Active Attacks Against Modulation-based Radiometric Identification

Radiometric identification is a recently coined term that describes a broad category of techniques for determining the identity of a wireless device based on unique characteristics of its transmitted signal that result from imperfections and variances in the device’s manufacturing processes. Existing techniques are based on extracting and classifying features from either the transient portion of a signal or, most recently, from patterns of modulation errors in a received signal, such as symbol phase and magnitude errors. While the latter approach was shown to be extremely successful in correctly identifying wireless devices using an expensive high-end signal analyzer, its accuracy has not been considered or evaluated under realistic deployment scenarios in the presence of an adversary who actively tries to manipulate his own radiometric signature. Using a software-defined radio platform and an implementation of the IEEE 802.11b PHY layer, we provide preliminary results that suggest a modulation-based radiometric identification system is both feasible and reasonably reliable on commodity hardware. We also experimentally evaluate the effectiveness of an attacker who actively tries to manipulate his radiometric signature in order to impersonate another 802.11b wireless device. We show that even a moderately sophisticated adversary can likely significantly reduce the accuracy of a modulation-based radiometric identification scheme based on a commodity RF hardware platform.