{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,6]],"date-time":"2026-02-06T05:47:57Z","timestamp":1770356877829,"version":"3.49.0"},"reference-count":40,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2020,11,30]],"date-time":"2020-11-30T00:00:00Z","timestamp":1606694400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100001659","name":"Deutsche Forschungsgemeinschaft","doi-asserted-by":"crossref","award":["447586980 \/ 210487104"],"award-info":[{"award-number":["447586980 \/ 210487104"]}],"id":[{"id":"10.13039\/501100001659","id-type":"DOI","asserted-by":"crossref"}]},{"name":"LOEWE Initiative","award":["emergenCITY"],"award-info":[{"award-number":["emergenCITY"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Proc. ACM Meas. Anal. Comput. Syst."],"published-print":{"date-parts":[[2020,11,30]]},"abstract":"<jats:p>The intrinsic hardware imperfection of WiFi chipsets manifests itself in the transmitted signal, leading to a unique radiometric fingerprint. This fingerprint can be used as an additional means of authentication to enhance security. In fact, recent works propose practical fingerprinting solutions that can be readily implemented in commercial-off-the-shelf devices. In this paper, we prove analytically and experimentally that these solutions are highly vulnerable to impersonation attacks. We also demonstrate that such a unique device-based signature can be abused to violate privacy by tracking the user device, and, as of today, users do not have any means to prevent such privacy attacks other than turning off the device. We propose RF-Veil, a radiometric fingerprinting solution that not only is robust against impersonation attacks but also protects user privacy by obfuscating the radiometric fingerprint of the transmitter for non-legitimate receivers. Specifically, we introduce a randomized pattern of phase errors to the transmitted signal such that only the intended receiver can extract the original fingerprint of the transmitter. In a series of experiments and analyses, we expose the vulnerability of adopting naive randomization to statistical attacks and introduce countermeasures. Finally, we show the efficacy of RF-Veil experimentally in protecting user privacy and enhancing security. More importantly, our proposed solution allows communicating with other devices, which do not employ RF-Veil.<\/jats:p>","DOI":"10.1145\/3428329","type":"journal-article","created":{"date-parts":[[2020,11,30]],"date-time":"2020-11-30T19:54:15Z","timestamp":1606766055000},"page":"1-31","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":34,"title":["Stay Connected, Leave no Trace"],"prefix":"10.1145","volume":"4","author":[{"given":"Luis Fernando","family":"Abanto-Leon","sequence":"first","affiliation":[{"name":"Technical University of Darmstadt, Darmstadt, Germany"}]},{"given":"Andreas","family":"B\u00e4uml","sequence":"additional","affiliation":[{"name":"Technical University of Darmstadt, Darmstadt, Germany"}]},{"given":"Gek Hong (Allyson)","family":"Sim","sequence":"additional","affiliation":[{"name":"Technical University of Darmstadt, Darmstadt, Germany"}]},{"given":"Matthias","family":"Hollick","sequence":"additional","affiliation":[{"name":"Technical University of Darmstadt, Darmstadt, Germany"}]},{"given":"Arash","family":"Asadi","sequence":"additional","affiliation":[{"name":"Technical University of Darmstadt, Darmstadt, Germany"}]}],"member":"320","published-online":{"date-parts":[[2020,11,30]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"SWAN: Swarm-Based Low-Complexity Scheme for PAPR Reduction","author":"Abanto-Leon Luis F.","year":"2020","unstructured":"Luis F. Abanto-Leon, Gek Hong (Allyson) Sim, Matthias Hollick, Amnart Boonkajay, and Fumiyuki Adachi. 2020. SWAN: Swarm-Based Low-Complexity Scheme for PAPR Reduction. In IEEE GLOBECOM . 1--7."},{"key":"e_1_2_1_2_1","doi-asserted-by":"crossref","unstructured":"Chrisil Arackaparambil Sergey Bratus Anna Shubina and David Kotz. 2010. On the Reliability of Wireless Fingerprinting using Clock Skews. In ACM WiSec . 