1. Field of the Invention
Subject matter disclosed herein relate generally to radio fingerprinting of transmitted signals, and more particularly, to countermeasures to radio fingerprinting employed within radio transmitters.
2. Introduction
Radio Fingerprinting is a technique that uniquely identifies a transceiver based on features of the signal it generates. Physical-layer fingerprinting techniques comprise two groups: transient signal analysis and steady state signal analysis. A transient signal is transmitted upon transmitter stage power up and power down. The transient signal occurs in the short period (typically micro seconds) during which capacitive loads charge or discharge, the power amplifier ramps its power output, and, in some cases, when the frequency synthesizer transitions between steady state frequency generation and power-off. The steady-state period of a signal transmission is defined here as the period between the start and end transients.
In the electronic warfare arena, specific emitter identification techniques have been developed at the Naval Research Laboratory to catalog radar transmitters, and to later intercept a radar signal and uniquely identify the radar transmitter that is the source of that signal.
K. J. Ellis and N. Serinken, Radio Science, Vol. 36, No. 4, pp. 585-597, July-August 2001 discusses extracting features from the transient start-up phase of a VHF radio transmission and using those characteristics to unambiguously identify a transmitter.
S. C. G. Periaswamy, D. R. Thompson, J. Di, “Fingerprinting RFID Tags”, IEEE Transactions on Dependable and Secure Computing, 21 Oct. 2010, IEEE computer Society Digital Library, <http://doi.ieeecomputersociety.org/10.1109/TDSC.2010.56> discusses using a tag's minimum power responses at multiple frequencies as a unique fingerprint.
N. Saparkhojayev and D. R. Thompson, in “Matching Electronic Fingerprints of RFID Tags using the Hotelling's Algorithm,” IEEE Sensors Applications Symposium, New Orleans, La., Feb. 17-19, 2009, proposes creating an electronic fingerprint of a tag with different features, such as amplitude, frequency, phase, and timing, and using the Hotelling's T2 algorithm to compare a tag's fingerprint with a fingerprint database.
D. Zanetti, B. Danev, and S. Capkun, in “Physical-layer identification of UHF RFID Tags”, Proceedings of the Sixteenth Annual International Conference on Mobile Computing and Networking, MobiCom '10 on Sep. 20-24, 2010 in Chicago, Ill., ACM, pp. 353-364, employs measured time-domain and spectral-domain features of passive UHF RFID tag preambles for classifying and identifying RFID tags.
U.S. Patent Publication No. 2006/0181394 describes comparing an RFID tag fingerprint to an expected RF fingerprint, wherein the fingerprints are measurements of signal amplitude, phase, and frequency. Other U.S. patents and patent applications in this area include U.S. Patent Application Publication No. 20030234718, U.S. Pat. No. 5,420,910, U.S. Pat. No. 6,229,445, U.S. Patent Application Publication No. 20080079540, U.S. Pat. No. 5,420,910, and U.S. Patent Application Publication No. 20090201133.
An RF fingerprinting process comprises the steps shown in FIG. 1. An analog signal is converted to a digital signal 101. Once in a digital form, the transient portion of the signal is extracted 102. Upon isolating the transient, the amplitude, frequency and phase components of the transient are extracted 103. These components are used for the extraction of specific features that define a transceiver-print 104. A statistical classifier is used to determine if a given transceiver-print is normal or anomalous 105. Finally, a decision filter is applied to the classification results of a set of transceiver-prints in order to render a final decision regarding the status (e.g. authorized or intruder) of a device 106.
Transient analysis, rather than steady-state signal analysis, is the most common type of radio fingerprinting. However, digital transmitters intentionally introduce repetitive sequences, such as preambles, to simplify receiver design and enhance multiple access in the radio channel. This makes steady-state signal analysis feasible.
Steady state signals offer a relatively attractive alternative to transient analysis. If discrimination is performed in the frequency domain, the use of standard low-cost ADC sample rates and receiver architectures are possible.
Similar to a transient signal's fingerprint, the unique electromagnetic fingerprint of a steady-state signal arises from component design (e.g., filters, power amplifiers, inductors, capacitors, etc.), same-component manufacturing tolerance spread, PCB materials and PCB soldering etc. Since signal detection cannot identify which variances in transmitter components account for which features in a measured signal, adaptations to the RF transmit chain and/or the baseband synthesis of the transmitted signals may be performed to defeat radio fingerprinting, generate multiple radio identities, and/or spoof radio fingerprints. These and other needs in the field are addressed by aspects of the present invention.