Low-rate wireless personal area networks (WPANs) on the IEEE 802.15.4 specification enable energy-efficient connectivity among large numbers of devices. Low implementation costs associated with WPAN interconnectivity has led to widespread adoption, particularly in critical infrastructure and military applications. For instance, ZigBee standards built upon this WPAN foundation operate advanced utility meters, over 65 million of which are deployed in the United States.
Building automation WPANs interface with the smart grid to significantly reduce energy costs through intelligent appliance and lighting control. WPANs are utilized in health care networks, indoor localization, and critical process controls.
With this ubiquity and accessibility comes concerns over data confidentiality, message integrity, and device authentication. Properly securing low-rate WPANs is challenging due to tight resource constraints. WPAN hardware is generally designed to be as inexpensive as possible, and tamper resistance was not an early vendor priority. For example, first and second-generation ZigBee chips were found to be vulnerable to encryption key extraction. Further, flash memory available for application development is typically limited to less than 100 kB, e.g., 48 kB on the TmoteSky mote and 60 kB on the Freescale MC13213. With flash at a premium, some application developer guides discourage the use of security. Security headers increase packet overhead, expending additional wireless transmission energy and presenting a trade-off for WPANs reliant upon battery power. IEEE 802.15.4 leaves security key establishment to higher layers, such as the ZigBee stack, yet the entire WPAN can be compromised if keys are mishandled.
Air Force scientists are beefing up security around WPANs through precise manipulation of the physical layer preamble (or header) – the initial signal used in network communications to synchronize transmission timing between systems. With this approach, when soliciting acknowledgments from wireless devices using a small number of packets with modified preambles, a response pattern identifies the true transceiver class of the device under test. Preamble manipulation enables wireless multi-factor authentication, intrusion detection, and transceiver type fingerprinting
In operation, the standard physical layer (PHY) preamble is modified by the joining device to a preamble that can be received by the coordinating device having an expected hardware configuration. The modified PHY preamble is transmitted to the coordinating device with an association request by the joining device. If a response containing an association response from the coordinating device is not received by the joining device, the hardware configuration of the coordinating device is determined to not be the expected hardware configuration.
- Physical layer augmented device authentication, intrusion detection, and remote device type fingerprinting
- Relatively low transmitter hardware cost
- Simplicity of implementation
- Low computational complexity
- Businesses can productize the technology by licensing US patent 10,111,094
- License fees are negotiable
- TechLink provides no-cost licensing assistance