Device Fingerprinting for Authentication
Total Page:16
File Type:pdf, Size:1020Kb
ELECO 2018, Elektrik-Elektronik ve Biyomedikal Mühendisliği Konferansı 30 Kasım-1 Aralık 2018 Device Fingerprinting for Authentication Zulfidin Khodzhaev Cem Ayyildiz Gunes Karabulut Kurt Istanbul Technical University GOHM North Campus Technopark Istanbul Technical University Istanbul, Turkey Bogazici University Istanbul, Turkey [email protected] [email protected] [email protected] Abstract —Device fingerprinting is a technique that is used to others; accelerometers, gyroscopes and magnetometers which identify and authenticate a device. Different methods are used are called as MEMS components; LCD screen, microphone for this purpose; imperfections of built-in components of the and loudspeaker [2]. device and radio frequency (RF) emissions of the device can be used for authentication. The device can be tested internally There are privacy risks based on these techniques and they or externally; externally is more reliable. Transmission control will be discussed in the next section. Techniques that are protocol is a preferred method of authentication due to its used in device fingerprinting by analyzing these components reliability in precision which is intrinsic for device functionality are discussed in the next section. Mobile phones and other and has unique characteristics for every device. In this paper, devices can be investigated and authenticated using different different techniques on device fingerprinting was analyzed, the techniques based on extraction and analysis of the signal technique based on Transmission control protocol with data transfer rates was tested and the comparison between different obtained from a device either externally or internally. mobile devices was visualized. One of the ways of analyzing signal obtained from a Keywords—Fingerprint, MAC, timestamps, TCP. device is using display of the device,and for this purpose capacitive touchscreen can be used with 99.5 % precision in identification [4]; radio frequency emission of the screen can I. INTRODUCTION be used with the best performance shown by Support Vector Device fingerprinting is a technique used to identify and Machine (SVM) with 98.9 % accuracy on classification of distinguish one brand or model of device from another brand devices [5]. Another way of device fingerprinting is using or model by means of device’s hardware and software config- emissions generated by the components of the device and uration [1]. Usually, tiny differences in the electronic parts of unauthorized devices that try to connect to a network can a device is called fingerprints and those components can be be identified by Radio Frequency-Distinct Native Attribute used for the identification of a mobile phone. It is possible to (RF-DNA) information of malicious device; signal can be analyze those parts if they can generate observable characteris- classified using Fisher based Multiple Discriminant Analysis tics that can be collected and analyzed with a reasonable level and by using Maximum Likelihood with 85 % success rate [6] of precision. Analyzing digital outputs of these differences in and spoofing attacks can be prevented by using Generalized devices such as a mobile phone, gives a way to authenticate Relevance Learning Vector Quantization-Improved (GRLVQI) the device; it can also be used to track the device and its user classifier with 100 % accuracy [6]. which is a privacy risk for an individual using that device [2]. There is also another approach on device fingerprinting Authentication is the process of verifying the identity of a using an external system - medium access control and TCP device and built-in accelerometer or RF emission can be used layer testing. For the former case, difference in timing like for this matter. The most secure methods of authentication clock skews over Wireless Local Area Network (WLAN) is is by investigating fingerprints of the device’s components used to identify and validate a device which can pose a thread which are hard to clone. Device authentication is needed to to user since it doesn’t require any permission. For the latter be secure from counterfeiting and intellectual property rights case, timestamps of Transport Communication Protocol from violation of electronics devices [3]. Fingerprints produced by RFC 1323 is analyzed for fingerprinting and it also creates the components of the device can be obtained internally or privacy risks since there is no cooperation with the device or externally. In the former case, the counterfeited device can any permission from the device. create fabricated fingerprints; the latter case is more effective Another approach on device fingerprinting targets measur- while analyzing compromised device. ing clock drift of a device compared to GNSS and one way is Components that can be used to identify and analyze device to use Georgia Tech ID (GTID) method which processes signal fingerprint are: RF components for sending and receiving coming from a device using statistical techniques by analyzing different cellular communication standards and short range the network in time; another way is by using radio frequency communication such as GSM, UMT, LTE, Bluetooth and Wi- (RF) oscillator of a device, variations in phased locked loops’ Fi; digital cameras that exist in every modern cellular phone; phase noise is used to extract device fingerprint and analyze Global Navigation Satellite Systems (GNSS) receiver which them as a reliable method since the user can not modify it. is used to process signal from GPS, GLONAS, Galileo and The proposed approach is based on performance of the TCP layer of mobile phones against the data transfer. The performance of each device will be uniquely characteristic 978- 605- 01- 1240- 5/sk 2018 722 193 ELECO 2018, Elektrik-Elektronik ve Biyomedikal Mühendisliği Konferansı 30 Kasım-1 Aralık 2018 and the difference will be graphed for visual representation. Global System for Mobile Communication, Universal Mobile In our method, the Transmission Control Protocol (TCP) with Telecommunication System. Each component or communica- data transfer rates were tested and the obtained data was fed tion standard has its own imperfections and tiny differences into a k-nearest neighbors algorithm. The difference between which can be intrinsic or can be observed while performing different devices was visualized. any task; these small variations present a distinction between components or communication standards available in a device. II. DEVICE FINGERPRINTING TECHNIQUES Component imperfections can be used to classify or distinguish between devices. Gaussian Minimum Shift Keying is used Device can be analyzed by using digital output of compo- in Global System for Mobile Communication networks and nents of the device. Signal obtained from an analysis of device signals coming from Gaussian Minimum Shift Keying can components can be processed by an external or an internal be used as a Radio Frequency fingerprint of a device; these system. External system uses RF emissions that comes from emitted signals can be classified to identify a device which in components of a device, to analyze and process the signal. On turn can provide physical layer security [7]. the other hand, internal system will be connected to the device and data will be extracted from a device and then it will be Also, there is a security concern on wireless application processed. Privacy risks that arise from outside analysis of a protocols access points; unauthorized devices can try to con- device are mainly based on RF emissions; other components nect to the network or a device can try to masquerade as of the device i.e. screen, loudspeaker are difficult to track. another device by falsifying data. Devices that try to connect to a network without authorization can be identified by Radio Frequency-Distinct Native Attribute (RF-DNA) information A. Device fingerprinting by using an external system coming from unauthorized machine. Radio Frequency-Distinct One of the techniques used in device fingerprinting is Native Attribute fingerprint is specific to a device due to executed by an external system using display of the device. implementation of the hardware or component type; these Display of a device can be used to authenticate the device by fingerprints can be classified using Fisher based Multiple measuring amount of the pressure that a person delivers to Discriminant Analysis and by using Maximum Likelihood. the capacitive touchscreen panel thus identification based on Classification of the fingerprint of a device gives an approach features of the body will be achieved; device fingerprinting to compare the received Radio Frequency-Distinct Native At- technique based on capacitive touchscreen panel using an tribute with the stored reference information; this comparison external system in display of the device is a method that gives out the device that is included in to the dataset which in identifies users with 99.5 % of precision [4]. turn provides authentication of a device. By using Generalized Relevance Learning Vector Quantization-Improved (GRLVQI) Fingerprinting technique using display of the device also classifier, spoofing attacks were detected with 100 % success makes possible for a device to be identified by their screens’ rate and when Fisher based Multiple Discriminant Analysis Radio Frequency emissions; there is a possibility of using and Maximum Likelihood was used to detect unauthorized Artificial Neural Network and SVM for identification of radio devices, the success rate of detection was 85 % [6]. frequency emission of the devices’ screen since