Non-parametric feature generation for RF-fingerprinting on ZigBee devices

As the Internet of Things becomes a reality, proliferation of wireless devices such as ZigBee nodes has accelerated. Their presence is now wide spread in sensitive areas such as home automation, industrial control systems, medical devices and security systems. As their popularity has increased, so has the urgency to protect and defend these networks. The decentralized nature of ZigBee ad-hoc networks creates unique security challenges for maintaining network security and intrusion detection. RF-fingerprinting provides a unique physical (PHY) layer defense against node counterfeiting by identifying rogue devices through their RF-emissions. In previous work, feature generation from received RF signals was accomplished with parametric variables such as standard deviation, variance, skewness, and kurtosis, all based on the assumption of a normal distribution of a particular region of interest. We show in this work that most collected signals are either multi-modal or non-parametric. Use of non-parametric methods for feature generation such as mean, median, mode, and trend represented by linear model coefficient estimates are shown to be much more applicable to the non-parametric distribution of the collected ZigBee preamble, resulting in improved classification performance of devices. Non-parametric classifier Random Forest is used with both parametric and non-parametric features to provide a classification performance comparison. Performance improvements of upto 9% in correct classification rates have been achieved and an effective gain of 4 dB SNR was realized.1

[1]  Gianluca Dini,et al.  Considerations on Security in ZigBee Networks , 2010, 2010 IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing.

[2]  François-Xavier Standaert,et al.  Stealthy Compromise of Wireless Sensor Nodes with Power Analysis Attacks , 2010, MOBILIGHT.

[3]  Irwin O. Kennedy,et al.  Feature extraction approaches to RF fingerprinting for device identification in femtocells , 2010, Bell Labs Technical Journal.

[4]  Kevin W. Sowerby,et al.  Analysis of receiver front end on the performance of RF fingerprinting , 2012, 2012 IEEE 23rd International Symposium on Personal, Indoor and Mobile Radio Communications - (PIMRC).

[5]  J. W. Lee,et al.  ZigBee Device Design and Implementation for Context-Aware U-Healthcare System , 2007, 2007 Second International Conference on Systems and Networks Communications (ICSNC 2007).

[6]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[7]  Joan Arnedo-Moreno,et al.  ZigBee/ZigBee PRO Security Assessment Based on Compromised Cryptographic Keys , 2010, 2010 International Conference on P2P, Parallel, Grid, Cloud and Internet Computing.

[8]  Benjamin W. P. Ramsey,et al.  An RF-DNA verification process for ZigBee networks , 2012, MILCOM 2012 - 2012 IEEE Military Communications Conference.

[9]  Srdjan Capkun,et al.  Attacks on physical-layer identification , 2010, WiSec '10.

[10]  Pekka Toivanen,et al.  Security Threats in ZigBee-Enabled Systems: Vulnerability Evaluation, Practical Experiments, Countermeasures, and Lessons Learned , 2013, 2013 46th Hawaii International Conference on System Sciences.

[11]  Benjamin W. P. Ramsey,et al.  ZigBee Device Verification for Securing Industrial Control and Building Automation Systems , 2013, Critical Infrastructure Protection.

[12]  Joshua Jaffe,et al.  A First-Order DPA Attack Against AES in Counter Mode with Unknown Initial Counter , 2007, CHES.

[13]  V. Croitoru,et al.  ZigBee Sensor Networks Telesurveillance , 2011, ISSCS 2011 - International Symposium on Signals, Circuits and Systems.

[14]  Liji Wu,et al.  Power analysis attacks on wireless sensor nodes using CPU smart card , 2013, 2013 22nd Wireless and Optical Communication Conference.

[15]  Kevin W. Sowerby,et al.  Analysis of impersonation attacks on systems using RF fingerprinting and low-end receivers , 2014, J. Comput. Syst. Sci..

[16]  Rong Zheng,et al.  Device fingerprinting to enhance wireless security using nonparametric Bayesian method , 2011, 2011 Proceedings IEEE INFOCOM.

[17]  Keith E. Nolan,et al.  Radio Transmitter Fingerprinting: A Steady State Frequency Domain Approach , 2008, 2008 IEEE 68th Vehicular Technology Conference.

[18]  D. Egan The emergence of ZigBee in building automation and industrial control , 2005 .

[19]  Robert C. Green,et al.  Intrusion Detection System in A Multi-Layer Network Architecture of Smart Grids by Yichi , 2015 .

[20]  Ing-Ray Chen,et al.  Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems , 2013, IEEE Transactions on Reliability.

[21]  Michael A. Temple,et al.  Improving ZigBee Device Network Authentication Using Ensemble Decision Tree Classifiers with RF-DNA Fingerprinting , 2015 .

[22]  M.M. Buddhikot,et al.  Passive Steady State RF Fingerprinting: A Cognitive Technique for Scalable Deployment of Co-Channel Femto Cell Underlays , 2008, 2008 3rd IEEE Symposium on New Frontiers in Dynamic Spectrum Access Networks.