Secure wireless network using radiometric signatures

US 10,397,080 B2
Filed: 05/19/2017
Issued: 08/27/2019
Est. Priority Date: 09/08/2008
Status: Active Grant

First Claim

Patent Images

1. A radio frequency (RF) transceiver for securely communicating network data, the RF transceiver comprising:

an analog radio section configured to receive a radio signal from an antenna, the analog radio section having a phase demodulation circuit configured to demodulate the radio signal to produce analog in-phase (I) and quadrature-phase (Q) signals;

a monitor circuit configured to produce digital radiometric data from the analog I and Q signals, the digital radiometric data characterizing a modulation parameter of a transceiver of a device, wherein the modulation parameter provides a measure of a difference between ideal and measured values determined with respect to a constellation producing an error;

an Analog to Digital Converter (ADC) configured to convert the analog I and Q signals to digital I and Q signals;

a digital radio section configured to receive the digital I and Q signals from the ADC, the digital radio section having a decoder configured to match phases of the digital I and Q signals to symbols for decoding network data; and

a processor executing a program stored in a non-transient medium operable to;

receive each of digital radiometric data comprising an error and network data originating from a device;

compare the digital radiometric data comprising the error to a plurality of radiometric templates corresponding to transceivers of a plurality of devices, each radiometric template comprising digital radiometric data characterizing a modulation parameter of a transceiver of a device, wherein the modulation parameter provides a measure of a difference between ideal and measured values determined with respect to a constellation producing an error, wherein the comparison provides a measure of difference between the error of the device and errors of the templates;

authenticate the device when the digital radiometric data matches a radiometric template of the plurality of radiometric templates as determined by the comparison to within a predetermined threshold;

generate an output indicating a possible security violation when the digital radiometric data fails to match a radiometric template of the plurality of radiometric templates as determined by the comparison to within the predetermined threshold.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network security system for wireless devices derives a fingerprint from the modulation imperfections of the analog circuitry of the wireless transceivers. These fingerprints may be compared to templates obtained when the wireless devices are initially commissioned in a secure setting and used to augment passwords or other security tools in detecting intruders on the network.

Citations

19 Claims

1. A radio frequency (RF) transceiver for securely communicating network data, the RF transceiver comprising:
- an analog radio section configured to receive a radio signal from an antenna, the analog radio section having a phase demodulation circuit configured to demodulate the radio signal to produce analog in-phase (I) and quadrature-phase (Q) signals;
  
  a monitor circuit configured to produce digital radiometric data from the analog I and Q signals, the digital radiometric data characterizing a modulation parameter of a transceiver of a device, wherein the modulation parameter provides a measure of a difference between ideal and measured values determined with respect to a constellation producing an error;
  
  an Analog to Digital Converter (ADC) configured to convert the analog I and Q signals to digital I and Q signals;
  
  a digital radio section configured to receive the digital I and Q signals from the ADC, the digital radio section having a decoder configured to match phases of the digital I and Q signals to symbols for decoding network data; and
  
  a processor executing a program stored in a non-transient medium operable to;
  
  receive each of digital radiometric data comprising an error and network data originating from a device;
  
  compare the digital radiometric data comprising the error to a plurality of radiometric templates corresponding to transceivers of a plurality of devices, each radiometric template comprising digital radiometric data characterizing a modulation parameter of a transceiver of a device, wherein the modulation parameter provides a measure of a difference between ideal and measured values determined with respect to a constellation producing an error, wherein the comparison provides a measure of difference between the error of the device and errors of the templates;
  
  authenticate the device when the digital radiometric data matches a radiometric template of the plurality of radiometric templates as determined by the comparison to within a predetermined threshold;
  
