Improving Wireless Network Security Based On Radio Fingerprinting

A Seminar Report
on

IMPROVING WIRELESS NETWORK SECURITY BASED

ON RADIO FINGERPRINTING

by

Apoorv Pratap Dhaygude

Roll No: 305012

Under the guidance of

Prof. Dhanashri N. Patil

Department of Computer Engineering

Sinhgad College of Engineering, Pune-41
Accredited by NAAC

UNIVERSITY OF PUNE
2017-2018

SCOE TE (Computer)
Pune.
 Sinhgad Technical Education Society,
Department of Computer Engineering
Sinhgad College of Engineering, Pune-41

Date:

CERTIFICATE
This is to certify that Mr. Apoorv Pratap Dhaygude has successfully completed his seminar
work titled “Improving Wireless Network Security Based on Radio Fingerprinting’’ at
Department of Computer Engineering, SCOE, Pune for the partial fulfilment of the Bachelor
Degree of Computer Engineering, Savitribai Phule Pune University, in semester-II, academic
Year 2019-2020.

Prof. Dhanashri N. Patil Prof. M. P. Wankhede

Internal Guide Head
Department of Computer Engineering

Dr. S. D. Lokhande
Principal
Sinhgad College of Engineering
 ABSTRACT

With the rapid development of the popularity of wireless networks, there are also increasing
security threats that follow, and wireless network security issues are becoming increasingly
important. Radio frequency fingerprints generated by device tolerance in wireless device
transmitters have physical characteristics that are difficult to clone, and can be used for
identity authentication of wireless devices. In this paper, we propose a radio frequency
fingerprint extraction method based on fractional Fourier transform for transient signals.
After getting the features of the signal, we use RPCA to reduce the dimension of the features,
and then use KNN to classify them. The results show that when the SNR is 20dB, the
recognition rate of this method is close to 100%.
 Acknowledgement

With due respect and gratitude, I take the opportunity to thank those who have helped me
directly and indirectly. I convey my sincere thanks to Prof. M. P. Wankhede , HoD Computer
Dept. and Prof. Dhanashri N. Patil for their help in selecting the seminar topic and support.

I thank to my seminar guide Prof. Dhanashri N. Patil for hes guidance, timely help and
valuable suggestions without which this seminar would not have been possible. Her direction
has always been encouraging as well as inspiring for me. Attempts have been made to
minimize the errors in the report.

I would also like to express my appreciation and thanks to all my friends who knowingly or
unknowingly have assisted and encourage me throughout my hard work

Apoorv Dhaygude
TE Computer Engineering
 List of Tables

Table No. Title Page No.

1 Literature Survey Table

 List of Figures
Figure No. Title Page No.
1. Wireless device identification process
2. Recognition rate as a function of order when SNR is 20dB
3. Reduced-dimensional visualization of SNR of 0 dB at 0.8-order FrFT
and the dimensional is 2.
4. Confusion matrix with SNR of db at 0.8-order FrFT
5. Reduced dimensional visualization with SNR of 20dB at 0.8-order FrFT
and the dimensional is 2
6. Confusion matrix with SNR of 20dB at 0.8-order FrFT.
7. The recognition rate changes with SNR when the order is 0.8.
 Acronyms

FrFT : Fractional Fourier Transform

RPCA : Robust Principle Component Analysis
KNN : K-Nearest Neighbour
SNR : Signal to Noise Ratio
 Contents

Page No.
Certificate
Abstract
Acknowledgement
List of Tables
List of Figures
Acronyms
Chapter-1 Introduction
1.1 Motivation
1.2 Relevance
1.3 Security Mechanism
1.4 Timeline/Evolution
Chapter-2 Literature Survey
2.1 Fundamentals
2.1.1 Wireless Network Security
2.1.2 Radio Fingerprinting
2.1.3 Literature Survey table
Chapter-3 Methodology
3.1 Fingerprint Generation
3.2 Robust Principle Component Analysis
3.3 Device Identification

Chapter-4 Discussion of Results

4.1 Signal Collection and identification system
4.2 Classification Performance
Chapter-5 Conclusion
Chapter-6 References
 Chapter-1
Introduction

With the development of wireless communication and net-work technology, wireless

networks have penetrated various sectors of the national economy such as defence military,
teaching research, medical health care, and have been closely related to people’s daily lives.
Nevertheless, the security of wireless networks is still one of the factors hindering its
popularity, mainly in the following aspects. The first one is the openness of the wireless
network makes it more vulnerable to malicious attacks. The second one is the mobility of
wireless networks makes it difficult to manage security. The third one is the dynamic
topology of the wireless network makes the implementation of the security scheme difficult.

