Symbol-Aware Emitter Fingerprinting
The Symbol-Aware Emitter Fingerprinting (SAEF) algorithm uniquely identifies mass produced radio emitters that share the same frequency and protocol. Manufacturing variation in analog components naturally leads to a small measure of overall uniqueness in such devices. SAEF is able to find data symbol locations within RF data and exploit these high energy transition points, significantly enhancing fingerprint uniqueness.
Details
Specs
Details
Due to manufacturing variation of analog components, the long term output power of an emitter is a unique histogram. However, as received power is largely a function of distance and the relative angles of the receiver and emitter’s antennas, the histograms are dominated by placement effects rather than component variation and the resulting histograms have significant overlap, impeding attempts to uniquely identify emitters.
Symbol-Aware Emitter Fingerprinting (SAEF) starts by finding the data symbols being communicated by radio emitters, identifying the segments of RF data for each symbol. As an emitter converts electricity to RF energy, component variation changes how fast conversion happens and how it over- and under-shoots ideal RF energy levels, especially at symbol transitions where energy flow is at a maximum. Knowing where the data symbols start and stop, SAEF looks for the repeating energy transfer pattern.
SAEF generates two metrics that, together, fingerprint the emitter. The first is a measure of the consistency of the over/under-shoots within a symbol, giving a score sensitive to the subtle shape of the symbols. A second metric responds to the overall power stability, giving a description of the incoming power and physical placement variation. When plotted with the two metrics as axis values, the emitters are distinct. Below are test results comparing four emitters (two mass-produced radios each tested on two mass-produced antennas). In the test data, SAEF’s symbol awareness makes possible unambiguous identification of emitters, even those that are mass-produced.
Fingerprint changes are correlated to physical changes in the emitter radio, amplifier, antenna, and supplied power. Changes can indicate damage, evasion, or power diversion ahead of an attack. With a known emitter, such as an adversary satellite, a fingerprint can be cataloged during benign operation and compared to current data for indication of mode change or equipment degradation.
With SAEF, it is possible to detect and count the number of approaching mesh-networked drones, count the number of cell phones in a building, verify the identity of a device sending commands, or even count the number of nearby soldiers wearing man-portable data systems.
Civilian uses include identifying contraband cell phones, estimating crowd size, intruder detection, verifying IoT command authenticity, and quickly detecting movement surges in protest groups.
Symbol-Aware Emitter Fingerprinting (SAEF) starts by finding the data symbols being communicated by radio emitters, identifying the segments of RF data for each symbol. As an emitter converts electricity to RF energy, component variation changes how fast conversion happens and how it over- and under-shoots ideal RF energy levels, especially at symbol transitions where energy flow is at a maximum. Knowing where the data symbols start and stop, SAEF looks for the repeating energy transfer pattern.
SAEF generates two metrics that, together, fingerprint the emitter. The first is a measure of the consistency of the over/under-shoots within a symbol, giving a score sensitive to the subtle shape of the symbols. A second metric responds to the overall power stability, giving a description of the incoming power and physical placement variation. When plotted with the two metrics as axis values, the emitters are distinct. Below are test results comparing four emitters (two mass-produced radios each tested on two mass-produced antennas). In the test data, SAEF’s symbol awareness makes possible unambiguous identification of emitters, even those that are mass-produced.
Fingerprint changes are correlated to physical changes in the emitter radio, amplifier, antenna, and supplied power. Changes can indicate damage, evasion, or power diversion ahead of an attack. With a known emitter, such as an adversary satellite, a fingerprint can be cataloged during benign operation and compared to current data for indication of mode change or equipment degradation.
With SAEF, it is possible to detect and count the number of approaching mesh-networked drones, count the number of cell phones in a building, verify the identity of a device sending commands, or even count the number of nearby soldiers wearing man-portable data systems.
Civilian uses include identifying contraband cell phones, estimating crowd size, intruder detection, verifying IoT command authenticity, and quickly detecting movement surges in protest groups.
The fingerprint metrics are parametric and can be adjusted to create a form of VPN, a method of authentication unique among a set of otherwise exposed IoT devices.
Specs
Supported Encodings: PSK, QAM
Output: 2D uniqueness measure for each symbol found
Encrypted data supported
Applications: IoT authentication, Counting Emitters, Detecting Emitter Changes
