Using an RTL-SDR, RF Fingerprinting and Deep Learning to Authenticate RF Devices

Every device that transmits radio waves has a unique and identifiable RF fingerprint which occurs due to the very slightly variations in the hardware manufacturing process. This means that devices using identical transmitters of the same make and model can still be differentiated from one another.

Nihal Pasham has been using this knowledge as a way to securely identify IoT sensors and other RF devices like car keyfobs. The idea is that these unique RF fingerprints are immune to authentication spoofing which could be used to create a fake transmitter with fake data. He suggests that RF fingerprinting could be used as an additional authentication check for low cost IoT devices with only basic security.

In order to recognize the minute differences in the RF fingerprints of different devices Nihal notes that a good pattern detection algorithm is required, and that a deep learning neural network fits the bill. Using neural network software Tensorflow, and an RTL-SDR for signal acquisition, he was able to train a proof of concept neural model that was able to classify two test transmitters with 97% accuracy.

Training a Deep Learning Neural Network with an RTL-SDR for RF Fingerprinting
Training a Deep Learning Neural Network with an RTL-SDR for RF Fingerprinting

In the past we've seen similar experiments by Oona Räisänen who used an RTL-SDR to fingerprint several hand held radios heard on the air via small variances in the power and frequencies of each radio's CTCSS tone. Using simple clustering techniques she was able to determine exactly who was transmitting based upon the unique CTCSS.

In a somewhat similar fashion, Disney Research has also been working on a RF fingerprinting technique that uses an RTL-SDR based wrist watch to identify what particular electronic devices the wearer is touching.

Tweet
Share
Reddit
Vote
Email

LimeRFE WSPR Tests

The LimeRFE is a power amplifier and filter bank solution designed for the low cost TX capable LimeSDR software defined radios. It has multiple bands from HF all the way up to 3.5 GHz, and is capable of putting out about 2W on the HF bands. Currently LimeRFE is crowdfunding over on CrowdSupply with a cost of US$599 or alternatively there is now a cheaper unit for US$449 without support for the cellular bands. The campaign is active for 4 more days from the time of this post, and after that the price is due to rise by another US$100.

The team at LimeMicro sent a unit to Daniel Estévez (EA4GPZ) for testing, and he has recently posted about his results and thoughts when using the LimeRFE for WSPR transmission with a 15m long wire antenna. Daniel connected his LimeRFE to his LimeSDR and used WSJT-X piped into SDRAngel via Pulseaudio to transmit WSPR on the 10m band. He notes that for lower bands, the LimeRFE will still need additional low pass filtering to attenuate harmonics. SDRAngel cannot yet control the LimeRFE so he also created a simple Python script for this purpose.

Unfortunately Daniel's unit only achieved 25dBm instead of the advertised 33dB, but in LimeMicro's post they note that they believe that this is due to shipping damage. However, even with only 0.3W power, Daniel's transmissions from Madrid were able to be picked up in the Canary Islands, Netherlands and Northern England.

WSPR Range with a LimeRFE (reduced 0.3W output)
WSPR Range with a LimeRFE (reduced 0.3W output)
Tweet
Share
Reddit
Vote
Email

Using SDR For QO-100 Satellite Operation

Es’hailsat, otherwise known as QO-100 is the first geostationary satellite with an amateur radio payload on-board. The satellite contains both a Wide Band transponder for experimental modes and DVB-S Digital Television and a Narrow Band transponder used mostly for SSB voice and some digital mode contacts with other amateur operators. If you’re unfamiliar with this satellite we’ve covered it in previous articles, like in [Es’hail Transponder Now Active]

While many choose to use a transverter connected to a traditional amateur transceiver, others have turned to use Software Defined Radios to complete their satellite ground stations.

[Radio Innovation] posted a video back in March showing his contact on QO-100 using a LimeSDR Mini as the 2.4 GHz transmitter and a 10 GHz LNB for the downlink.

The PlutoSDR has been frequently seen used for QO-100 satellite operation on the Wide Band transponder due to its ease of DVB-S transmission utilizing software such as [DATV Express] but more recently there have been more and more operators turning to SDR for their day to day satellite operation.

It will be interesting to see how these stations evolve, perhaps by the time North America has access to a similar satellite, we’ll be prepared to operate it.

Tweet
Share
Reddit
Vote
Email

Updated Meteor M-N2-2 Tutorial and Decoder Now Available

Thank you to Happysat for submitting the following information about the updated LRPT decoder for Meteor M-N2-2. He has also provided a link to his very useful Meteor Satellite reception tutorial.

Today the official LRPT-Decoder V42 ready for release :)

Before we did use a older internal debug version from 2014, because this one was still in development.

This version 42 of LRPTDecoder will work with both Meteor M-N2 and Meteor M-N2-2.

Example ini configuration files for other modes are attached in the archive.

http://happysat.nl/LRPT_Decoder_v42.rar

Howto overhere http://happysat.nl/Setup_Meteor/Setup.html

Author of LRPT_Decoder is Oleg ROBONUKA.

The new Meteor M-N2-2 Decoder + Sample Image
The new Meteor M-N2-2 Decoder + Sample Image
Tweet
Share
Reddit
Vote
Email

Kickstarter for a Lower Cost Laboratory Grade RF Broadband Noise Generator

UPDATE: John wanted to add the following clarification:

In the article you wrote, you suggest that the two noise generators are equivalent. This is not the case. The noise generator you mentioned generates "Thermal Noise". Mine generates "Shot Noise".