1.1 MOTIVATION

The security problem of wireless networks is caused by the openness of communication

carriers, the mobility of node terminals, and the dynamically changing net-work topology.
The security threats to wireless network node terminals are mainly: the attackers pretend to
be a legitimate user, illegal access to network resources, implement a denial of service attack,
connecting to the attacking object network through the wireless network to implement an
attack, obtaining management control rights to the attack target network through the wireless
network.

This is the reason why Wireless Network Security came into existence.

1.2 Relevance

The actual wireless network security mechanism often has defects. For example, the IEEE
802.11 wireless local area network (WLAN) security mechanism evolved from IEEE
802.1X authentication to IEEE 802.11i from the original Wired Equivalent Privacy (WEP).
However, this security mechanism still does not guarantee that there are no security issues.
Besides, if the key is compromised, the existing security mechanism simply cannot achieve
its claimed authentication service. Therefore, the current security mechanisms running on the
wireless network link layer and above need to be further enhanced. The security mechanism
running on the physical layer of the wireless network has been studied by many scholars. The
security mechanism running at the physical layer is simply a hardware-based security
mechanism.

1.3 Security Mechanism

The current research mainly divides this security mechanism into three categories.

The first one is the security mechanism based on circuit delay. The method utilizes inevitable
delays within different wireless devices for identification. Due to individual differences in
each wireless device, the delay in operation is unique, and the wireless device is securely
authenticated according to the delay of the device. The disadvantage of this approach is the
need to add additional custom hardware to existing wireless devices.

The second one is the security mechanism based on clock offset. The basis of this method is
that the clocks of different wireless devices have a certain offset. The disadvantage of this
method is that an attacker can record the signal of the wireless device, obtain the clock offset
information of the wireless device, and then forge the clock offset to attack.

The third one is the security mechanism based on “Radio Fingerprinting”. The method is to
confirm the wireless device according to the radio frequency fingerprint of the wireless
device, thereby improving the security of the wireless network. The basis of this mechanism
is that any wireless device, even the same model, the same batch of wire-less devices, will
have individual differences and is difficult to replicate. This mechanism works at the physical
layer and has higher security than traditional security mechanisms.

1.4 Timeline/Evolution

“Radio Fingerprint” and “Radio Fingerprint Identification” are new concepts proposed by
Hall et al in the study of wireless network device identification such as Bluetooth in 2003.
Since then, the concept has mainly appeared in the identification research of wireless network
devices.
The earliest RF fingerprinting technology was proposed in 1995 by Toonstra et al. The
feature extraction method based on transient signals was also developed. Most of the early
researches focused on transient signal RF fingerprinting. In the on/off transient of the device,
the transmitter starts to work. Correspondingly, when the power reaches zero from the rated
power, a signal is sent. The process of extracting the RF fingerprinting of the signal from this
part is the transient signal RF fingerprint technology. The generation of such a transient
signal is only related to the hardware device and is a signal generated by all wireless
communication devices. There is no data information, and it can be used as an independent
signal for subsequent analysis and processing. The detection and separation of on/off
transients relies on device hardware and channel noise and has proven to be critical to
communication systems. Here we propose a radio frequency fingerprint extraction method
based on Fractional Fourier transform for transient signals.

In recent years, Fractional Fourier Transform (FrFT) is a new time-frequency analysis tool,
which is a broad sense form of Fourier transform. The representation of the signal on the
FrFT domain, while merging the information of the signal in the time and the frequency
domain. In recent years, the research on the classification and recognition of the fractional
Fourier transform has received extensive attention and is also a new research topic. Fig.1
shows that the overall framework.

Fig. 1. Wireless device identification process

Here 10 Motorola walkie-talkies are used to verify the performance of the identification
process.
 Chapter-2
Literature Survey

2.1 Fundamentals

2.1.1 Wireless Network Security

Wireless network security is the process of designing, implementing and ensuring security on
a wireless computer network. It is a subset of network security that adds protection for a
wireless computer network.

