Secure wireless network using radiometric signatures
First Claim
Patent Images
1. A radio frequency (RF) transceiver for securely communicating network data, the RF transceiver comprising:
- an analog radio section configured to receive a radio signal from an antenna, the analog radio section having a phase demodulation circuit configured to demodulate the radio signal to produce analog in-phase (I) and quadrature-phase (Q) signals;
a monitor circuit configured to produce digital radiometric data from the analog I and Q signals, the digital radiometric data characterizing a modulation parameter of a transceiver of a device, wherein the modulation parameter provides a measure of a difference between ideal and measured values determined with respect to a constellation producing an error;
an Analog to Digital Converter (ADC) configured to convert the analog I and Q signals to digital I and Q signals;
a digital radio section configured to receive the digital I and Q signals from the ADC, the digital radio section having a decoder configured to match phases of the digital I and Q signals to symbols for decoding network data; and
a processor executing a program stored in a non-transient medium operable to;
receive each of digital radiometric data comprising an error and network data originating from a device;
compare the digital radiometric data comprising the error to a plurality of radiometric templates corresponding to transceivers of a plurality of devices, each radiometric template comprising digital radiometric data characterizing a modulation parameter of a transceiver of a device, wherein the modulation parameter provides a measure of a difference between ideal and measured values determined with respect to a constellation producing an error, wherein the comparison provides a measure of difference between the error of the device and errors of the templates;
authenticate the device when the digital radiometric data matches a radiometric template of the plurality of radiometric templates as determined by the comparison to within a predetermined threshold;
generate an output indicating a possible security violation when the digital radiometric data fails to match a radiometric template of the plurality of radiometric templates as determined by the comparison to within the predetermined threshold.
2 Assignments
0 Petitions
Accused Products
Abstract
A network security system for wireless devices derives a fingerprint from the modulation imperfections of the analog circuitry of the wireless transceivers. These fingerprints may be compared to templates obtained when the wireless devices are initially commissioned in a secure setting and used to augment passwords or other security tools in detecting intruders on the network.
-
Citations
19 Claims
-
1. A radio frequency (RF) transceiver for securely communicating network data, the RF transceiver comprising:
-
an analog radio section configured to receive a radio signal from an antenna, the analog radio section having a phase demodulation circuit configured to demodulate the radio signal to produce analog in-phase (I) and quadrature-phase (Q) signals; a monitor circuit configured to produce digital radiometric data from the analog I and Q signals, the digital radiometric data characterizing a modulation parameter of a transceiver of a device, wherein the modulation parameter provides a measure of a difference between ideal and measured values determined with respect to a constellation producing an error; an Analog to Digital Converter (ADC) configured to convert the analog I and Q signals to digital I and Q signals; a digital radio section configured to receive the digital I and Q signals from the ADC, the digital radio section having a decoder configured to match phases of the digital I and Q signals to symbols for decoding network data; and a processor executing a program stored in a non-transient medium operable to; receive each of digital radiometric data comprising an error and network data originating from a device; compare the digital radiometric data comprising the error to a plurality of radiometric templates corresponding to transceivers of a plurality of devices, each radiometric template comprising digital radiometric data characterizing a modulation parameter of a transceiver of a device, wherein the modulation parameter provides a measure of a difference between ideal and measured values determined with respect to a constellation producing an error, wherein the comparison provides a measure of difference between the error of the device and errors of the templates; authenticate the device when the digital radiometric data matches a radiometric template of the plurality of radiometric templates as determined by the comparison to within a predetermined threshold; generate an output indicating a possible security violation when the digital radiometric data fails to match a radiometric template of the plurality of radiometric templates as determined by the comparison to within the predetermined threshold. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for securely communicating network data using a radio frequency (RF) transceiver having analog and digital radio sections, the method comprising:
-
receiving a radio signal in the analog radio section from an antenna, the radio signal originating from a device; demodulating the radio signal in the analog radio section to produce analog in-phase (I) and quadrature-phase (Q) signals; producing digital radiometric data from the analog I and Q signals, the digital radiometric data characterizing a modulation parameter of a transceiver of a device, wherein the modulation parameter provides a measure of a difference between ideal and measured values determined with respect to a constellation producing an error; using an Analog to Digital Converter (ADC) to convert the analog I and Q signals to digital I and Q signals; receiving the digital I and Q signals in the digital radio section from the ADC; matching phases of the digital I and Q signals to a symbol in the digital radio section for decoding network data; and receiving each of digital radiometric data comprising the error and the network data at a processor; comparing the digital radiometric data comprising the error to a plurality of radiometric templates corresponding to transceivers of a plurality of devices, each radiometric template comprising digital radiometric data characterizing a modulation parameter of a transceiver of a device, wherein the modulation parameter provides a measure of a difference between ideal and measured values determined with respect to a constellation producing an error, wherein the comparison provides a measure of difference between the error of the device and error of the templates; authenticating the device when the digital radiometric data matches a radiometric template of the plurality of radiometric templates as determined by the comparison to within a predetermined threshold; and generating an output indicating a possible security violation when the digital radiometric data fails to match a radiometric template of the plurality of radiometric templates as determined by the comparison to within the predetermined threshold. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
Specification