CSI-RFF: Leveraging Micro-Signals on CSI for RF Fingerprinting of Commodity WiFi

This paper introduces CSI-RFF, a new framework that leverages micro-signals embedded within Channel State Information (CSI) curves to realize Radio-Frequency Fingerprinting of commodity off-the-shelf (COTS) WiFi devices for open-set authentication. The micro-signals that serve as RF fingerprints are termed ``micro-CSI''. Through experimentation, we have found that the presence of micro-CSI can primarily be attributed to imperfections in the RF circuitry. Furthermore, this characteristic signal is detectable in WiFi 4/5/6 network interface cards (NICs). We have conducted further experiments to determine the most effective CSI collection configurations to stabilize micro-CSI. Yet, extracting micro-CSI for authentication purposes poses a significant challenge. This complexity arises from the fact that CSI measurements inherently include both micro-CSI and the distortions introduced by wireless channels. These two elements are intricately intertwined, making their separation non-trivial. To tackle this challenge, we have developed a signal space-based extraction technique for line-of-sight (LoS) scenarios, which can effectively separate the distortions caused by wireless channels and micro-CSI. Over the course of our comprehensive CSI data collection period extending beyond one year, we found that the extracted micro-CSI displays unique characteristics specific to each WiFi device and remains invariant over time. This establishes micro-CSI as a suitable candidate for device fingerprinting. Finally, we conduct a case study focusing on area access control for mobile robots. Our experimental results demonstrate that the micro-CSI-based authentication algorithm can achieve an average attack detection rate close to 99% with a false alarm rate of 0% in both static and mobile conditions when using 20 CSI measurements to construct one fingerprint.

DeepCRF: Deep Learning-Enhanced CSI-Based RF Fingerprinting for Channel-Resilient WiFi Device Identification

This paper presents DeepCRF, a new framework that harnesses deep learning to extract subtle micro-signals from channel state information (CSI) measurements, enabling robust and resilient radio-frequency fingerprinting (RFF) of commercial-off-the-shelf (COTS) WiFi devices across diverse channel conditions. Building on our previous research, which demonstrated that micro-signals in CSI, termed micro-CSI, most likely originate from RF circuitry imperfections and can serve as unique RF fingerprints, we develop a new approach to overcome the limitations of our prior signal space-based method. While the signal space-based method is effective in strong line-of-sight (LoS) conditions, we show that it struggles with the complexities of non-line-of-sight (NLoS) scenarios, compromising the robustness of CSI-based RFF. To address this challenge, DeepCRF incorporates a carefully trained convolutional neural network (CNN) with model-inspired data augmentation, supervised contrastive learning, and decision fusion techniques, enhancing its generalization capabilities across unseen channel conditions and resilience against noise. Our evaluations demonstrate that DeepCRF significantly improves device identification accuracy across diverse channels, outperforming both the signal space-based baseline and state-of-the-art neural network-based benchmarks. Notably, it achieves an average identification accuracy of 99.53% among 19 COTS WiFi network interface cards in real-world unseen scenarios using 4 CSI measurements per identification procedure.

Towards Channel-Resilient CSI-Based RF Fingerprinting using Deep Learning

This work introduces DeepCRF, a deep learning framework designed for channel state information-based radio frequency fingerprinting (CSI-RFF). The considered CSI-RFF is built on micro-CSI, a recently discovered radio-frequency (RF) fingerprint that manifests as micro-signals appearing on the channel state information (CSI) curves of commercial WiFi devices. Micro-CSI facilitates CSI-RFF which is more streamlined and easily implementable compared to existing schemes that rely on raw I/Q samples. The primary challenge resides in the precise extraction of micro-CSI from the inherently fluctuating CSI measurements, a process critical for reliable RFF. The construction of a framework that is resilient to channel variability is essential for the practical deployment of CSI-RFF techniques. DeepCRF addresses this challenge with a thoughtfully trained convolutional neural network (CNN). This network's performance is significantly enhanced by employing effective and strategic data augmentation techniques, which bolster its ability to generalize to novel, unseen channel conditions. Furthermore, DeepCRF incorporates supervised contrastive learning to enhance its robustness against noises. Our evaluations demonstrate that DeepCRF significantly enhances the accuracy of device identification across previously unencountered channels. It outperforms both the conventional model-based methods and standard CNN that lack our specialized training and enhancement strategies.

Physical-Layer Authentication of Commodity Wi-Fi Devices via Micro-Signals on CSI Curves

This paper presents a new radiometric fingerprint that is revealed by micro-signals in the channel state information (CSI) curves extracted from commodity Wi-Fi devices. We refer to this new fingerprint as "micro-CSI". Our experiments show that micro-CSI is likely to be caused by imperfections in the radio-frequency circuitry and is present in Wi-Fi 4/5/6 network interface cards (NICs). We conducted further experiments to determine the most effective CSI collection configuration to stabilize micro-CSI. To extract micro-CSI from varying CSI curves, we developed a signal space-based extraction algorithm that effectively separates distortions caused by wireless channels and hardware imperfections under line-of-sight (LoS) scenarios. Finally, we implemented a micro-CSI-based device authentication algorithm that uses the k-Nearest Neighbors (KNN) method to identify 11 COTS Wi-Fi NICs from the same manufacturer in typical indoor environments. Our experimental results demonstrate that the micro-CSI-based authentication algorithm can achieve an average attack detection rate of over 99% with a false alarm rate of 0%.