Professional Documents
Culture Documents
A Review of Radio Frequency Fingerprinting Techniques - 2020
A Review of Radio Frequency Fingerprinting Techniques - 2020
fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JRFID.2020.2968369, IEEE Journal
of Radio Frequency Identification
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 1
[3, 10], cloning detection [11, 12] and secure localization [13].
Abstract—Radio frequency (RF) fingerprinting techniques have The most important merit of using physical imperfection as a
been used as an extra security layer for wireless devices. Unique signature for identification is that it is hard to spoof the
fingerprints are used to identify wireless devices in order to avoid signature by using other wireless devices [14-16]. Wireless
spoofing or impersonating attacks. These unique features can be
platforms for device identification using physical layer include
extracted from imperfections of analog components during the
manufacturing. This paper presents a general review of recent HF RFID transponders, UHF RFID transponders [17], VHF
progress on RF fingerprinting techniques. Several studies are transmitters and IEEE 802.11 transceivers [18, 19].
investigated for RF fingerprinting using different parts of a signal. The main stages of wireless device identification system
The majority of these studies have been focused on the transient based on RF fingerprinting are capturing signals, feature
part of the signal. For this purpose, the transient signal must be extraction, and classification. After capturing signals, it is
extracted precisely. A number of common techniques of transient
necessary to extract unique features from different parts of the
extraction are theoretically analyzed in this review. Then, some
other approaches using the modulated part of the signal are also signal. RF feature extraction is a serious concern in related
discussed. For all these approaches, the applied methodologies, the works. RF fingerprinting based on the steady-state part of signal
classification algorithms and a taxonomy of features are described. extracts features from the modulated part of the signal and can
A comprehensive overview of the methods in RF fingerprinting is exploit prior information about the known signals [20]. On the
presented to demonstrate the state-of-the-art works. other hand, transient based RF fingerprinting extracts
fingerprints from the transient part of signals. The essential part
Index Terms—Radio frequency, PHY layer security, transient-
based fingerprinting, steady-state based, transient detection
of transient based approaches is to detect the transient signal
correctly.
I. INTRODUCTION The transient signal is generated from the change of the
transmitter’s status [21]. The challenge of transient detection is
W ireless devices are traditionally identified by some
unique RF fingerprints caused by radio circuitry. There
are several forms of attacks for the wireless network; an
to find the exact position of the start point of the signal from
channel noise. This survey investigates common techniques for
transient extraction and their advantages and disadvantages in
impersonation attack is one of the most important and
detail.
threatening [1]. In this kind of attack, an attacker can copy most
The most challenging work in practical deployment of RF
of the identification information like the password and Media
fingerprinting is to use low-end devices instead of high-end
Access Control (MAC) address to spoof devices [2]. The radio
devices. Researchers consider different aspects of this research
frequency fingerprinting (RFF) from the unique features of
such as: 1) analysis and discussion of the practical limits that
electromagnetic waves emitted by the transmitter is unique [3-
low-end devices have for RFF, 2) understanding the effects of
5].
channel impairments on the classification efficiency [22].
In this review, we focus on methods that identify wireless
The main goal of this paper is to provide a comprehensive
devices by unique fingerprints that are called physical layer
review of radio frequency fingerprinting systems and methods.
device identification. Physical layer identification is the process
In this paper we discuss in depth classifications of radio
of fingerprinting the wireless device by extracting features due
frequency fingerprinting especially transient based algorithms.
to hardware imperfections in the analog circuitry [6]. These
We also discuss important methods of transient extraction.
hardware imperfections appear during the manufacturing
The rest of the paper is organized as follows: Section II
process. Physical layer device identification has been used for
provides a background of physical layer security and how
different purposes like intrusion detection [7-9], access control
N. Soltanieh is with the Department of Electrical Engineering, Amirkabir Y. Yang is with the School of Electrical and Data Engineering, University
University of Technology, Tehran 1591634311, Iran (e-mail: of Technology Sydney, Ultimo NSW 2007, Australia (e-mail: Yang.Yang-
n_soltanieh@aut.ac.ir) and also she is visitor student at School of Electrical and 1@uts.edu.au).
Data Engineering, University of Technology Sydney, Ultimo NSW 2007, Nemai Chandra Karmakar is with the Department of Electrical and
Australia (e-mail: naeimeh.soltanieh@uts.edu.au). Computer Systems Engineering, Monash University, 3800 Vic., Australia (e-
Y. Norouzi is with the Department of Electrical Engineering, Amirkabir mail: Nemai.Karmakar@eng.monash.edu.au).
University of Technology, Tehran 1591634311, Iran (e-mail:
y.norouzi@aut.ac.ir).
2469-7281 (c) 2019 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
Authorized licensed use limited to: Auckland University of Technology. Downloaded on May 25,2020 at 15:23:14 UTC from IEEE Xplore. Restrictions apply.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JRFID.2020.2968369, IEEE Journal
of Radio Frequency Identification
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 2
(a) (b)
Fig. 1. Radiometric block diagram showing different sources of impairments in overall digital communication system. (a) Block diagram of transmitter and
its impairments, (b) Block diagram of receiver.
physical layer identification systems work. In Section III, we measure the fingerprints quantitively and with existing
classify RF fingerprinting methods and analyse both transient- equipment.
based and steady state-based RFF algorithms. We also present 5) Robustness, which means that the fingerprints should be
other approaches that do not fit into those categories. In section evaluated with respect to external environmental aspects
IV, we discuss features that are useful for both categories of like signal reflection, absorption, etc. and device-related
RFF techniques. Finally, we present a classification aspects like temperature, power, and voltage level.
