YOU !

More Related