Wireless network security is also known as wireless security.

Wireless network security primarily protects a wireless network from unauthorized and
malicious access attempts. Typically, wireless network security is delivered through wireless
devices (usually a wireless router/switch) that encrypts and secures all wireless
communication by default. Even if the wireless network security is compromised, the hacker
is not able to view the content of the traffic/packet in transit. Moreover, wireless intrusion
detection and prevention systems also enable protection of a wireless network by alerting the
wireless network administrator in case of a security breach.

Some of the common algorithms and standards to ensure wireless network security are Wired
Equivalent Policy (WEP) and Wireless Protected Access (WPA).

2.1.2 Radio Fingerprinting

Radio fingerprinting is a process that identifies a cellular phone or any other radio transmitter
by the "fingerprint" that characterizes its signal transmission and is hard to imitate. An
electronic fingerprint makes it possible to identify a wireless device by its
radio transmission characteristics. Radio fingerprinting is commonly used by cellular
operators to prevent cloning of cell phones a cloned device will have a same numeric
equipment identity but a different radio fingerprint.

RF fingerprinting aims to develop a unique RF fingerprint for a wireless device that can be
used as an identity, in the same way a biological fingerprint operates, to improve the security
and privacy of wireless communication. This is in contrast to the traditional bit level
algorithmic approaches to securing transmissions.

Sr.No. Paper Name Publication House and Year Description

1. Improving wireless IEEE 2019 Security based on radio

network security based frequency
on radio fingerprinting.

2. Non-Cryptographic IEEE 2010 Device identification in

authentication and wireless networks using
identification in lower/physical layer
wireless networks. properties or
information

3. Design of hybrid RF IEEE 2018 Fingerprint features,

Fingerprint Extraction designs a hybrid and
and device adaptive classification
classification scheme scheme adjusting to the
environment conditions.

4. Application of Wavelet- Journal of Communication Augment activity

Based RF and Network 2009 occurring across other
Fingerprinting to OSI layers and provide
Enhance Wireless Improved safeguards
Network Security against unauthorized
access

5. Using Spectral IEEE 2008 Use of RF fingerprints

Fingerprints to improve for classifying emissions
wireless network by exploiting transient
security signal features to
provide hardware
specific
identification

Table no. 1: Literature Survey Table

 Chapter-3
Demonstration Methodology

3.1 FINGERPRINT GENERTAION:

FrFT can be interpreted as a representation of the FrFT domain formed by the signal
rotating in the counter clockwise direction of the coordinate axis around the origin in the
time-frequency plane. It is a generalized form of the Fourier transform.

The FrFT of the signal x (t) is defined as:

Xα (u) = {F α [x (t)]} (u) = 𝑥 (𝑡) 𝐾𝛼 (𝑡, 𝑢) d𝑡

−∞
∞
∫

The transform kernel Kα (t, u) of the FrFT is:

2+𝑢2 /2𝑐𝑜𝑡𝛼−𝑗𝑢𝑡𝑐𝑜𝑠𝑒𝑐𝛼
Kα (t, u) =√1 − 𝑗𝑐𝑜𝑡𝛼/√2𝜋𝑒𝑗𝑡

Where 𝛼 = π/2 is the angle of rotation of the FrFt.

After the signal is subjected to the above FrFT transform, information such as mean,
variance, skewness, kurtosis and the like are extracted as fingerprint features of the signal,
and the next fingerprint recognition process is performed.

The data is calculated as follows:

 The mean is defined as:

µ=1 ∑𝑁 𝐴
𝑁 𝑖=1 𝑖

The variance is defined as:

1
V=
∑ | − µ|2
𝑁 𝐴
𝑖=1 𝑖
𝑁−1

The skewness of a distribution is defined as:

𝐸(𝑥−𝜇)3
S= 𝜎3

The kurtosis of a distribution is defined as:

𝐸(𝑥−𝜇)4
K= 𝜎4

3.2 ROBUST PRINCIPLE COMPONENT ANALYSIS:

In the process of identifying the radiation source device, the collected radio frequency
signals themselves are features that can be distinguished from each other, but because of the
high information dimension, it is not convenient to perform fast device identification
processing. Moreover, among the original signals or the extracted high-dimensional features,
there is a large amount of redundant information, and each feature has a certain correlation,
which brings unnecessary burden to subsequent processing. Therefore, it is necessary to
reduce the dimension of high-dimensional information to reduce the feature dimension and
correlation, but this will cause a certain loss of information on the other hand, and introduce
errors into the device. Therefore, the most useful information is retained while reducing the
dimension. Primary purpose. Robust Principle Component Analysis (RPCA) is an excellent
dimensionality reduction method that can achieve this goal.