methodology for transmitter identification in Section V and
conclude the article in Section VI. III. CLASSIFICATION OF RF FINGERPRINTING
RF fingerprinting is a well-known technique used to identify
II. PHYSICAL LAYER SECURITY wireless devices by extracting unique structures in the
Physical layer security is a new paradigm for securing the electromagnetic waves emitted from the transmitters. In the past
identity of wireless devices based on the unique features few years, many RF fingerprinting methods have been explored
extracted from signals emitted by wireless devices [23, 24]. The in commercial areas [24, 29-32]. For example, in the ADS-B
uniqueness of features arises from analog element system used in Air Traffic Control, RF fingerprinting
imperfections created in the manufacturing process [25]. techniques used to identify/classify aircraft [33]. Also, other
Physical layer security that uses these unique features is known wireless devices signal such as Bluetooth [34, 35], push-to-talk
as Radio Frequency (RF) fingerprinting [26]. Transmitter transmitters [29], RFID [5, 36, 37] are used to evaluate RF
imperfections that produce RF fingerprints are originated from fingerprinting methods. According to [10], every transmitter
its analog elements (phase noise, digital-to-analog converters, has a unique RF fingerprint that this uniqueness arises from
band-pass filters, frequency mixers, and power amplifiers) [12]. imperfections in analog components during the manufacturing
Fig. 1 shows physical imperfections of transceivers elements. process. The main step in RF fingerprinting is to extract useful
A physical layer identification system has three main tasks: features of a transmitted signal to identify the signal’s
1) capture the identification signal, 2) extract proper features transmitter [38]. Here we review important techniques for RF
and 3) create fingerprints from captured signals and classify and fingerprinting. Transmitter identification techniques are
identify fingerprints. A physical layer device identification classified based on essential differences. These methods are
system has two main modules: one for creating a library of divided into three categories, namely transient-based, steady
enrolled devices and another for identification. Initially, signals state-based and other approaches based on different signal parts
are captured from a device or set of devices with different or used for feature extraction. Fig. 2 shows the different parts of
same models and manufacturers [27]. Then the extracted an actual signal that are used in the special category. A structure
features of RF fingerprints are, stored in a library as a database. of wireless transmitter identification categories is shown in Fig.
In the second module, fingerprints extracted from a device are 3.
compared with the library of fingerprints in order to identify or
verify the device.
As mentioned, fingerprints are sets of features that are
extracted from the captured signal to identify and verify devices
[28]. To achieve a high accuracy identification, the fingerprints
need to have properties such as:
1) Universality, which means that every wireless device
should have the features that are used for its identification;
2) Uniqueness, which indicates that no two devices should
have the same fingerprints.
3) Permanence, which means that the fingerprints should be
time-invariant and environment invariant.
4) Collectability, which indicates that it should be possible to Fig. 2. Different parts of the Mode S signal.
2469-7281 (c) 2019 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
Authorized licensed use limited to: Auckland University of Technology. Downloaded on May 25,2020 at 15:23:14 UTC from IEEE Xplore. Restrictions apply.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JRFID.2020.2968369, IEEE Journal
of Radio Frequency Identification
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 3
(a) (b)
Fig. 4. Typical captured signal. (a) Ramp change signal from a Nokia 5230 mobile phone. (b) Step change signal from a VHF radio [35].
2469-7281 (c) 2019 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
Authorized licensed use limited to: Auckland University of Technology. Downloaded on May 25,2020 at 15:23:14 UTC from IEEE Xplore. Restrictions apply.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JRFID.2020.2968369, IEEE Journal
of Radio Frequency Identification
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 4
wireless networks. Signals were captured from 8 different and k is the interval time and determines the number of subset
manufacturers and models and classified using PNN. The and X (m, k ) : X ( m), X ( m k ),..., X ( m [( N m) / k ] k )
proposed classifier could classify the signals with an error rate and ( N 1) / [( N m) / k ]k is assumed to be the normalization
of 2%. In the above works, captured signals were from different
factor of curve length.
models and manufacturers and at close distance with the
Second, Lm (k ) is plotted against k on a log-log scale, so the
fingerprinting antenna. In [45], Rasmussen and Capkun used
RF fingerprinting techniques to identify 10 UHF data should fall on an axis as k varies from N to zero.
(Mica2/CC1000) sensor devices from same manufacturers and Third, a curve is fitted to the points ( Lm (k ) ) that calculated in
models. Each device has a profile of fingerprints including the last step according to the least-square procedure, and then
transient length, amplitude variance, number of peaks of the the slope of the curve is an estimation of the fractal dimension.
carrier signal, the difference between normalized mean and the Fourth, the following a posteriori probability density
normalized maximum value of the transient power, and the first function is used to detect transient. The maximum point of the
DWT coefficient. The feasibility of fingerprinting the radio of function is the start point of the transient signal [47].
Wireless Sensor Node (Chipcon 1000 radio, 433MHz) was N
1 1 m
demonstrated in [45]. The duration of the transient signal, the p ({m} | d ) [ d i2 ( d i ) 2
number of peaks and the difference between the normalized m( N m) i 1 m i 1 (3)
mean normalized maximum values of the peaks are used to 1 N N 2
Maximum Probability
signal. There is a close relation between the variance of fractal
Density
Density
dimension and the probability density function of start point of
transient, for example, the variance of fractal dimension
between two sequences are related to the probability density
function, so the maximum of the probability density function is Section of Signals
the start point of the transient signal. A non-stationary signal Fig.5. Bayesian Step Change Detection (signal of net-core). © [2013]
IEEE. Reprinted, with permission, from [51].
