skip to main content

Title: Trust in 5G Open RANs through Machine Learning: RF Fingerprinting on the POWDER PAWR Platform
5G and open radio access networks (Open RANs) will result in vendor-neutral hardware deployment that will require additional diligence towards managing security risks. This new paradigm will allow the same network infrastructure to support virtual network slices for transmit different waveforms, such as 5G New Radio, LTE, WiFi, at different times. In this multi- vendor, multi-protocol/waveform setting, we propose an additional physical layer authentication method that detects a specific emitter through a technique called as RF fingerprinting. Our deep learning approach uses convolutional neural networks augmented with triplet loss, where examples of similar/dissimilar signal samples are shown to the classifier over the training duration. We demonstrate the feasibility of RF fingerprinting base stations over the large-scale over-the-air experimental POWDER platform in Salt Lake City, Utah, USA. Using real world datasets, we show how our approach overcomes the challenges posed by changing channel conditions and protocol choices with 99.86% detection accuracy for different training and testing days.  more » « less
Award ID(s):
Author(s) / Creator(s):
; ; ;
Date Published:
Journal Name:
IEEE Global Communications Conference
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. Millimeter wave (mmW) communications is viewed as the key enabler of 5G cellular networks due to vast spectrum availability that could boost peak rate and capacity. Due to increased propagation loss in mmW band, transceivers with massive antenna array are required to meet a link budget, but their power consumption and cost become limiting factors for commercial systems. Radio designs based on hybrid digital and analog array architectures and the usage of radio frequency (RF) signal processing via phase shifters have emerged as potential solutions to improve radio energy efficiency and deliver performances close to the conventional digital antenna arrays. In this paper, we provide an overview of the state-of-the-art mmW massive antenna array designs and comparison among three array architectures, namely digital array, partially-connected hybrid array (sub-array), and fully-connected hybrid array. The comparison of performance, power, and area for these three architectures is performed for three representative 5G downlink use cases, which cover a range of pre-beamforming signal-to-noise-ratios (SNR) and multiplexing regimes. This is the first study to comprehensively model and quantitatively analyze all design aspects and criteria including: 1) optimal linear precoder, 2) impact of quantization error in digital-to-analog converter (DAC) and phase shifters, 3) RF signal distribution network, 4) power and area estimation based on state-of-the-art mmW circuits including baseband digital precoding, digital signal distribution network, high-speed DACs, oscillators, mixers, phase shifters, RF signal distribution network, and power amplifiers. Our simulation results show that the fully-digital array architecture is the most power and area efficient compared against optimized designs for sub-array and hybrid array architectures. Our analysis shows that digital array architecture benefits greatly from multi-user multiplexing. The analysis also reveals that sub-array architecture performance is limited by reduced beamforming gain due to array partitioning, while the system bottleneck of the fully-connected hybrid architecture is the excessively complicated and power hungry RF signal distribution network. 
    more » « less
  2. As 5G networks are gradually rolled out worldwide, it is important to ensure that their network infrastructures are resilient against malicious attacks. This work presents VET5G, a new virtual end-to-end testbed for 5G network security research experiments or training activities such as Capture-The-Flag competitions. The distinguishing features of VET5G include a home-grown 5G core network emulator written in Rust to ensure memory and thread safety, integration of OpenAirInterface’s Radio Access Network emulator and the official Android emulator to achieve full end-to-end 5G network emulation, inclusion of a reference P4 software switch to assist with prototyping of defense mechanisms for 5G data planes, implementation of Python APIs for easy 5G network experimentation, and adoption of JupyterHub to support multi-user experimentation. In our experiments we demonstrate how to use VET5G for two attack scenarios in 5G networks as well as its performance when it is used in a 5G hacking project for a Mobile Systems Security course. 
    more » « less
  3. The accurate identification of wireless devices is critical for enabling automated network access monitoring and authenticated data communication in large-scale networks; e.g., IoT networks. RF fingerprinting has emerged as a potential solution for device identification by leveraging the transmitter unique manufacturing impairments of the RF components. Although deep learning is proven efficient in classifying devices based on the hardware impairments, trained models perform poorly due to channel variations. That is, although training and testing neural networks using data generated during the same period achieve reliable classification, testing them on data generated at different times degrades the accuracy substantially. To the best of our knowledge, we are the first to propose to leverage MIMO capabilities to mitigate the channel effect and provide a channelresilient device classification. For the proposed technique we show that, for Rayleigh channels, blind partial channel estimation enabled by MIMO increases the testing accuracy by up to 40% when the models are trained and tested over the same channel, and by up to 60% when the models are tested on a channel that is different from that used for training. 
    more » « less
  4. Website fingerprinting attacks, which use statistical analysis on network traffic to compromise user privacy, have been shown to be effective even if the traffic is sent over anonymity-preserving networks such as Tor. The classical attack model used to evaluate website fingerprinting attacks assumes an on-path adversary, who can observe all traffic traveling between the user’s computer and the secure network. In this work we investigate these attacks under a different attack model, in which the adversary is capable of sending a small amount of malicious JavaScript code to the target user’s computer. The malicious code mounts a cache side-channel attack, which exploits the effects of contention on the CPU’s cache, to identify other websites being browsed. The effectiveness of this attack scenario has never been systematically analyzed, especially in the open-world model which assumes that the user is visiting a mix of both sensitive and non-sensitive sites. We show that cache website fingerprinting attacks in JavaScript are highly feasible. Specifically, we use machine learning techniques to classify traces of cache activity. Unlike prior works, which try to identify cache conflicts, our work measures the overall occupancy of the last-level cache. We show that our approach achieves high classification accuracy in both the open-world and the closed-world models. We further show that our attack is more resistant than network-based fingerprinting to the effects of response caching, and that our techniques are resilient both to network-based defenses and to side-channel countermeasures introduced to modern browsers as a response to the Spectre attack. To protect against cache-based website fingerprinting, new defense mechanisms must be introduced to privacy-sensitive browsers and websites. We investigate one such mechanism, and show that generating artificial cache activity reduces the effectiveness of the attack and completely eliminates it when used in the Tor Browser 
    more » « less
  5. Deep learning-based device fingerprinting has recently been recognized as a key enabler for automated network access authentication. Its robustness to impersonation attacks due to the inherent difficulty of replicating physical features is what distinguishes it from conventional cryptographic solutions. Although device fingerprinting has shown promising performances, its sensitivity to changes in the network operating environment still poses a major limitation. This paper presents an experimental framework that aims to study and overcome the sensitivity of LoRa-enabled device fingerprinting to such changes. We first begin by describing RF datasets we collected using our LoRa-enabled wireless device testbed. We then propose a new fingerprinting technique that exploits out-of-band distortion information caused by hardware impairments to increase the fingerprinting accuracy. Finally, we experimentally study and analyze the sensitivity of LoRa RF fingerprinting to various network setting changes. Our results show that fingerprinting does relatively well when the learning models are trained and tested under the same settings. However, when trained and tested under different settings, these models exhibit moderate sensitivity to channel condition changes and severe sensitivity to protocol configuration and receiver hardware changes when IQ data is used as input. However, with FFT data is used as input, they perform poorly under any change. 
    more » « less