RPCA can recover the useful low-rank matrix in the data and eliminate the sparse matrix of
noise under certain conditions.
 The specific problem solved by RPCA is to decompose the original data matrix X = R l× n

into a low-rank matrix L and a sparse matrix S, which is mathematically expressed as a

convex optimization problem:

min||𝐿||∗ + 𝜆||𝑆||1

Such that X = L+S

Among them ||. ||∗ and ||. ||1 represent the kernel norm and l1 norm of the solution matrix
respectively. λ > 0 is the balance factor, which is used to adjust the ratio between the low-rank
matrix and the sparse matrix. The k value can be adjusted according to the specific problem
involved to adjust λk =k / √𝑚𝑎𝑥(𝑙, 𝑛) and λ = 1// √𝑚𝑎𝑥(𝑙, 𝑛) are usually taken.

3.3 DEVICE IDENTIFICATION:

Classification performance is evaluated using the K-Nearest Neighbour (KNN). KNN (K-
Nearest Neighbour) is one of the simplest machine learning algorithms that can be used for
classification and regression. It is a supervised learning algorithm. The idea is that if a
sample has most of the K’s most similar samples in the feature space (i.e., the nearest
neighbour in the feature space) belongs to a certain category, then the sample also belongs
to this category. That is to say, the method determines the category to be divided into
samples according to the category of the nearest one or several samples in the class
decision.
 Chapter-4
Experiment and Results

4.1 Signal Collection and Identification System:

Figure 1 displays the realization of signal collection and data processing. Signal collection,
data conditioning, fingerprint generation, and the device identification formed the
identification system together with a receiver and a computational platform. All the signals
are collected with USRP2940 with subsequent processing performed by the computational
plat- form.

4.2. Classification Performance:

For getting better classification performance and reducing the calculation, the RPCA
method is been used to reduce the dimension of the feature. The features after dimensionality
reduction can be used to replace the original features to perform the classification.

For a better classification performance, the Kfold cross validation is used for evaluation.
Consistent with common practice is used such that samples of each device are divided into
five blocks, among which four blocks of the device are used to train and the rest one to test.

As shown in Fig. 2 is the FrFT-based feature extraction method. When the SNR is 20dB,
the obtained average recognition rate varies with the fractional order. It can be seen that the
best classification identification is obtained when the order is 0.8. So this simulation is
performed at 0.8 order.
 Fig. 2. Recognition rate as a function of order when SNR is 20dB.

Fig 3 shows the feature dimensionality reduction visualization image with SNR of 0 dB in
the case of 0.8-order FrFT.

Fig3.Reduced-dimensional visualization of SNR of 0 dB at 0.8-order FrFT and the

dimensional is 2.
 As shown in Fig. 4, the confusion matrix is obtained when the SNR is 0 dB in the case of
0.8-order FrFT.

Fig. 4. Confusion matrix with SNR of 0 dB at 0.8-order FrFT.

Fig. 5 shows the characteristic dimensionality reduction visualization image with SNR of 20
dB in the case of 0.8-order FrFT.

Fig.5. Reduced dimensional visualization with SNR of 20dB at 0.8-order FrFT and the dimensional is
2
 As shown in Fig. 6, the characteristic dimensionality reduction confusion matrix is
obtained when the SNR is 20 dB in the case of 0.8-order FrFT. With the signal collection and
identification system is shown in fig. 1, the identification rate curve under different SNR of 0
20dB is shown in Fig7.

Fig. 6. Confusion matrix with SNR of 20dB at 0.8-order FrFT.

 Fig. 7 shows the classification and recognition of the FrFT feature extraction based on
order 0.8, which varies with the signal-to-noise ratio. It can be seen that as the signal-to-noise
ratio increases, the recognition rate also increases.