like a transient is not a pure fractal because its fractality is time
variant. Multi-fractality handles signals with local fractal
Method 2: Bayesian Ramp Change Detection (BRCD)
dimensions. For calculating the local fractal dimensions of
successive portions of the signal, a sliding window is used. The This method was proposed by Ureten and Serinken [48] and
principle of this approach is provided as follows: it is a modification to the BSCD scheme. In this approach,
First, the fractal dimension of the transient is calculated by transient detection is achieved by estimating the time instant
Higuchi’s method. Higuchi defines the length of the curves for when the power of signal gently increased. Its principals are
each subsets as follows: provided as follows:
As mentioned before, typical transmission data contain channel
N m noise before transmission of real data. The model of this signal
k N 1 / k
Lm (k ) X (m ik ) X (m (i 1)k (2) can be written in the form of a matrix equation:
N m
i 1 [ ]k d Gb e (4)
k
where d is an N 1 matrix of data samples, e is a matrix of
where, m is the initial time and the starting point of each subset
2469-7281 (c) 2019 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
Authorized licensed use limited to: Auckland University of Technology. Downloaded on May 25,2020 at 15:23:14 UTC from IEEE Xplore. Restrictions apply.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JRFID.2020.2968369, IEEE Journal
of Radio Frequency Identification
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 5
Gaussian noise samples with dimensions of N 1 , the matrix network card net-core is shown in Fig. 6. For example, if the
G is of size N M that each column of G is a basis function value of n-th point and its m successive points are less than the
estimated at each sample in the time series and b is an M 1 threshold, then n is considered to be the start point of the
transient. It must contain at least T / 4 samples of channel
matrix of linear coefficients. The next step is to detect the
noise before the start of the transmission. It is proved that there
change point with a posteriori probability density which is
is a remarkable difference between the fractal dimension of
calculated as in the following equation [48]:
ambient channel noise and the actual data. This method is
[d T d d T G (GT G ) 1 GT d ] ( N m )/2 simple and fast, but the threshold needs to be determined by
p({m} | d , I ) (5) trial and error and it is very sensitive to noise.
det(GT G )
Variance Fractal Dimension Threshold
where I defines the signal model. The start point position can Detection
be found in the structure of the matrix G that is given in Start of Transient
Amplitude
equation (6).
1 1 1 1 ... 1 1 1 1 ... 1
GT (6)
0 0 0 0 ... 0 1 2 3... N m
Difference Fractal Dimension Variance
Fractal Dimension
A Bayesian ramp change detector is a better candidate for
transient extraction for Wi-Fi radios in comparison with
Bayesian step change detector because of the lags behind the
start point of the transient signal and because the standard
deviation of the detection error for BSCD is three times higher
than BRCD [48].
Samples
Fig. 6. Variance Fractal Dimension Threshold Detection (signal of net-core).
Method 3: Variance Fractal Dimension Threshold Detection © [2013] IEEE. Reprinted, with permission, from [51].
This approach was proposed by Shaw and Kinser [49]. The Method 4: Phase Detection (PD)
main idea is to calculate the fractal dimension from the variance
of signal amplitude to detect the transient part of a signal. Phase Detection method was proposed by Hall et al. [50] and
The first step is to calculate the fractal dimension for each unlike the previous approaches which used the amplitude
portion of the signal in the sliding window by equation (7). characteristics of the signal for transient extraction, this
approach used phase characteristics to extract transient signals.
D(t ) 2 H (7) This approach has advantages against the methods using
amplitude characteristics because the phase of the signal does
where H is a value called the Hurst index that is the correlation not represent the same degree of variation because the phase is
between X (ti , t ) and t that is the amplitude difference less sensitive to noise. Moreover, the implementation of PD is
between data samples and t . By setting as follows:
and t ti 1 ti , the Hurst The instantaneous phase of the signal ( X (t ) I (t ) j Q(t ) )
X (ti , t ) X (ti , t ) X (ti )
can be calculated using equation (9) as follows:
index can be calculated by equation (8) based on the least
squares regression (LSR) scheme [49]. Q(t )
(t ) tan 1 [ ] (9)
N N N I (t )
N xi yi ( xi )( yi )
(8)
2H i 1
N
i 1
N
i 1
where, (t ) is unwrapped to remove the discontinuities that
N ( x )( xi )
2
i
2
result at multiples of 2 radians. The absolute value of each
i 1 i 1
element in the unwrapped vector AV which is shown in
where ( xi , yi ) (log(ti ),log(var(X (ti , ti )))). It is equation (10):
2469-7281 (c) 2019 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
Authorized licensed use limited to: Auckland University of Technology. Downloaded on May 25,2020 at 15:23:14 UTC from IEEE Xplore. Restrictions apply.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JRFID.2020.2968369, IEEE Journal
of Radio Frequency Identification
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 6
Normalized Amplitude
where i 1, 2,..., N / S , g i S , d g S , S is non-
Start of Transient
overlapping window size and 𝑣𝑎𝑟 represents the variance of the
phase.
The last step is to create the fractal trajectory (FT) from the
difference of the phase variance. The start point of the turn-on
transient is when the fractal trajectory becomes near to zero
because the phase variance of the transient signal changes more
slowly than channel noise. The start point detection of net-core Start of Transient
signal using PD algorithm is shown in Fig.7.
Detection Value
Phase Detection
Start of Transient
Amplitude
The main idea of this approach is to magnify the difference 0 H P p j ln( p j ) / ln(m!) 1 (17)
between static of samples before and after the section. As
shown in Fig. 8, the start point of the transient part of net-core where, K is the number of distinct symbols in
signal is accurately detected.
