Title :
An RF-DNA verification process for ZigBee networks
Author :
Dubendorfer, C.K. ; Ramsey, Benjamin W. ; Temple, Michael A.
Author_Institution :
Deptartment of Electr. & Comput. Eng., US Air Force Inst. of Technol., Dayton, OH, USA
fDate :
Oct. 29 2012-Nov. 1 2012
Abstract :
Impersonation of authorized network devices is a serious concern in applications involving monitoring and control of battlefield operations and military installation infrastructure-ZigBee is among the ad hoc network alternatives used for such purposes. There are considerable security concerns given the availability of ZigBee “hacking” tools that have evolved from methods used for IEEE 802.11 Wi-Fi and IEEE 802.15.1 Bluetooth attacks. To mitigate the effectiveness of these bit-level attacks, RF waveform features within the lowest OSI physical (PHY) layer are used to augment bit-level security mechanisms within higher OSI layers. The evolution of RF `Distinct Native Attribute´ (RF-DNA) fingerprinting continues here with a goal toward improving defensive RF Intelligence (RFINT) measures and enhancing rogue device detection. Demonstrations here involve ZigBee burst collection and RF-DNA fingerprint generation using experimentally collected emissions from like-model CC2420 ZigBee devices operating at 2.4 GHz. RF-DNA fingerprints from 7 authorized devices are used for Multiple Discriminant Analysis (MDA) training and authorized device classification performance assessed, i.e. answering: “Is the device 1 of M authorized devices?” Additional devices are introduced as impersonating rogue devices attempting to gain unauthorized network access by presenting false bit-level credentials for one of the M authorized devices. Granting or rejecting rogue network access is addressed using a claimed identity verification process, i.e, answering: “Does the device´s current RF-DNA match its claimed bit-level identity?” For authorized devices, arbitrary classification and verification benchmarks of %C>; 90% and %V >; 90% are achieved at SNR≈10.0 dB using a test statistic based on assumed Multivariate Gaussian (MVG) likelihood values. Overall, rogue device rejection capability is promising using the same verification test - tatistic, with %V <; 10% (90% or better rejection) achieved for 11 of 14 rogue trials. One case yielded near 85% rogue verification (unauthorized access) and security cannot be a matter of chance-work continues to find a more robust test statistic and improve the proposed process.
Keywords :
Gaussian processes; Zigbee; ad hoc networks; authorisation; computer crime; fingerprint identification; military communication; telecommunication security; wireless LAN; CC2420 ZigBee device; IEEE 802.11 Wi-Fi attack; IEEE 802.15.1 Bluetooth attack; MDA; MVG likelihood value; OSI physical layer; RF Intelligence; RF distinct native attribute; RF waveform feature; RF-DNA fingerprint generation; RF-DNA fingerprinting; RF-DNA verification process; RFINT; SNR; ZigBee burst collection; ZigBee network; ad hoc network; authorized device classification performance; authorized network device; battlefield operation; bit-level attack; bit-level identity; bit-level security mechanism; device detection; false bit-level credential; frequency 2.4 GHz; hacking tool; identity verification process; impersonation; military installation infrastructure; multiple discriminant analysis; multivariate Gaussian likelihood value; rogue device rejection capability; unauthorized network access; verification test statistic; Fingerprint recognition; Performance evaluation; Radio frequency; Security; Signal to noise ratio; Training; Zigbee; RF-DNA; ZigBee; authentication; fingerprinting; network security; verification;
Conference_Titel :
MILITARY COMMUNICATIONS CONFERENCE, 2012 - MILCOM 2012
Conference_Location :
Orlando, FL
Print_ISBN :
978-1-4673-1729-0
DOI :
10.1109/MILCOM.2012.6415804