The Zener in the generator you mentioned, contributes zero noise in the Gigahertz spectrum. Whereas mine generates Shot Noise roughly 20 db higher than the thermal noise floor all across the range.

The physics and the mathematics are as different as night and day.

Thank you to John Jackson from Jackson Research for writing in and sharing his Kickstarter for a laboratory grade RF broadband noise generator. John notes that he's discovered a semiconductor that is much cheaper than the expensive avalanche diodes used in other high end noise sources. This semiconductor has allowed him to create a noise source that works from 40 MHz up to 6 GHz. The target output power is 0 dB, with a flatness of less than 2 dBm over the entire bandwidth.

A noise source is useful for SDR/radio experiments as it is used in many applications such as scalar network analyzers, filter response measurements, satellite tuning, cellphone network tuning, antenna VSWR measurements, amplifier noise measurements and in jammers. If you're interested we have a previously posted tutorial about using an RTL-SDR and noise source for filter characterization and antenna VSWR measurements.

John is fundraising via Kickstarter in order to help fund development of the final product. The pricing is currently US$500. This might seem high, but John notes that comparable professional noise sources start at US$3,500 and go up to US$30,000. John writes:

There are a number of laboratory grade RF Noise generators on the market. They are all extremely expensive ranging in the thousands of dollars. This is beyond the reach of most individuals. In contrast, there are some low cost RF noise generator schematics floating around the Internet which are all based upon Zener diodes.

The problem with Zener diodes is the noise bandwidth. All the circuits I have seen have cutoff frequencies in the Megahertz range. The one noise circuit I saw used in the Gigahertz range was actually amplifier noise and had problems due to the several stages of amplification.

The alternative to Zener diodes is the avalanche diode specifically designed as a RF noise generator. These devices are difficult to acquire and have very high prices which often exceed the entire cost of all the parts and components needed to build the instrument.

Professor Jackson at Jackson Research has discovered a semiconductor that generates RF noise like an avalanche noise diode into the Gigahertz range, but at Zener diode prices. He has raw laboratory data and now needs to build up a professional grade instrument. To achieve this goal, he has launched a new KickStarter fund raiser to build up a number of units.

Jackson Research Laboratory Grade Broadband RF Noise Source
Jackson Research Laboratory Grade Broadband RF Noise Source
Tweet
Share
Reddit
Vote
Email

YouTube Video: Information Packed Introduction to SDR

Over on YouTube Nick Black has uploaded a video where he does a good introduction to software defined radio (SDR), SDR history, how SDR works, various SDR concepts like sampling and bandwidth, different SDR hardware, the SDR Linux stack and reverse engineering wireless signals.

The information is presented fast and densely, so it may be a bit hard to follow for newbies, but if you already have some experience with SDR it may be a good video that helps tie everything together and fill in some gaps. Nick also has a Wiki where he's documented some of what is said in the video.

DANKTECH 001: Software-defined Radios

 

Tweet
Share
Reddit
Vote
Email

PiSDR Image Gains PlutoSDR Support

[@Lugigi Cruz] has announced on twitter that his latest PiSDR image now includes full PlutoSDR support. PiSDR is a pre-built Raspberry Pi distribution that supports several SDRs including the RTL-SDR. It comes with many applications and libraries ready for you to use some of which include GQRX and GNURadio Companion. PiSDR is available on [GitHub] and just needs to be burned to an SD card to be used. The PlutoSDR is a low cost (typically priced anywhere between $99 – $149 depending on sales) RX/TX capable SDR with up to 56 MHz of bandwidth and a 70 MHz to 6 GHz frequency range.

With this update support for the PlutoSDR has been added. This should allow for a host of new interesting uses for the image as it includes SDRAngel, an SDR application that works with transmit capable SDRs. While I’ve not yet tested the image myself, this should in theory mean that the PiSDR image could be used with a transmit capable SDR like a PlutoSDR or Lime/Mini SDR to both transmit and receive anything from DATV to voice and more.

Below you can see the image running the Raspbian desktop with the SDRAngel software connected to the PlutoSDR. Those with a keen eye may also see the LimeSDR mini laying on the desk s well. The concept of SDR on a small microcomputer such as the Raspberry Pi isn’t a new one, but the existence of this distribution makes it much easier for people to jump in and start using it without having to configure and install software from scratch which can sometimes be a daunting task.

Tweet
Share
Reddit
Vote
Email

Hackaday Looks back on Seven Years of RTL-SDR

Hackaday is a very popular blog that summarizes and aggregates all sorts of content related to hardware, electronics and software projects (just like we do with SDR content). Over the years Hackaday have featured RTL-SDR related projects several times, and in their latest post Tom Nardi reminisces on the seven years since RTL-SDRs became a thing.

Tom talks about how RTL-SDR has evolved since 2012, and how they've kicked off a revolution in the SDR world. He goes on to mention how the hardware and software has improved, mentioning our RTL-SDR Blog V3 units and software like GQRX and Universal Radio Hacker.

At RTL-SDR.COM we're looking forward to where the next seven years of low cost SDR takes us!

Hackaday's Image of our RTL-SDR Blog V3 Dongle.
Hackaday's Image of our RTL-SDR Blog V3 Dongle.
Tweet
Share
Reddit
Vote
Email