HidePrint: Protecting Device Anonymity by Obscuring Radio Fingerprints

TL;DR

This work reframes radio-frequency fingerprinting as a privacy threat and introduces HidePrint, a transmitter-side defense that injects controlled noise into the baseband to mask device fingerprints without harming communications. The method, validated on both wired and wireless links, uses image-based DL (CNNs and autoencoders) to demonstrate that a noise level of at least $0.02$ in normalized terms fully disrupts fingerprinting with negligible ($≈0.1$ dB) SNR loss. It considers two adversary models—one with access to all-device fingerprints and one targeting a single device—and shows HidePrint robustly prevents de-anonymization under both, across scenarios. Additionally, it proposes selective fingerprint disclosure, enabling trusted receivers to authenticate while excluding unauthorized listeners by sharing per-slot noise seeds, with offline model planning and strong practical performance in Monte Carlo tests. Overall, the approach offers a practical path to privacy-preserving RF communications and controlled RFF deployment in real-world networks.

Abstract

Radio Frequency Fingerprinting (RFF) techniques allow a receiver to authenticate a transmitter by analyzing the physical layer of the radio spectrum. Although the vast majority of scientific contributions focus on improving the performance of RFF considering different parameters and scenarios, in this work, we consider RFF as an attack vector to identify a target device in the radio spectrum. \\ We propose, implement, and evaluate {\em HidePrint}, a solution to prevent identification through RFF without affecting the quality of the communication link between the transmitter and the receiver. {\em HidePrint} hides the transmitter's fingerprint against an illegitimate eavesdropper through the injection of controlled noise into the transmitted signal. We evaluate our solution against various state-of-the-art RFF techniques, considering several adversarial models, data from real-world communication links (wired and wireless), and protocol configurations. Our results show that the injection of a Gaussian noise pattern with a normalized standard deviation of (at least) 0.02 prevents device fingerprinting in all the considered scenarios, while affecting the Signal-to-Noise Ratio (SNR) of the received signal by only 0.1 dB. Moreover, we introduce {\em selective radio fingerprint disclosure}, a new technique that allows the transmitter to disclose the radio fingerprint to only a subset of intended receivers.

Figures (15)

• Figure 1: Adversary model. We consider two realistic assumptions: (i) the adversary owns a model containing features from all the devices in the pool ($\mathcal{A}_1$) and wants to de-anonymize any device, and (ii) the adversary owns a model containing features from one only device ($\mathcal{A}_2$) and wants to detect its presence in the radio spectrum.
• Figure 2: A toy example of our HidePrint solution: the device fingerprint is removed from the clear signal (green area) by adding random noise, thus obtaining the signal dispersed in the red area (signal reshaped by HidePrint).
• Figure 3: We use 10 transmitters (USRP B200-mini-i) connected (one per time) to the receiver (USRP X410). We consider two scenarios: a wired connection between the transmitter and the receiver (green) and a wireless link with two Vert900 antennas (red). For both, we use 30dB attenuation.
• Figure 4: We split the data collected (IQ samples) into chunks of $10^5$ samples and organized them in one only cloud, i.e., the left cloud of the BPSK modulation is mirrored on the right side. We then compute a bi-variate histogram and consider the output as an image, ready to be processed by a DL algorithm.
• Figure 5: Adversary $\mathcal{A}_1$ training on noise-free samples and testing on measurements with noise greater than zero. The adversary trains a model with 10 classes (one for each transmitter) on measurements with no noise and then is challenged to identify the transmitter.