2469-7281 (c) 2019 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
Authorized licensed use limited to: Auckland University of Technology. Downloaded on May 25,2020 at 15:23:14 UTC from IEEE Xplore. Restrictions apply.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JRFID.2020.2968369, IEEE Journal
of Radio Frequency Identification
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 7
H ps (n) is the PE of stable signal; H pt (n) is the PE of slides that Algorithms Advantages Disadvantages Success Rate
contains transient signal. When the transient is in the sliding High detection
window, the PE starts to decrease and when the stable signal is rate for signals Complex
with suitable computation, poor 80-85%
in the sliding window, the PE changes a little. The PE for the BSCD [44] amplitude, no detection for 802.11b
slides that contains transient signal can be modelled as follows need to define a transient signal with transceiver
[40]: threshold small amplitude
Perform better
A0 w(n) 1 n n0
H P ( n) (19) than BSCD Complex
following equations; A0 and k are unknown can be estimated The MLE of the slope k can be estimated by the least-squares
by maximum likelihood (MLE) [40]. fitting algorithm as in the following equation [54]:
2469-7281 (c) 2019 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
Authorized licensed use limited to: Auckland University of Technology. Downloaded on May 25,2020 at 15:23:14 UTC from IEEE Xplore. Restrictions apply.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JRFID.2020.2968369, IEEE Journal
of Radio Frequency Identification
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 8
N0 n0 N 0 n0 N 0 n0
extract the transient signal due to its short period and reliability
( N 0 n0 ) n H p (n n0 ) n H p (n n0 ) of the phase and amplitude information is a serious challenge in
(27)
kˆ n 1
N0 n0
n 1
N0 n0
n 1
this area [57]. Nowadays, there is no need to have a steady-state
( N 0 n0 ) n 2 ( n) 2
signal for these approaches because almost all wireless local
n 1 n 1
area network (WLAN), RFID, etc. have a preamble at the start
According to the above equations, the GLRT detector defines
of data transmission to make the receiver design simple [59].
as follows [40]:
N0 n0
Gerdes et al. [60] proposed a steady state-based RFF technique
1
Ln( LG ( H p (n))) [ ( H p (n) Aˆ00 ) 2 ( H p (n) Aˆ01 ) 2 which is able to identify cards with same model and same
2 2
n 1 n 1
(28)
manufacturer. The preamble part of IEEE Ethernet 802.3 (16
N0
n n0 1
( H p (n) Aˆ01 kˆ (n n0 )) 2 ], devices with 3 different models) was used to provide a device
fingerprint profile, which help to identify the device the signal
The estimated start point of transient signal n̂0 is the maximum emitted from. A matched filter implementation and a simple
threshold were used to provide classification. They have shown
of the GLRT detector, defined in equation [40]:
that the characteristics of analog signals for these devices are
nˆ0 arg max n [ Ln( LG ( H p (n)))], (29) track able and also it is appropriate for network access control
According to the explanations about transient extraction schemes.
methods, a table of performance comparison is provided. Table- C. Other Approaches
I shows the advantages and disadvantages of common
Some of the proposed physical-layer identification
algorithms in transient extraction.
techniques could not be related to the mentioned classification
B. Steady State-Based RF Fingerprinting [61, 62]. These approaches usually use a special wireless
Steady-state based approaches focus on the unique features technology and/or extract other attributes of the signal and
extracted from the modulated part of the signal. Brike et al. [10] logical layer. Suski et al. [63] create an RF fingerprint profile
proposed a Passive RAdiometric Device Identification System by measuring the power spectrum density (PSD) of the
(PARADIS) using five specific features of the modulated signal preamble of IEEE 802.11a to uniquely identify wireless
such as: the frequency error, SYNC (synchronized) correlation, devices. This approach was tested on 3 devices and achieved an
I/Q origin offset, and magnitude and phase errors for physical- average classification error rate of 20% for packet frames that
layer identification. These features were used to make an RF were captured with SNR greater than 6 dB. In [62, 64], a
fingerprint profile that is classified with an SVM and k-NN complex wavelet transformation was applied to identify IEEE
classifier. The system used 138 same model IEEE 802.11b 802.11a (OFDM) devices. Multiple Discrimination Analysis
signals, captured by a high-end vector signal analyzer and at (MDA) used to classify extracted features and the classification
distance from 3 to 15m from the antenna, to test the accuracy of performance for this approach was tested on 4 same model
of the classifiers. Shi and Jensen [56] proposed a similar Cisco wireless devices. The results showed a classification error
approach to PARADIS and use radiometric features in the rate of 20% for SNR improvement of 8 dB. Recent research
modulation targeted different class of RFID for physical-layer identification
domain to identify Multiple Input Multiple Output devices. [36, 65]. Periaswamy et al. [65, 66] used UHF RFID tags for
Modulation-based methods were also used to classify RFID device identification. The authors showed that the minimum
devices. Danev et al. [11] also used the features extracted from power response characteristic can be used to identify devices
modulation shape and spectral features from RFID two independent sets of 50 tags from two different
transponders. The proposed method was tested on 4 different manufacturers with an accuracy of 94.4% (with False
classes and different models of ISO 14443 RFID transponder. Acceptance Rate (FAR) of 0.1%) and 90.7% (with FAR of
In number of researches like [57] frequency domain features 0.2%).
were used to perform transmitter identification. Eight Universal Danev et al. [11], used timing, modulation shape and spectral
Radio Peripherals (USRP) transmitters were used for laboratory features of device response signals for physical layer
experiments. This paper offers an excellent performance identification. The authors showed that of these features, timing
improvement by using flexible feature selection with a and modulation-shape only distinguished devices from
traditional discriminatory classifier (k-NN). The approach different manufacturers, but spectral features would be a
performs well with 97% accuracy rate at 30 dB SNR and the preferred fingerprint to identify devices from the same
performance is still good with accuracy of 66% at 0dB SNR. manufacturer and same model. Jana and Kasera [61] used clock
Suski et al. [58] used the Power Spectral Density (PSD) skews as a unique feature to identify access points (Aps) in a
coefficients as unique features from the preamble part of IEEE wireless local area network. The effectiveness of this technique
802.11a/g signal. has been shown in [67] for complex networks. The results
Initially, research was more about transient-based RF showed that different Aps are distinguishable with high
fingerprinting because the steady-state part of the signal is not accuracy. Recently, researchers investigated variety of signal
common to all transmitters. The transient signal always occurs characteristics, signal parts on GSM devices [68-70]. They used
in a transmission, so the research focused on transient-based used midamble and the near-transient part of GSM-GMSK
approaches. However, a higher sampling rate is required to burst signals for the aim of identification and classification of
2469-7281 (c) 2019 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
Authorized licensed use limited to: Auckland University of Technology. Downloaded on May 25,2020 at 15:23:14 UTC from IEEE Xplore. Restrictions apply.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JRFID.2020.2968369, IEEE Journal
of Radio Frequency Identification
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 9
devices from 4 different manufacturers. The results showed that should know the respective modulation scheme.
