An RF-DNA verification process for ZigBee networks

Impersonation of authorized network devices is a serious concern in applications involving monitoring and control of battlefield operations and military installation infrastructure-ZigBee is among the ad hoc network alternatives used for such purposes. There are considerable security concerns given the availability of ZigBee “hacking” tools that have evolved from methods used for IEEE 802.11 Wi-Fi and IEEE 802.15.1 Bluetooth attacks. To mitigate the effectiveness of these bit-level attacks, RF waveform features within the lowest OSI physical (PHY) layer are used to augment bit-level security mechanisms within higher OSI layers. The evolution of RF `Distinct Native Attribute´ (RF-DNA) fingerprinting continues here with a goal toward improving defensive RF Intelligence (RFINT) measures and enhancing rogue device detection. Demonstrations here involve ZigBee burst collection and RF-DNA fingerprint generation using experimentally collected emissions from like-model CC2420 ZigBee devices operating at 2.4 GHz. RF-DNA fingerprints from 7 authorized devices are used for Multiple Discriminant Analysis (MDA) training and authorized device classification performance assessed, i.e. answering: “Is the device 1 of M authorized devices?” Additional devices are introduced as impersonating rogue devices attempting to gain unauthorized network access by presenting false bit-level credentials for one of the M authorized devices. Granting or rejecting rogue network access is addressed using a claimed identity verification process, i.e, answering: “Does the device´s current RF-DNA match its claimed bit-level identity?” For authorized devices, arbitrary classification and verification benchmarks of %C>; 90% and %V >; 90% are achieved at SNR≈10.0 dB using a test statistic based on assumed Multivariate Gaussian (MVG) likelihood values. Overall, rogue device rejection capability is promising using the same verification test - tatistic, with %V <; 10% (90% or better rejection) achieved for 11 of 14 rogue trials. One case yielded near 85% rogue verification (unauthorized access) and security cannot be a matter of chance-work continues to find a more robust test statistic and improve the proposed process.