  generate an output indicating a possible security violation when the digital radiometric data fails to match a radiometric template of the plurality of radiometric templates as determined by the comparison to within the predetermined threshold.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The RF transceiver of claim 1, wherein the modulation parameter is a symbol phase error, a symbol magnitude error or a symbol error vector magnitude.
  - 3. The RF transceiver of claim 2, wherein the digital I and Q signals are decoded using Quadrature Phase-Shift Keying (QPSK).
  - 4. The RF transceiver of claim 1, wherein the digital radiometric data is compared to the plurality of radiometric templates using at least one of:
    - k-nearest-neighbor, support vector machines, decision trees, neural networks, Bayesian-based algorithms, polynomial classifiers, regression fitting, hidden Markov models, Gaussian mixture models, radial basis functions, classifier boosting and classifier ensembles.
  - 5. The RF transceiver of claim 1, wherein the comparison employs a combination of at least two different comparison algorithms operating independently to make a comparison and then combine the results.
  - 6. The RF transceiver of claim 1, further comprising, upon the processor matching the digital radiometric data to a radiometric template corresponding to a transceiver of a device, authenticating a network data authenticator assigned to the device.
  - 7. The RF transceiver of claim 6, wherein the network data authenticator is a password or encryption key.
  - 8. The RF transceiver of claim 6, further comprising, when the digital radiometric data fails to match a radiometric template of the plurality of radiometric templates, revoking an authorization of the device.
  - 9. The RF transceiver of claim 1, wherein the analog radio section further includes an amplifier configured to amplify the radio signal from the antenna and a filter configured to remove out-of-band signals from the radio signal.
  - 10. The RF transceiver of claim 1, wherein the RF transceiver is configured to communicate the network data according to an IEEE 802.11 wireless standard.
  - 11. The RF transceiver of claim 1, further comprising a Digital to Analog Converter (DAC), wherein the digital radio section further includes an encoder configured to produce digital I and Q signals, wherein the DAC is configured to convert the digital I and Q signals to analog I and Q signals, and wherein the analog radio section further includes a mixer configured to produce a radio signal from the analog I and Q signals.
  - 12. The RF transceiver of claim 1, wherein the difference is between an ideal vector representing a perfectly modulated quadrature carrier and an actual vector representing a measured point.

13. A method for securely communicating network data using a radio frequency (RF) transceiver having analog and digital radio sections, the method comprising:
- receiving a radio signal in the analog radio section from an antenna, the radio signal originating from a device;
  
  demodulating the radio signal in the analog radio section to produce analog in-phase (I) and quadrature-phase (Q) signals;
  
  producing digital radiometric data from the analog I and Q signals, the digital radiometric data characterizing a modulation parameter of a transceiver of a device, wherein the modulation parameter provides a measure of a difference between ideal and measured values determined with respect to a constellation producing an error;
  
  using an Analog to Digital Converter (ADC) to convert the analog I and Q signals to digital I and Q signals;
  
  receiving the digital I and Q signals in the digital radio section from the ADC;
  
  matching phases of the digital I and Q signals to a symbol in the digital radio section for decoding network data; and
  
  receiving each of digital radiometric data comprising the error and the network data at a processor;
  
  comparing the digital radiometric data comprising the error to a plurality of radiometric templates corresponding to transceivers of a plurality of devices, each radiometric template comprising digital radiometric data characterizing a modulation parameter of a transceiver of a device, wherein the modulation parameter provides a measure of a difference between ideal and measured values determined with respect to a constellation producing an error, wherein the comparison provides a measure of difference between the error of the device and error of the templates;
  
  authenticating the device when the digital radiometric data matches a radiometric template of the plurality of radiometric templates as determined by the comparison to within a predetermined threshold; and
  
  generating an output indicating a possible security violation when the digital radiometric data fails to match a radiometric template of the plurality of radiometric templates as determined by the comparison to within the predetermined threshold.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The method of claim 13, wherein the modulation parameter is a symbol phase error, a symbol magnitude error or a symbol error vector magnitude.
  - 15. The method of claim 14, further comprising the digital I and Q signals being decoded using Quadrature Phase-Shift Keying (QPSK).
  - 16. The method of claim 13, wherein the digital radiometric data is compared to the plurality of radiometric templates using at least one of:
    - k-nearest-neighbor, support vector machines, decision trees, neural networks, Bayesian-based algorithms, polynomial classifiers, regression fitting, hidden Markov models, Gaussian mixture models, radial basis functions, classifier boosting, and classifier ensembles.
  - 17. The method of claim 16, wherein the comparison employs a combination of at least two different comparison algorithms operating independently to make a comparison and then combine the results.
  - 18. The method of claim 13, further comprising, upon the processor matching the digital radiometric data to a radiometric template corresponding to a transceiver of a device, authenticating a network data authenticator assigned to the device.
  - 19. The method of claim 13, further comprising, when the digital radiometric data fails to match a radiometric template of the plurality of radiometric templates, revoking an authorization of the device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Wisconsin Alumni Research Foundation (University of Wisconsin System)
Original Assignee
Wisconsin Alumni Research Foundation (University of Wisconsin System)
Inventors
Brik, Vladimir Alexander, Banerjee, Suman
Primary Examiner(s)
Poltorak, Piotr

Application Number

US15/600,220
Publication Number

US 20170257300A1
Time in Patent Office

830 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 43/028   by filtering

H04L 43/04   Processing captured monitor...

H04L 43/0835   One way packet loss

H04L 45/742   Route cache; Operation thereof

H04L 47/20   Traffic policing

H04L 69/12   Protocol engines

H04L 69/22   Parsing or analysis of headers

Y02D 30/00   Reducing energy consumption...

Secure wireless network using radiometric signatures

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Secure wireless network using radiometric signatures

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links