the accuracy of classification sharply decreases when the
B. Location-Dependent Features:
midable part is used but the near-transient part is suitable for
identifying GSM signals. RF fingerprinting techniques usually have two aims: 1) find
the device which emitted the signal and 2) find the location of
IV. TAXONOMY OF FEATURES FOR RF FINGERPRINTING the device which the signal originated from [77]. The most
common feature which is used in location based RFF
A large variety of features can be used for physical layer
techniques is radio signal strength (RSS) [78]. The value of RSS
identification. In this section, we investigate useful features in
depends on the attenuation of the channel and the transmission
the physical layer, whether they are active or passive. Physical
power at the transmitter. For example, two distant locations
layer features are extracted from the received RF waveform and
have different values of average signal power (RSS) at the
generally divided into two categories: location dependent
receiver with the same transmitter. However, if the two devices
features and location independent features or radiometrics. In
are close, their RSS will be similar. The other feature in this
this paper, we focused on location independent features.
classification is Channel State Information at the Receiver
A. Location-Independent Features (CSIR). This feature is very sensitive to moving. If we consider
Extracting radiometric features depend on the hardware small-scale fading, CSIR can have very different values by only
implementation of wireless devices. It has been shown that even a little movement of a receiver. Location-dependent features
with significant advancement in circuit design and cannot be used separately as a fingerprint because they are very
manufacturing, every transmitter has a unique RF fingerprint sensitive to environmental changes [72].
owing to imperfections in its analog components and
manufacturing process [71]. Imperfections such as channel V. CLASSIFICATION OF EXTRACTED FEATURES
width, channel doping and oxide thickness, which are small Classification algorithms can be divided into two categories:
enough to meet specifications of communication, can allow us supervised algorithms and unsupervised algorithms. Supervised
to detect unique features from devices and provide device algorithms represent the category that a set of observations is
fingerprints [72]. available, and classifiers are built based on a set of labeled data
The main purpose of feature extraction is to create a unique and the algorithms learn to be predicted [79]. In supervised
RF fingerprint profile to make a transmitter distinguishable algorithms, a set of labeled observations is available for training
from the rest of the transmitters. Previously, researchers [59] In supervised algorithms, a set of labeled observations is
used the coefficients of Power Spectral Density (PSD) and available for training.
normalized PSD to create an RF fingerprint. The K Nearest Neighbors algorithm (KNN) is one of the
Hall et al. [50] use unique features such as phase, amplitude, supervised methods [53]. This algorithm classifies a data set
phase angle and frequency that are extracted using the Discrete based on the distance to the nearest samples in the training set.
Wavelet Transform (DWT), from the turn-on transient portion A variety of functions can be used to determine the distance
of signals. between samples such as Euclidean distance, Mahalanobis and
Polak et al. [73] used the imperfection of the power amplifier Minkowski; Euclidean distance is the most common [80]. The
for physical layer identification because power amplifiers are KNN algorithm is very simple and computationally efficient in
the last elements in the circuit of transmitters and it is hard for the training phase but the classification phase could be
attackers to modify with software. Volterra series were used to computationally intensive in comparison with other algorithms.
model the nonlinear characteristics of power amplifiers. In addition, high dimension, KNN is less effective method for
As mentioned, Brik et al. [10] proposed a system called classification.
PARADIS that used features such as magnitude and phase SVM is also a supervised algorithm that learns to classify
errors, I/Q origin offset and SYNC correlation of the frame. observation samples from the reference samples. SVM uses a
Nguyen et al. [74] used carrier frequency differences (CFD) and function from different types such as: linear, Radial Basis
phase shift differences (PSD) as fingerprints for transmitters. Function (RBF), polynomial, sigmoidal to divide the labeled set
PSD is determined as the phase shift from one constellation to into several groups, depending on the problem, on a multi-
another in the neighborhood that may vary because of the dimensional surface [81]. This method provides a high level of
different amplifier for I-phase and Q-phase in each transmitter. accuracy and robustness and it is also efficient for binary
Nguyen et al. also proposed a second-order cyclostationary classification.
feature (SOCF) in addition to PSD and CFD to identify devices. A neural network is a supervised method that contains a set
of connected input and output and each connection has a
In radiometric techniques, feature extracting can be classified specific weight. The network predicts the class labels during the
into transient-based and steady state-based features because of process of adjusting the weight to each connection [82]. The
the way they treat signals [10]. Transient-based methods [75, most important advantage of neural networks is the tolerance of
76] use time- and frequency-based features which are flexible noisy data in RF fingerprints. This algorithm could be able to
but complex while steady state-based methods represent classify patterns without a training phase that is a very useful
features in terms of I/Q samples. Modulation based methods point for identifying new devices.
have better structure but the important issue is the fact that we Unsupervised learning algorithms do not have a training set
2469-7281 (c) 2019 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
Authorized licensed use limited to: Auckland University of Technology. Downloaded on May 25,2020 at 15:23:14 UTC from IEEE Xplore. Restrictions apply.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JRFID.2020.2968369, IEEE Journal
of Radio Frequency Identification
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 10
and the algorithm must find the function from unlabeled data. [2] J. Hall, M. Barbeau, and E. Kranakis, "Radio frequency fingerprinting for
intrusion detection in wireless networks," IEEE Transactions on
For wireless device identification, unsupervised algorithms Defendable and Secure Computing, vol. 12, pp. 1-35, 2005.
mean that we have similar fingerprints from different devices
[3] O. Ureten and N. Serinken, "Wireless security through RF fingerprinting,"
which are grouped together and belong to the same cluster. Canadian Journal of Electrical and Computer Engineering, vol. 32, pp.