Fig. 7. The recognition rate changes with SNR when the order is 0.8.
 Chapter-5
Conclusion

Presented a method based on radio frequency fingerprint to enhance wireless network

security. We use Fractional Fourier Transform to represent the signal on the fractional
Fourier domain, after getting the fractional Fourier domain representation, we divide the
signal data into 20 segments and calculate the mean, variance, skewness, and kurtosis of each
segment as the radio frequency fingerprint to distinguish different wireless network devices.
We use RPCA to reduce the dimension of features and use KNN to classify. 10 Motorola
walkie-talkies are used to verify the performance of the identification process. The results
show that when the SNR is 20dB, the recognition rate is close to 100%.
 Improving Wireless Network Security Based On Radio Fingerprinting

Chapter-6
References

[1] K. Zeng, K. Govindan, and P. Mohapatra,” Non-cryptographic authentication and

identification in wireless networks [Security and Privacy in Emerging Wireless
Networks],” in IEEE Wireless Communications, vol. 17, no. 5, pp. 56-62, October 2010.
[2] S. Mathur et al.,” Exploiting the physical layer for enhanced security [Security and
Privacy in Emerging Wireless Networks],” in IEEE Wire-less Communications, vol. 17,
no. 5, pp. 63-70, October 2010.
[3] Liang Huang, Xin Fan, Yan Huo, Chunqiang Hu, Yuqian Tian, Jin Qian,” A Novel
Cooperative Jamming Scheme for Wireless Social Networks Without Known CSI”,
Access IEEE, vol. 5, pp. 26476-26486, 2017.
[4] L. Bolotnyy and G. Robins,” Physically Unclonable Function-Based Security and
Privacy in RFID Systems,” Fifth Annual IEEE International Conference on Pervasive
Computing and Communications (PerCom’07), White Plains, NY, 2007, pp. 211-220.
[5] S. Jana and S. K. Kasera,” On Fast and Accurate Detection of Unautho-rized Wireless
Access Points Using Clock Skews,” in IEEE Transactions on Mobile Computing, vol. 9,
no. 3, pp. 449-462, March 2010.
[6] X. Ye, X. Yin, X. Cai, A. Perez´ Yuste, and H. Xu, ”Neural-Network-Assisted UE
Localization Using Radio-Channel Fingerprints in LTE Networks,” in IEEE Access, vol.
5, pp. 12071-12087, 2017.Y. Xing, A. Hu, J. Zhang, L. Peng, and G. Li, ”On Radio
Frequency Fingerprint Identification for DSSS Systems in Low SNR Scenarios,” in
IEEE Communications Letters, vol. 22, no. 11, pp. 2326-2329, Nov. 2018.
[7] HALL J, BARBEAU M, KRANAKIS E. Detection of transient in radio frequency
fingerprinting using signal phase [J]. Wireless and Optical Communications, 2003: 13–
18.
[8] J. Toonstra and W. Kinsner,” Transient analysis and genetic algorithms for
classification,” IEEE WESCANEX 95. Communications, Power, and Computing.
Conference Proceedings, Winnipeg, Manitoba, Canada, 1995, pp. 432-437 vol.2.
[9] R. D. Hippenstiel and Y. Payal,” Wavelet-Based Transmitter Identifi-cation,” Fourth
International Symposium on Signal Processing and Its Applications, Gold Coast,
Queensland, Australia, 1996, pp. 740-742.
[10] K. J. Ellis and N. Serinken, ”Characteristics of radio transmitter finger-prints,” in
Radio Science, vol. 36, no. 4, pp. 585-597, July-Aug. 2001.
[11] O. H. Tekbas, N. Serinken, and O. Ureten,” An experimental performance evaluation of
a novel radio-transmitter identification system under diverse environmental conditions,”
in Canadian Journal of Electrical and Computer Engineering, vol. 29, no. 3, pp. 203-209,
July 2004.
[12] Wei-Qiang Zhang, Liang He, Tao Hou, and Jia Liu,” Fractional Fourier transform
based auditory feature for language identification,” APCCAS 2008 - 2008 IEEE Asia
Pacific Conference on Circuits and Systems, Macao, 2008, pp. 209-212.
[13] Wang Jinfang and Wang Jinbao, ”Speaker recognition using features derived from
fractional Fourier transform,” Fourth IEEE Workshop on Automatic Identification
Advanced Technologies (AutoID’05), Buffalo, NY, USA, 2005, pp. 95-100.

SCOE TE (Computer)
Pune.