Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

An Adversarial-Driven Experimental Study on Deep Learning for RF Fingerprinting

Xinyu Cao, Bimal Adhikari, Shangqing Zhao, Jingxian Wu, Yanjun Pan

TL;DR

The paper investigates security vulnerabilities of DL-based RF fingerprinting by conducting adversarial experiments with replay and naive impersonation attacks in a controlled in-lab setup. It shows that domain shifts cause consistent misclassification, which attackers can exploit to impersonate legitimate devices, and that training on raw IQ signals entangles hardware fingerprints with environmental cues, creating additional attack vectors. Post-hoc defenses based on softmax confidence fail to mitigate these risks, indicating that robust RF fingerprinting requires carefully designed signal preprocessing and hybrid models that disentangle device-specific signatures from ambient artifacts. Together, these findings highlight significant security implications for deploying RF fingerprinting in zero-trust and beyond-5G networks and point to concrete directions for safer, more reliable fingerprinting approaches.

Abstract

Radio frequency (RF) fingerprinting, which extracts unique hardware imperfections of radio devices, has emerged as a promising physical-layer device identification mechanism in zero trust architectures and beyond 5G networks. In particular, deep learning (DL) methods have demonstrated state-of-the-art performance in this domain. However, existing approaches have primarily focused on enhancing system robustness against temporal and spatial variations in wireless environments, while the security vulnerabilities of these DL-based approaches have often been overlooked. In this work, we systematically investigate the security risks of DL-based RF fingerprinting systems through an adversarial-driven experimental analysis. We observe a consistent misclassification behavior for DL models under domain shifts, where a device is frequently misclassified as another specific one. Our analysis based on extensive real-world experiments demonstrates that this behavior can be exploited as an effective backdoor to enable external attackers to intrude into the system. Furthermore, we show that training DL models on raw received signals causes the models to entangle RF fingerprints with environmental and signal-pattern features, creating additional attack vectors that cannot be mitigated solely through post-processing security methods such as confidence thresholds.

An Adversarial-Driven Experimental Study on Deep Learning for RF Fingerprinting

TL;DR

The paper investigates security vulnerabilities of DL-based RF fingerprinting by conducting adversarial experiments with replay and naive impersonation attacks in a controlled in-lab setup. It shows that domain shifts cause consistent misclassification, which attackers can exploit to impersonate legitimate devices, and that training on raw IQ signals entangles hardware fingerprints with environmental cues, creating additional attack vectors. Post-hoc defenses based on softmax confidence fail to mitigate these risks, indicating that robust RF fingerprinting requires carefully designed signal preprocessing and hybrid models that disentangle device-specific signatures from ambient artifacts. Together, these findings highlight significant security implications for deploying RF fingerprinting in zero-trust and beyond-5G networks and point to concrete directions for safer, more reliable fingerprinting approaches.

Abstract

Radio frequency (RF) fingerprinting, which extracts unique hardware imperfections of radio devices, has emerged as a promising physical-layer device identification mechanism in zero trust architectures and beyond 5G networks. In particular, deep learning (DL) methods have demonstrated state-of-the-art performance in this domain. However, existing approaches have primarily focused on enhancing system robustness against temporal and spatial variations in wireless environments, while the security vulnerabilities of these DL-based approaches have often been overlooked. In this work, we systematically investigate the security risks of DL-based RF fingerprinting systems through an adversarial-driven experimental analysis. We observe a consistent misclassification behavior for DL models under domain shifts, where a device is frequently misclassified as another specific one. Our analysis based on extensive real-world experiments demonstrates that this behavior can be exploited as an effective backdoor to enable external attackers to intrude into the system. Furthermore, we show that training DL models on raw received signals causes the models to entangle RF fingerprints with environmental and signal-pattern features, creating additional attack vectors that cannot be mitigated solely through post-processing security methods such as confidence thresholds.

Paper Structure

This paper contains 16 sections, 1 equation, 5 figures, 2 tables.

Table of Contents

  1. Introduction
  2. Background and Motivation
  3. Input/Output Modeling with RF Fingerprints
  4. Vulnerability Analysis
  5. System and Threat Models
  6. RF Fingerprint-based Device Identification Systems
  7. Threat Model
  8. In-Lab Experimental Setup
  9. Performance Evaluation
  10. Classifier Architecture
  11. Experiment Results
  12. Consistent misclassification behavior during domain shifts
  13. Entangled feature maps
  14. Thresholding CNN with softmax confidence is insufficient
  15. Discussion
  16. ...and 1 more sections

Figures (5)

  • Figure 1: Illustration of typical performance of CNN-based device identification systems for four devices: (a) trained at time $t_1$ and location $l_1$; (b) tested at a different time ($t_2$) or location ($l_2$).
  • Figure 2: The investigated CNN-based RF fingerprinting architecture.
  • Figure 3: Confusion matrix showing the classification accuracy of the CNN model trained on TrS 1: (a) tested on TeS 1; (b) tested on AS 1.
  • Figure 4: Correlation coefficient matrix for each communication pair: (a) between TrS 1 & TeS 1; (b) between TrS 1 & AS 1.
  • Figure 5: Confusion matrix showing the classification accuracy of the CNN model trained on TrS 2: (a) tested on TeS 2; (b) tested on AS 2.