These methods are very useful for identifying devices from the 27-33, 2007.
same models and the same manufacturers. In these approaches, [4] K. D. Hawkes, "Transient analysis system for characterizing RF
there is no need to create a reference library because the transmitters by analyzing transmitted RF signals," ed: Google Patents,
presence of valid phones is used for this purpose [83]. There are 1998.
various unsupervised algorithms. Here we described only the [5] C. Bertoncini, K. Rudd, B. Nousain, and M. Hinders, "Wavelet
methods applied to fingerprint identification. fingerprinting of radio-frequency identification (RFID) tags," IEEE
Transactions on Industrial Electronics, vol. 59, pp. 4843-4850, 2011.
K-Means clustering is an unsupervised algorithm in which
the observations are divided into a number of clusters and each
[6] H. Yuan and A. Hu, "Preamble-based detection of Wi-Fi transmitter RF
sample of observation is assigned to the cluster with the nearest
fingerprints," Electronics letters, vol. 46, pp. 1165-1167, 2010.
mean.
[7] H. C. Choe, C. E. Poole, M. Y. Andrea, and H. H. Szu, "Novel
PCA (Principal Component Analysis) is a multivariate identification of intercepted signals from unknown radio transmitters," in
method which is useful for data compression and Wavelet Applications II, pp. 504-518, 1995.
dimensionality reduction. The main purpose in PCA is to [8] J. Hall, M. Barbeau, and E. Kranakis, "Enhancing intrusion detection in
extract important information from data and construct a set of wireless networks using radio frequency fingerprinting," in
orthogonal variables called principal components. This feature Communications, internet, and information technology, pp. 201-206,
2004.
is very useful in phone identification to reduce a large set of
features [84]. [9] J. Toonstra and W. Kinsner, "Transient analysis and genetic algorithms
for classification," in IEEE WESCANEX 95. Communications, Power, and
Computing. Conference Proceedings, pp. 432-437, 1995.
VI. CONCLUSION
[10] V. Brik, S. Banerjee, M. Gruteser, and S. Oh, "Wireless device
This survey has reviewed RF fingerprinting methods for identification with radiometric signatures," in Proceedings of the 14th
wireless devices. Physical-layer identification has been studied ACM international conference on Mobile computing and networking, pp.
for a variety of wireless applications, but the primary usage of 116-127, 2008.
this technology is in wireless security enhancement. In this [11] B. Danev, T. S. Heydt-Benjamin, and S. Capkun, "Physical-layer
paper, we provide a comprehensive overview of physical-layer identification of RFID devices," in USENIX security symposium, pp. 199-
214, 2009.
identification and state-of-the-art techniques in RFF. The
detection of transients is considered one of the key steps in the [12] D. Kaplan and D. M. Stanhope, "Waveform collection for use in wireless
telephone identification," ed: Google Patents, 1999.
fingerprint detection of wireless devices; its accuracy directly
[13] N. O. Tippenhauer, K. B. Rasmussen, C. Pöpper, and S. Čapkun, "Attacks
affects the success of identification. This review has on public WLAN-based positioning systems," in Proceedings of the 7th
investigated some of the common approaches in transient international conference on Mobile systems, applications, and services,
detection and their advantages and disadvantages. The most pp. 29-40, 2009.
important problem in transient based algorithms is the [14] K. Zeng, K. Govindan, and P. Mohapatra, "Non-cryptographic
dependency of the extraction method on the sampling rate of authentication and identification in wireless networks," network security,
signals. Signal with high sampling rate could have a precise vol. 1, p. 3, 2010.
transient extraction which is needed to have a high-end devices [15] L. Xiao, L. Greenstein, N. Mandayam, and W. Trappe, "A physical-layer
for capturing the signal. The main gap in this area is the lack of technique to enhance authentication for mobile terminals," in 2008 IEEE
International Conference on Communications, pp. 1520-1524, 2008.
a reliable approach to optimize the sampling rate which can
reduce the costs. [16] P. V. Nikitin, R. Martinez, S. Ramamurthy, H. Leland, G. Spiess, and K.
Rao, "Phase based spatial identification of UHF RFID tags," in 2010 IEEE
The feature profiles used for different types of fingerprinting International Conference on RFID (IEEE RFID 2010), pp. 102-109, 2010.
methods have been elaborated in this review. The main idea is
to extract unique features from wireless devices to generate
[17] A. A. Larionov, R. E. Ivanov, and V. M. Vishnevsky, "UHF RFID in
non-forgeable signatures. Finally, the paper has taken into automatic vehicle identification: Analysis and simulation," IEEE Journal
consideration the classification process and methods. of Radio Frequency Identification, vol. 1, pp. 3-12, 2017.
[18] I. C. S. L. M. S. Committee, "IEEE 802.11: Wireless LAN medium access
ACKNOWLEDGMENT control and physical layer specifications," ed: August, 1999.
We are particularly grateful for the assistance given by Dr. [19] B. Kauffmann, F. Baccelli, A. Chaintreau, V. Mhatre, K. Papagiannaki,
and C. Diot, "Measurement-based self organization of interfering 802.11
Michael Pauly for English language editing. wireless access networks," in Infocom, pp. 1451-1459, 2007.
REFERENCES
[20] A. Candore, O. Kocabas, and F. Koushanfar, "Robust stable radiometric
[1] Q. Li and W. Trappe, "Detecting spoofing and anomalous traffic in fingerprinting for wireless devices," in 2009 IEEE International
wireless networks via forge-resistant relationships," IEEE Transactions Workshop on Hardware-Oriented Security and Trust, pp. 43-49, 2009.
on Information Forensics and Security, vol. 2, pp. 793-808, 2007.
