An official website of the United States government
The proliferation of low-end low-power internet-of-things (IoT) devices in smart environments necessitates secure identification and authentication of these devices via low-overhead fingerprinting methods. Previous work typically utilizes characteristics of the device's wireless modulation (WiFi, BLE, etc.) in the spectrum, or more recently, electromagnetic emanations from the device's DRAM to perform fingerprinting. The problem is that many devices, especially low-end IoT/embedded systems, may not have transmitter modules, DRAM, or other complex components, therefore making fingerprinting infeasible or challenging. To address this concern, we utilize electromagnetic emanations derived from the processor's clock to fingerprint. We present Digitus, an emanations-based fingerprinting system that can authenticate IoT devices at range. The advantage of Digitus is that we can authenticate low-power IoT devices using features intrinsic to their normal operation without the need for additional transmitters and/or other complex components such as DRAM. Our experiments demonstrate that we achieve ≥ 95% accuracy on average, applicability in a wide range of IoT scenarios (range ≥ 5m, non-line-of-sight, etc.), as well as support for IoT applications such as finding hidden devices. Digitus represents a low-overhead solution for the authentication of low-end IoT devices.
more »
« less
This content will become publicly available on January 1, 2026
Revealing Hidden IoT Devices through Passive Detection, Fingerprinting, and Localization
Internet-of-things (IoT) devices (e.g., micro camera and microphone) are usually small form factor, low-cost, and low-power, which makes them easy to conceal and deploy in the indoor environment to spy on people for human private information such as location and indoor activities. As a result, these IoT devices introduce a great privacy and ethical threat. Therefore, it is important to reveal these concealed IoT devices in the indoor environment for human privacy protection. This paper presents RFScan, a system that can passively detect, fingerprint, and localize diverse concealed IoT devices in the indoor environment by sensing their unintentional electromagnetic emanations. However, sensing these emanations is challenging due to the weak emanation strength and the interference from the ambient wireless communication signals. To this end, we boost the emanation strength through the non-coherent averaging based on the emanation signal's characteristics and design a novel suppression algorithm to mitigate interference from the wireless communication signals. We further profile emanations across frequency and time that act as the emanation source's unique signature and customize a deep neural network architecture to fingerprint the emanation sources. Furthermore, we can localize the emanation source with an angle-of-arrival (AoA) based triangulation approach. Our experimental results demonstrate the efficiency of the IoT devices' detection, fingerprinting, and localization across different indoor environments.
more »
« less
- Award ID(s):
- 2232481
- PAR ID:
- 10598545
- Publisher / Repository:
- Privacy Enhancing Technologies Symposium
- Date Published:
- Journal Name:
- Proceedings on Privacy Enhancing Technologies
- Volume:
- 2025
- Issue:
- 1
- ISSN:
- 2299-0984
- Page Range / eLocation ID:
- 184 to 197
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
As next-generation communication services and satellite systems expand across diverse frequency bands, the escalating utilization poses heightened interference risks to passive sensors crucial for environmental and atmospheric sensing. Consequently, there is a pressing need for efficient methodologies to detect, characterize, and mitigate the harmful impact of unwanted anthropogenic signals known as radio frequency interference (RFI) at microwave radiometers. One effective strategy to reduce such interference is to facilitate the coexistence of active and passive sensing systems. Such approach would greatly benefit from a testbed along with a dataset encompassing a diverse array of scenarios under controlled environment. This study presents a physical environmentally controlled testbed including a passive fully calibrated L-band radiometer with a digital back-end capable of collecting raw in-phase/quadrature (IQ) samples and an active fifth-generation (5G) wireless communication system with the capability of transmitting waveforms with advanced modulations. Various RFI scenarios such as in-band, transition-band, and out-of-band transmission effects are quantified in terms of calibrated brightness temperature. Raw radiometer and 5G communication samples along with preprocessed time-frequency representations and true brightness temperature data are organized and made publicly available. A detailed procedure and publicly accessible dataset are provided to help test the impact of wireless communication on passive sensing, enabling the scientific community to facilitate coexistence research and quantify interference effects on radiometers.more » « less
