EM-ID: RTL-SDR based Tag-Less ID of Electrical Devices via Eletromagnetic Emissions
Back in November 2015 we posted about Disney Research’s EM-Sense which was an RTL-SDR based smart watch that was able to actually sense and detect the exact (electronic) object the wearer was touching. It worked by using the RTL-SDR to detect the specific electromagnetic emission signature given off by various different electronic devices.
Now Disney research has just released a new paper titled “EM-ID: Tag-less Identification of Electrical Devices via Electromagnetic Emissions”. In this paper the authors describe an RTL-SDR based system which serves as a replacement for RFID tags and readers. RFID (Radio Frequency ID) tags can be used in place of standard barcodes when placed on items as a means for easy inventory and asset tracking. An RFID tag is faster and easier to read than a barcode, but the individual cost of the tag has prevented its widespread adoption.
The Disney research team have put forward the idea that a low cost SDR like the RTL-SDR can be used in place of RFID tags when they would have been used to identify electronic devices. The idea is that the SDR can be used to read the electromagnetic emissions of the electronic device, which can then be used to identify the item, thus eliminating the need for an RFID tag or barcode. Their abstract reads:
Radio Frequency Identification technology has greatly improved asset management and inventory tracking. However, for many applications RFID tags are considered too expensive compared to the alternative of a printed bar code, which has hampered widespread adoption of RFID technology.
To overcome this price barrier, our work leverages the unique electromagnetic emissions generated by nearly all electronic and electromechanical devices as a means to individually identify them. This tag-less method of radio frequency identification leverages previous work showing that it is possible to classify objects by type (i.e. phone vs. TV vs. kitchen appliance, etc). A core question is whether or not the electromagnetic emissions from a given model of device, is sufficiently unique to robustly distinguish it from its peers.
We present a low cost method for extracting the EM-ID from a device along with a new classification and ranking algorithm that is capable of identifying minute differences in the EM signatures. Results show that devices as divers as electronic toys, cellphones and laptops can all be individually identified with an accuracy between 72% and 100% depending on device type.
While not all electronics are unique enough for individual identifying, we present a probability estimation model that accurately predicts the performance of identifying a given device out of a population of both similar and dissimilar devices. Ultimately, EM-ID provides a zero cost method of uniquely identifying, potentially billions of electronic devices using their unique electromagnetic emissions.
In the paper we can see that the EM-ID hardware is essentially just a direct sampling modified RTL-SDR and antenna. The RTL-SDR is modified to use direct sampling as this allows it to receive 0 – 28 MHz, and thus 0 – 500 kHz where the most useful EM emissions exist. The system process is to basically scan the device using the antenna and RTL-SDR, extract features such as power peaks from the recorded EMI spectrum and then turn this data into a device signature which can then be used to compare against a database of previously recorded and known device signatures. (e.g. light bulb, iPhone).
This can be used to distinguish original devices from fake.
I see two problems with this
One is device aging (the same device will appear as a different device if measured a year apart) and the
second is power on time. A device that has been powered on 1 minute will appear to be different that a device that has been powered on for an hour.
But maybe Disney plan to index every device every day.
The paper does deal with that to some extent in Section III. MITIGATING EM-ID READER VARIATIONS and Section VI. EXPERIMENTAL RESULTS AND PERFORMANCE. The approach is probabilistic in nature. It is a fascinating read and a wonderful application of the RTL-SDR.