2469-7281 (c) 2019 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
Authorized licensed use limited to: Auckland University of Technology. Downloaded on May 25,2020 at 15:23:14 UTC from IEEE Xplore. Restrictions apply.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JRFID.2020.2968369, IEEE Journal
of Radio Frequency Identification
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 11
[21] B. Danev and S. Capkun, "Transient-based identification of wireless [40] Y.-J. Yuan, X. Wang, Z.-T. Huang, and Z.-C. Sha, "Detection of radio
sensor nodes," in Proceedings of the 2009 International Conference on transient signal based on permutation entropy and GLRT," Wireless
Information Processing in Sensor Networks, pp. 25-36, 2009. Personal Communications, vol. 82, pp. 1047-1057, 2015.
[22] M. Debbah, "Mobile flexible networks: The challenges ahead," in 2008 [41] K. Ellis and N. Serinken, "Characteristics of radio transmitter
International Conference on Advanced Technologies for fingerprints," Radio Science, vol. 36, pp. 585-597, 2001.
Communications, pp. 3-7, 2008. [42] O. Tekbas, N. Serinken, and O. Ureten, "An experimental performance
[23] N. Hu and Y.-D. Yao, "Identification of legacy radios in a cognitive radio evaluation of a novel radio-transmitter identification system under diverse
network using a radio frequency fingerprinting based method," in 2012 environmental conditions," Canadian Journal of Electrical and Computer
IEEE International Conference on Communications (ICC), pp. 1597- Engineering, vol. 29, pp. 203-209, 2004.
1602, 2012. [43] Ö. Tekbaş, O. Üreten, and N. Serinken, "Improvement of transmitter
identification system for low SNR transients," Electronics Letters, vol. 40,
[24] M. Marcus, "Progress in vhf/nhf mobile transmitter identification, pp. 182-183, 2004.
University of Manitoba, Department of Electrical and Computer
Engineering," Tech. Rep1992. [44] M. Barbeau, J. Hall, and E. Kranakis, "Detection of rogue devices in
bluetooth networks using radio frequency fingerprinting," in proceedings
[25] K. G. Gard, L. E. Larson, and M. B. Steer, "The impact of RF front-end of the 3rd IASTED International Conference on Communications and
characteristics on the spectral regrowth of communications signals," IEEE Computer Networks, CCN, pp. 4-6, 2006.
Transactions on Microwave Theory and Techniques, vol. 53, pp. 2179-
2186, 2005. [45] K. B. Rasmussen and S. Capkun, "Implications of radio fingerprinting on
the security of sensor networks," in 2007 Third International Conference
[26] B. Danev, H. Luecken, S. Capkun, and K. El Defrawy, "Attacks on on Security and Privacy in Communications Networks and the
physical-layer identification," in Proceedings of the third ACM conference Workshops-SecureComm 2007, pp. 331-340, 2007.
on Wireless network security, pp. 89-98, 2010.
[46] C. Zhao, T. Y. Chi, L. Huang, Y. Yao, and S.-Y. Kuo, "Wireless local area
[27] B. Danev, A. d. Spindler, H. Luecken, and S. Cap 8kun, "Physical-layer
network cards identification based on transient fingerprinting," Wireless
identification: Secure or not?," Technical report/ETH Zurich, Department
Communications and Mobile Computing, vol. 13, pp. 711-718, 2013.
of Computer Science, vol. 634, 2009.
[47] T. Higuchi, "Approach to an irregular time series on the basis of the fractal
[28] R. M. Bolle, J. H. Connell, S. Pankanti, N. K. Ratha, and A. W. Senior,
theory," Physica D: Nonlinear Phenomena, vol. 31, pp. 277-283, 1988.
Guide to biometrics: Springer Science & Business Media, 2013.
[29] J. Toonstra and W. Kinsner, "A radio transmitter fingerprinting system
ODO-1," in Proceedings of 1996 Canadian Conference on Electrical and [48] O. Ureten and N. Serinken, "Bayesian detection of Wi-Fi transmitter RF
Computer Engineering, pp. 60-63, 1996. fingerprints," Electronics Letters, vol. 41, pp. 373-374, 2005.
[49] D. Shaw and W. Kinsner, "Multifractal modelling of radio transmitter
[30] R. D. Hippenstiel and Y. Payal, "Wavelet based transmitter
transients for classification," in IEEE WESCANEX 97 Communications,
identification," in Fourth International Symposium on Signal Processing
Power and Computing. Conference Proceedings, pp. 306-312, 1997.
and Its Applications, pp. 740-742, 1996.
[31] S. Xu, L. Xu, Z. Xu, and B. Huang, "Individual radio transmitter [50] J. Hall, M. Barbeau, and E. Kranakis, "Detection of transient in radio
identification based on spurious modulation characteristics of signal frequency fingerprinting using signal phase," Wireless and Optical
envelop," in MILCOM 2008-2008 IEEE Military Communications Communications, pp. 13-18, 2003.
Conference, pp. 1-5, 2008. [51] L. Huang, M. Gao, C. Zhao, and X. Wu, "Detection of Wi-Fi transmitter
transients using statistical method," in 2013 IEEE International
[32] G. O. M. Zamora, S. Bergin, and I. O. Kennedy, "Using support vector
Conference on Signal Processing, Communication and Computing
machines for passive steady state RF fingerprinting," in Novel Algorithms
(ICSPCC 2013), pp. 1-5, 2013.
and Techniques in Telecommunications and Networking, ed: Springer, pp.
