Académique Documents
Professionnel Documents
Culture Documents
Measurement
journal homepage: www.elsevier.com/locate/measurement
Department of Signal Theory, Telematics and Communications CITIC, University of Granada, 18071 Granada, Spain
Department of Electronics and Computer Technology CITIC, University of Granada, 18071 Granada, Spain
c
Department of Computer and Telematic Systems Engineering, University of Extremadura, 06800 Merida, Spain
b
a r t i c l e
i n f o
Article history:
Received 9 October 2013
Received in revised form 23 April 2014
Accepted 5 September 2014
Available online 16 September 2014
Keywords:
RF Fingerprint
Subspace transformation
Wireless communications
Network identication
a b s t r a c t
This document proposes a radiofrequency (RF) ngerprinting strategy for the proper identication of wireless devices in mobile and wireless networks. The proposed identication
methods are based on the extraction of the preamble RF ngerprint of a device and its
comparison with a set of already known device RF ngerprints. The identication method
combines techniques for feature reduction such as Principal Component Analysis (PCA) and
Partial Least Squares regression (PLS), both based on subspace transformation, along with a
similarity-based analysis. In this work, a complete procedure for RF ngerprint data extraction and analysis is provided. In addition, some experimentation with commercial Wi-Fi
devices is carried out for the methods validation.
2014 Elsevier Ltd. All rights reserved.
1. Introduction
The technological advances in last years have enhanced
the development of a variety of systems and services,
based on wireless communications. Compared to wired
networks and systems, the propagation channel in wireless
networks is prone to suffer from interferences or security
threats such as signal interception, spoong or jamming,
among others [1,2]. As a consequence, the secure identication of the forming devices of a wireless network is an
issue of great concern regarding the network security.
One of the most common and harmful security threats is
related to jamming attack strategies [1]. Despite the considered jamming modality, affecting either the link layer
or the physical one, the key fact to avoid such attacks is
to properly identify the jammer. This jamming agent, acting either as a network user or as an external one must
Corresponding author. Tel.: +34 958248899.
E-mail address: pablopadilla@ugr.es (P. Padilla).
http://dx.doi.org/10.1016/j.measurement.2014.09.009
0263-2241/ 2014 Elsevier Ltd. All rights reserved.
not only be identied but also blacklisted. Thus, subsequent attacks coming from this blacklisted jammer can
be quickly identied and its jamming effects controlled,
neglected or mitigated [2,3].
This paper provides a method for the proper identication of network devices in a network to detect jamming
agents. The method is based on the analysis of the radiofrequency (RF) ngerprint of the devices of a wireless network. The premise in RF ngerprinting is that the signals
transmitted by a wireless device are repeatedly extractable
and unique. As a consequence, they may be used to identify
the device when transmitting in the network. Recent
works demonstrate that this uniqueness exists, being
attributable to various factors: manufacturing, aging,
environmental, etc. [46].
The manuscript is organized as follows: in Section 2, the
basics of RF ngerprinting are provided. Section 3 is devoted
to the identication methods based on feature reduction and
similarity analysis. In section 4, the experimental setup is
presented, along with the test procedure. In section 5, the
evaluation and results of the proposed methods are provided. Eventually, in Section 6, conclusions are drawn.
2. RF ngerprinting
The process of identifying wireless transmitters by
examining the signal RF characteristics at the beginning
of transmission is commonly referred as RF ngerprinting.
The analysis and extraction of relevant parameters of the
RF signal let dene the RF identication data of a wireless
device [4]. RF ngerprinting is focused on the registration
and storage of the RF features of the signal transmitted
by any device in the network. This group of RF features is
the ngerprint of the wireless device [4,5].
The procedure for the extraction of the RF ngerprint of
a wireless device implies the capture and analysis of the
initial preamble of the RF signal [5,6]. In the literature, it
can be found a list of parameters to be extracted: the transient waveform, the instantaneous phase or amplitude of
the signal, their evolution in time, the signal tendency (rst
or second order derivative), the transient ramp proles in a
temporal range, etc. [4]. Fig. 1 shows an example of the RF
preamble for two different wireless network devices at
2.4 GHz (Wi-Fi). Other issues regarding RF ngerprinting
may be found in [711].
3. Identication method based on feature extraction
and similarity analysis
Once the RF ngerprint of the wireless device is available, it is possible to dene a procedure for its analysis
-70
-80
-90
-100
-110
-120
-130
-140
0
100
200
300
400
500
600
X T PT R
X T PT E
-70
Y U QT F
-80
-110
-120
Y X S QT F
time [ms]
469
-90
-100
1
-130
0
100
200
300
400
500
600
time [ms]
Fig. 1. Example of RF ngerprints of two different Wi-Fi devices.
S W PT W
4
5
470
Table 1
Description of the experimental setup.
Description of the dataset
Frequency
Total number of different devices (N)
Number of devices per manufacturer
Number of measured samples per
device
Number of variables per sample (M)
Measurement setup
Measuring equipment
Resolution bandwidth (RBW)
Span
Time Sweep
Reference power level
Video bandwidth (VBW)
2.4 GHz
20
2
15
310
R&S FS300 spectrum
analyzer
200 Hz
0 Hz
600 ms (40 ms/div, 15 div.)
115 dBm
None
Table 2
Commercial devices used in the experimentation.
Devices under test
Zyxel NMD2205 (2)
D-Link DWA-140 (2)
SWEEX LW323 (2)
TP-LINK TL-WN821 (2)
HTC Wildre S (2)
di
M
X
jStest m Si mj
m1
1.
