Symbol-Aware Emitter Fingerprinting
The Symbol-Aware Emitter Fingerprinting (SAEF) algorithm uniquely identifies mass produced radio emitters that share the same frequency and protocol. Manufacturing variation in analog components naturally leads to a small measure of overall uniqueness in such devices. SAEF is able to find data symbol locations within RF data and exploit these high energy transition points, significantly enhancing fingerprint uniqueness.
Symbol-Aware Emitter Fingerprinting (SAEF) starts by finding the data symbols being communicated by radio emitters, identifying the segments of RF data for each symbol. As an emitter converts electricity to RF energy, component variation changes how fast conversion happens and how it over- and under-shoots ideal RF energy levels, especially at symbol transitions where energy flow is at a maximum. Knowing where the data symbols start and stop, SAEF looks for the repeating energy transfer pattern.
SAEF generates two metrics that, together, fingerprint the emitter. The first is a measure of the consistency of the over/under-shoots within a symbol, giving a score sensitive to the subtle shape of the symbols. A second metric responds to the overall power stability, giving a description of the incoming power and physical placement variation. When plotted with the two metrics as axis values, the emitters are distinct. Below are test results comparing four emitters (two mass-produced radios each tested on two mass-produced antennas). In the test data, SAEF’s symbol awareness makes possible unambiguous identification of emitters, even those that are mass-produced.
Fingerprint changes are correlated to physical changes in the emitter radio, amplifier, antenna, and supplied power. Changes can indicate damage, evasion, or power diversion ahead of an attack. With a known emitter, such as an adversary satellite, a fingerprint can be cataloged during benign operation and compared to current data for indication of mode change or equipment degradation.
With SAEF, it is possible to detect and count the number of approaching mesh-networked drones, count the number of cell phones in a building, verify the identity of a device sending commands, or even count the number of nearby soldiers wearing man-portable data systems.
Civilian uses include identifying contraband cell phones, estimating crowd size, intruder detection, verifying IoT command authenticity, and quickly detecting movement surges in protest groups.