183-188, 2010. [52] R. Klein, M. A. Temple, M. J. Mendenhall, and D. R. Reising, "Sensitivity
[33] M. Leonardi, L. Di Gregorio, and D. Di Fausto, "Air traffic security: analysis of burst detection and RF fingerprinting classification
aircraft classification using ADS-B message’s phase-pattern," Aerospace, performance," in 2009 IEEE International Conference on
vol. 4, p. 51, 2017. Communications, pp. 1-5, 2009.
[34] M. Woelfle, M. Temple, M. Mullins, and M. Mendenhall, "Detecting [53] Y. Cao, W.-w. Tung, J. Gao, V. A. Protopopescu, and L. M. Hively,
identifying and locating bluetooth devices using rf fingerprints," in 2009 "Detecting dynamical changes in time series using the permutation
Military Communications Conference (MILCOM 2009), 2009. entropy," Physical review E, vol. 70, p. 046217, 2004.
[35] S. U. Rehman, K. Sowerby, and C. Coghill, "RF fingerprint extraction [54] C. Bandt and B. Pompe, "Permutation entropy: a natural complexity
from the energy envelope of an instantaneous transient signal," in 2012 measure for time series," Physical review letters, vol. 88, p. 174102, 2002.
Australian Communications Theory Workshop (AusCTW), pp. 90-95,
2012.
[55] S. M. Kay, Fundamentals of statistical signal processing: Prentice Hall
PTR, 1993.
[36] D. Zanetti and B. Danev, "Physical-layer identification of UHF RFID
tags," in Proceedings of the sixteenth annual international conference on [56] Y. Shi and M. A. Jensen, "Improved radiometric identification of wireless
Mobile computing and networking, pp. 353-364, 2010. devices using MIMO transmission," IEEE Transactions on Information
Forensics and Security, vol. 6, pp. 1346-1354, 2011.
[37] X. Li, Y. Zhang, and M. G. Amin, "Multifrequency-based range
estimation of RFID tags," in 2009 IEEE International Conference on [57] I. O. Kennedy, P. Scanlon, F. J. Mullany, M. M. Buddhikot, K. E. Nolan,
RFID, pp. 147-154, 2009. and T. W. Rondeau, "Radio transmitter fingerprinting: A steady state
frequency domain approach," in 2008 IEEE 68th Vehicular Technology
[38] K. I. Talbot, P. R. Duley, and M. H. Hyatt, "Specific emitter identification Conference, pp. 1-5, 2008.
and verification," Technology Review, vol. 113, 2003.
[58] W. C. S. II, M. A. Temple, M. J. Mendenhall, and R. F. Mills, "Radio
[39] Y. Honglin and H. Aiqun, "Fountainhead and uniqueness of RF
frequency fingerprinting commercial communication devices to enhance
fingerprint," Journal of Southeast University (Natural Science Edition),
electronic security," International Journal of Electronic Security and
vol. 39, pp. 230-233, 2009.
Digital Forensics, vol. 1, pp. 301-322, 2008.
2469-7281 (c) 2019 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
Authorized licensed use limited to: Auckland University of Technology. Downloaded on May 25,2020 at 15:23:14 UTC from IEEE Xplore. Restrictions apply.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JRFID.2020.2968369, IEEE Journal
of Radio Frequency Identification
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 12
[59] P. Scanlon, I. O. Kennedy, and Y. Liu, "Feature extraction approaches to INFOCOM 2008-The 27th Conference on Computer Communications, pp.
RF fingerprinting for device identification in femtocells," Bell Labs pp. 1768-1776, 2008.
Technical Journal, vol. 15, pp. 141-151, 2010.
[77] N. Patwari and S. K. Kasera, "Robust location distinction using temporal
[60] R. M. Gerdes, T. E. Daniels, M. Mina, and S. Russell, "Device link signatures," in Proceedings of the 13th annual ACM international
identification via analog signal fingerprinting: a matched filter approach," conference on Mobile computing and networking, pp. 111-122, 2007.
in NDSS, 2006.
[78] R. S. Campos and L. Lovisolo, "Rf fingerprinting location techniques"
[61] S. Jana and S. K. Kasera, "On fast and accurate detection of unauthorized Handbook of Position Location: Theory, Practice, and Advances, pp. 487-
wireless access points using clock skews," IEEE transactions on Mobile 520, 2011.
Computing, vol. 9, pp. 449-462, 2009.
[79] S. Theodoridis and K. Koutroumbas, "Pattern recognition," IEEE
[62] R. W. Klein, M. A. Temple, and M. J. Mendenhall, "Application of Transactions on Neural Networks, vol. 19, p. 376, 2008.
wavelet-based RF fingerprinting to enhance wireless network security,"
Journal of Communications and Networks, vol. 11, pp. 544-555, 2009. [80] Z. Prekopcsák and D. Lemire, "Time series classification by class-specific
Mahalanobis distance measures," Advances in Data Analysis and
Classification, vol. 6, pp. 185-200, 2012.
[63] W. C. Suski II, M. A. Temple, M. J. Mendenhall, and R. F. Mills, "Using
[81] G. Baldini and G. Steri, "A survey of techniques for the identification of
spectral fingerprints to improve wireless network security," in IEEE
mobile phones using the physical fingerprints of the built-in components,"
GLOBECOM 2008-2008 IEEE Global Telecommunications Conference,
IEEE Communications Surveys & Tutorials, vol. 19, pp. 1761-1789, 2017.
pp. 1-5, 2008.
2469-7281 (c) 2019 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
Authorized licensed use limited to: Auckland University of Technology. Downloaded on May 25,2020 at 15:23:14 UTC from IEEE Xplore. Restrictions apply.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JRFID.2020.2968369, IEEE Journal
of Radio Frequency Identification
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 13
2469-7281 (c) 2019 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
Authorized licensed use limited to: Auckland University of Technology. Downloaded on May 25,2020 at 15:23:14 UTC from IEEE Xplore. Restrictions apply.