3.
5.
7.
9.
samples to the under-test one, commonly named neighbors, the sample under test can be classied. The classication of the sample under test (Stest) is done by selecting
the label of the majority of the V nearest neighbors among
all the I (I = N1) available samples (Si) in the reference set,
as in (6).
Wi-Fi dongle
(device under test)
FS3200
Receiver
(2.4 GHz antenna
monopole)
Fig. 2. Measuring scheme and processing setup with the R&S FS300 spectrum analyzer.
471
-70
-80
-90
-100
-110
-120
-130
-140
50
100
150
200
250
300
250
300
-70
-80
-90
-100
-110
-120
-130
-140
50
100
150
200
-70
-80
-90
-100
-110
-120
-130
-140
50
100
150
200
250
Once the wireless devices are measured and the experimental dataset is conveniently labeled and stored, the performance evaluation is carried out. As already mentioned,
the identication of a new device in the network is carried
out with a comparison of its RF ngerprint with the list of
300
Table 3
Accuracy of the experimentation considering the analysis of a set of devices, one per manufacturer.
Number of neighbors (N)
Raw analysis
With threshold (best:105 dBm)
PCA (9 PCs)
PLS (9 LVs)
Random selection
0.900
0.907
0.883
0.913
0.100
0.907
0.907
0.907
0.907
0.100
0.877
0.893
0.927
0.920
0.100
0.877
0.893
0.927
0.940
0.100
0.853
0.877
0.927
0.927
0.100
PCA (V = 5)
PLS (V = 7)
10
11
12
13
0.833
0.860
0.827
0.847
0.840
0.840
0.883
0.853
0.900
0.920
0.927
0.940
0.920
0.900
0.920
0.913
0.913
0.907
0.913
0.913
472
Fig. 5. Accuracy results for all the proposed approaches, considering the analysis of the set of devices, with one device per manufacturer (PCA with 9 PCs
and PLS with 9 LVs).
Table 4
Accuracy of the experimentation considering the analysis of a set of devices, two per manufacturer.
Number of neighbors (N)
Raw analysis
with threshold (best :105 dBm)
PCA (11 PCs)
PLS (9 LVs)
Random selection
0.635
0.659
0.615
0.690
0.05
0.631
0.620
0.647
0.694
0.05
0.623
0.631
0.674
0.702
0.05
0.623
0.623
0.694
0.694
0.05
0.635
0.651
0.690
0.702
0.05
PCA (V = 7)
PLS (V = 5)
10
11
12
13
0.552
0.580
0.623
0.627
0.619
0.631
0.678
0.670
0.643
0.667
0.667
0.702
0.674
0.698
0.694
0.690
0.674
0.702
0.651
0.682
Fig. 6. Accuracy results considering the analysis of a set of devices, with two devices per manufacturer (PCA with 11 PCs and PLS with 9 LVs).
473
0.8
0.8
0.6
0.6
raw analysis
with threshold
PCA (11 PCs)
PLS (9 LVs)
Acc
Acc
0.4
0.4
raw analysis
with threshold
PCA (11 PCs)
PLS (9 LVs)
0.2
(a)
0.2
(b)
0
0
1
Number of neighbors
Number of neighbors
raw analysis
with threshold
PCA (11 PCs)
PLS (9 LVs)
0.8
0.8
0.6
Acc
Acc
0.6
0.4
0.4
0.2
raw analysis
with threshold
PCA (11 PCs)
PLS (9 LVs)
0.2
(c)
(d)
0
0
1
Number of neighbors
Number of neighbors
1
0.8
0.8
0.6
0.6
Acc
Acc
0.4
0.4
raw analysis
with threshold
PCA (11 PCs)
PLS (9 LVs)
0.2
(e)
raw analysis
with threshold
PCA (11 PCs)
PLS (9 LVs)
0.2
(f)
0
1
Number of neighbors
Number of neighbors
1
raw analysis
with threshold
PCA (11 PCs)
PLS (9 LVs)
0.8
0.6
Acc
Acc
0.6
0.8
0.4
0.4
0.2
0.2
raw analysis
with threshold
PCA (11 PCs)
PLS (9 LVs)
(g)
0
(h)
7
Number of neighbors
Number of neighbors
1
1
raw analysis
with threshold
PCA (11 PCs)
PLS (9 LVs)
0.8
0.6
Acc
Acc
0.6
0.8
0.4
0.4
0.2
0.2
(i)
0
raw analysis
with threshold
PCA (11 PCs)
PLS (9 LVs)
( j)
3
Number of neighbors
Number of neighbors
Fig. 7. Identication results for the devices of each manufacturer analyzed separately: (a) ASUS USB-N13, (b) D-Link DWA-140, (c) HTC Wildre S, (d)
NetGear WNA3100 M, (e) SiteCom 300 N, (f) TP-LINK TL-WN821, (g) Zyxel NMD2205, (h) SWEEX LW323, (i) Intel WiFi Link 5300, (j) TRENDNET TEW649UB.
-60
-70
-80
-90
-100
-110
-120
-130
-140
50
100
150
200
250
300
(a)
-60
-70
474
-80
-90
-100
-110
-120
-130
-140
50
100
150
200
250
300
350
(b)
Fig. 8. Fingerprints of different devices of: (a) HTC Wildre S and (b) Intel
WiFi Link 5300.
475