-
Wireless sensing has demonstrated its potential of utilizing radio frequency (RF) signals to sense individuals and objects. Among different wireless signals, LoRa signal is particularly promising for through-wall sensing owing to its strong penetration capability. However, existing works view walls as a bad thing as they attenuate signal power and decrease the sensing coverage. In this paper, we show a counter-intuitive observation, i.e., walls can be used to increase the sensing coverage if the RF devices are placed properly with respect to walls. To fully understand the underlying principle behind this observation, we develop a through-wall sensing model to mathematically quantify the effect of walls. We further show that besides increasing the sensing coverage, we can also use the wall to help mitigate interference, which is one well-known issue in wireless sensing. We demonstrate the effect of wall through two representative applications, i.e., macro-level human walking sensing and micro-level human respiration monitoring. Comprehensive experiments show that by properly deploying the transmitter and receiver with respect to the wall, the coverage of human walking detection can be expanded by more than 160%. By leveraging the effect of wall to mitigate interference, we can sense the tiny respiration of target even in the presence of three interferers walking nearby.more » « less
-
null (Ed.)Widely deployed IoT devices have raised serious concerns for the spectrum shortage and the cost of multi-protocol gateway deployment. Recent emerging Cross-Technology Communication (CTC) technique can alleviate this issue by enabling direct communication among heterogeneous wireless devices, such as WiFi, Bluetooth, and ZigBee on 2.4 GHz. However, this new paradigm also brings security risks, where an attacker can use CTC to launch wireless attacks against IoT devices. Due to limited computational capability and different wireless protocols being used, many IoT devices are unable to use computationally-intensive cryptographic approaches for security enhancement. Therefore, without proper detection methods, IoT devices cannot distinguish signal sources before executing command signals. In this paper, we first demonstrate a new defined physical layer attack in the CTC scenario, named as waveform emulation attack, where a WiFi device can overhear and emulate the ZigBee waveform to attack ZigBee IoT devices. Then, to defend against this new attack, we propose a physical layer defensive mechanism, named as AuthCTC, to verify the legitimacy of CTC signals. Specifically, at the sender side, an authorization code is embedded into the packet preamble by leveraging the dynamically changed cyclic prefix. A WiFi-based detector is used to verify the authorization code at the receiver side. Extensive simulations and experiments using off-the-shelf devices are conducted to demonstrate both the feasibility of the attack and the effectiveness of our defensive mechanism.more » « less
-
mmWave signals form a critical component of 5G and next-generation wireless networks, which are also being increasingly considered for sensing the environment around us to enable ubiquitous IoT applications. In this context, this paper leverages the properties of mmWave signals for tracking 3D finger motion for interactive IoT applications. While conventional vision-based solutions break down under poor lighting, occlusions, and also suffer from privacy concerns, mmWave signals work under typical occlusions and non-line-of-sight conditions, while being privacy-preserving. In contrast to prior works on mmWave sensing that focus on predefined gesture classification, this work performs continuous 3D finger motion tracking. Towards this end, we first observe via simulations and experiments that the small size of fingers coupled with specular reflections do not yield stable mmWave reflections. However, we make an interesting observation that focusing on the forearm instead of the fingers can provide stable reflections for 3D finger motion tracking. Muscles that activate the fingers extend through the forearm, whose motion manifests as vibrations on the forearm. By analyzing the variation in phases of reflected mmWave signals from the forearm, this paper designs mm4Arm, a system that tracks 3D finger motion. Nontrivial challenges arise due to the high dimensional search space, complex vibration patterns, diversity across users, hardware noise, etc. mm4Arm exploits anatomical constraints in finger motions and fuses them with machine learning architectures based on encoder-decoder and ResNets in enabling accurate tracking. A systematic performance evaluation with 10 users demonstrates a median error of 5.73° (location error of 4.07 mm) with robustness to multipath and natural variation in hand position/orientation. The accuracy is also consistent under non-line-of-sight conditions and clothing that might occlude the forearm. mm4Arm runs on smartphones with a latency of 19 ms and low energy overhead.more » « less
