Analysis of impersonation attacks on systems using RF fingerprinting and low-end receivers

Rehman, Saeed Ur; Sowerby, K.W.; Coghill, Colin

doi:10.1016/j.jcss.2013.06.013

Cited by 65 publications

(35 citation statements)

References 26 publications

(50 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Transient-based fingerprinting requires at least 4 Gsps [3,4], which is not possible with USRP receivers that have a 25 Msps limit. However, spectral fingerprinting using wireless preambles has recently been demonstrated with USRP receivers [22,23]. Initial results suggest lower device differentiation accuracy and higher receiver-specific variability with USRP receivers than with high-end receivers.…”

Section: Introductionmentioning

confidence: 99%

“…In order to be commercially viable, the radio frequency fingerprinting of low-cost WPANs in critical infrastructure applications must be practical and must leverage inexpensive, smallform-factor receiver technologies. Ur Rehman et al [22,23] were among the first to attempt robust radio frequency fingerprinting using low-cost USRP receivers. Their fingerprints consist solely of power spectral density (PSD) features of IEEE 802.11a (5 GHz WiFi) preambles.…”

mentioning

confidence: 99%

“…Radio frequency fingerprinting methodology Since the USRP sampling rate is insufficient for transientbased radio frequency fingerprinting [3,4] and recent research has demonstrated the accuracy limitation of fingerprinting based on power spectral density [19,22,23], the methodology presented in this paper leverages the instantaneous time-domain features of the wireless preamble. Robust signal processing techniques, including frequency down-conversion and baseband filtering strategies, are used to further improve performance.…”

mentioning

confidence: 99%

See 2 more Smart Citations

Wireless infrastructure protection using low-cost radio frequency fingerprinting receivers

Ramsey

Stubbs

Mullins

et al. 2015

International Journal of Critical Infrastructure Protection

View full text Add to dashboard Cite

Physical layer security WPAN Spoofing ZigBee Networks a b s t r a c t Low-data-rate wireless networks incorporated in critical infrastructure applications can be protected through 128-bit encryption keys and address-based access control lists. However, these bit-level credentials are vulnerable to interception, extraction and spoofing using software tools available free of charge on the Internet. Recent research has demonstrated that wireless physical layer device fingerprinting can be used to defend against replay and spoofing attacks. However, radio frequency (RF) fingerprinting typically uses expensive signal collection systems; this is because fingerprinting wireless devices with low-cost receivers has been reported to have inconsistent accuracy. This paper demonstrates a robust radio frequency fingerprinting process that is consistently accurate with both highend and low-cost receivers. Indeed, the results demonstrate that low-cost software-defined radios can be used to perform accurate radio frequency fingerprinting and to identify spoofing attacks in critical IEEE 802.15.4-based infrastructure networks such as ZigBee.Published by Elsevier B.V. IntroductionLow-cost, low-data-rate wireless connectivity is pervasive in critical infrastructure applications. IEEE 802.15.4-based wireless personal area networks (WPANs) operate in one-quarter of the surveyed wireless industrial control systems [1], communicate with tens of millions of smart meters [7] and are trusted components in numerous civilian and military healthcare facilities [12,21]. Security in such systems is often an afterthought, exposing critical WPANs to malicious attacks. A recent analysis of WPANs in ten U.S. cities revealed that healthcare and utility control networks operate with faulty security or none at all [17]. The threats to the critical infrastructure and other WPAN applications [15,20] are ever increasing as open source attack tools such as KillerBee [24] and Api-do [9] become more sophisticated.WPAN security is challenging due to the cost, power and computational constraints levied on IEEE 802.15.4-based hardware. Secure, albeit computationally-intensive, intrusion detection algorithms have been developed for high-power networks, but they are impractical for WPAN applications. While networklayer encryption is a viable option for critical networks, attackers can readily extract keys from inexpensive WPAN hardware when tamper resistance is not a design priority [2,8].A promising solution for securing WPANs without placing additional burden on end devices is radio frequency (RF) fingerprinting. In such a system, an "air monitor" passively observes WPAN packets and identifies message spoofing (e.g., http://dx.(B.W. Ramsey). i n t e r n a t i o n a l j o u r n a l o f c r i t i c a l i n f r a s t r u c t u r e p r o t e c t i o n ] ( ] ] ] ] ) ] ] ] -] ] ] Please cite this article as: B.W. Ramsey, et al., Wireless infrastructure protection using low-cost radio frequency fingerprinting receivers, International Journal of Critical Infrastructu...

show abstract

Section: Introductionmentioning

confidence: 99%

mentioning

confidence: 99%

mentioning

confidence: 99%

See 1 more Smart Citation

Wireless infrastructure protection using low-cost radio frequency fingerprinting receivers

Ramsey

Stubbs

Mullins

et al. 2015

International Journal of Critical Infrastructure Protection

View full text Add to dashboard Cite

show abstract

“…However, SAKE is based on ICE, the same primitive used by SCUBA, which relies on strict time measurements. One alternative solution to authenticate sensor nodes is the use of Radio Frequency fingerprint techniques which enable the identification of individual devices by the unique characteristics of their radio transmitter [Ureten and Serinken 2007;Rehman et al 2014;Knox and Kunz 2015].…”

Section: Overoptimistic Assumptionsmentioning

confidence: 99%

Attestation in Wireless Sensor Networks

Steiner

Lupu

2016

ACM Comput. Surv.

View full text Add to dashboard Cite

Attestation is a mechanism used by a trusted entity to validate the software integrity of an untrusted platform. Over the last years, several attestation techniques have been proposed. While they all use variants of a challenge-response protocol, they make different assumptions about what an attacker can and cannot do. Thus, they propose intrinsically divergent validation approaches. We survey in this paper the different approaches to attestation focussing in particular on those aimed at Wireless Sensor Networks. We discuss the motivations, challenges, assumptions, and attacks of each approach. We then organise them in a taxonomy and discuss the state of the art, carefully analysing the advantages and disadvantages of each proposal. We also point towards the open research problems and give directions on how to address them.

show abstract

“…Since the intruder may duplicate the secure tokens or passwords, the inherent physical layer characteristics of the radio emitters have been exploited to improve the security mechanism [1][2]. There are minute differences between different radio emitters because of imperfect manufacturing processes.…”

Section: Introductionmentioning

confidence: 99%