169--174.","DOI":"10.1145\/1741866.1741894"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-24676-3_24"},{"key":"e_1_2_1_4_1","doi-asserted-by":"crossref","unstructured":"Sergey Bratus Cory Cornelius David Kotz and Daniel Peebles. 2008. Active Behavioral Fingerprinting of Wireless Devices. In ACM WiSec. 56--61.","DOI":"10.1145\/1352533.1352543"},{"key":"e_1_2_1_5_1","doi-asserted-by":"crossref","unstructured":"Vladimir Brik Suman Banerjee Marco Gruteser and Sangho Oh. 2008. Wireless Device Identification with Radiometric Signatures. In ACM MobiCom . 116--127.","DOI":"10.1145\/1409944.1409959"},{"key":"e_1_2_1_6_1","unstructured":"Johnny Cache. 2006. Fingerprinting 802.11 Devices. Ph.D. Dissertation. Naval Postgraduate School."},{"key":"e_1_2_1_7_1","unstructured":"Milos Cermak Stefan Svorencik Robert Lipovsky and Ondrej Kubovic. 2020. KR00K - CVE-2019--15126. Technical Report. ESET."},{"key":"e_1_2_1_8_1","volume-title":"Renato Lo Cigno, and Arash Asadi","author":"Cominelli Marco","year":"2020","unstructured":"Marco Cominelli, Felix Kosterhon, Francesco Gringoli, Renato Lo Cigno, and Arash Asadi. 2020. An Experimental Study of CSI Management to Preserve Location Privacy. In ACM WiNTECH . 64--71."},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-007-0053-7"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/TCOMM.1994.580247"},{"key":"e_1_2_1_11_1","unstructured":"Boris Danev and Srdjan Capkun. 2009. Transient-based Identification of Wireless Sensor Nodes. In ACM IPSN. 25--36."},{"key":"e_1_2_1_12_1","volume-title":"Weaknesses in the Key Scheduling Algorithm of RC4","author":"Fluhrer Scott","unstructured":"Scott Fluhrer, Itsik Mantin, and Adi Shamir. 2001. Weaknesses in the Key Scheduling Algorithm of RC4. In SAC. Springer Berlin Heidelberg, 1--24."},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1561\/0100000006"},{"key":"e_1_2_1_14_1","doi-asserted-by":"crossref","unstructured":"Francesco Gringoli Matthias Schulz Jakob Link and Matthias Hollick. 2019. Free Your CSI: A Channel State Information Extraction Platform For Modern Wi-Fi Chipsets. In ACM WiNTECH. 21--28.","DOI":"10.1145\/3349623.3355477"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11036-005-6425-1"},{"key":"e_1_2_1_16_1","unstructured":"Jeyanthi Hall Michel Barbeau and Evangelos Kranakis. 2004. Enhancing intrusion detection in wireless networks using radio frequency fingerprinting . ICCIIT 1--6."},{"key":"e_1_2_1_17_1","volume-title":"ACM SIGCOMM","volume":"41","author":"Halperin Daniel","year":"2011","unstructured":"Daniel Halperin, Wenjun Hu, Anmol Sheth, and David Wetherall. 2011. Tool Release: Gathering 802.11 n Traces with Channel State Information . ACM SIGCOMM , Vol. 41, 1 (Jan 2011), 53--53."},{"key":"e_1_2_1_18_1","volume-title":"Accurate and Efficient Wireless Device Fingerprinting Using Channel State Information","author":"Hua Jingyu","unstructured":"Jingyu Hua, Hongyi Sun, Zhenyu Shen, Zhiyun Qian, and Sheng Zhong. 2018. Accurate and Efficient Wireless Device Fingerprinting Using Channel State Information. In IEEE INFOCOM. 1700--1708."},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2995272.2995278"},{"key":"e_1_2_1_20_1","volume-title":"Fundamentals of Statistical Signal Processing, Volume I: Estimation Theory","author":"Kay Steven M.","unstructured":"Steven M. Kay. 1993. Fundamentals of Statistical Signal Processing, Volume I: Estimation Theory. Prentice Hall."},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2933242"},{"key":"e_1_2_1_22_1","volume-title":"Fast and Practical Secret Key Extraction by Exploiting Channel Response","author":"Liu Hongbo","unstructured":"Hongbo Liu, Yang Wang, Jie Yang, and Yingying Chen. 2013. Fast and Practical Secret Key Extraction by Exploiting Channel Response. In IEEE INFOCOM . 3048--3056."},{"key":"e_1_2_1_23_1","doi-asserted-by":"crossref","unstructured":"P. Liu P. Yang W. Song Y. Yan and X. Li. 2019. Real-time Identification of Rogue WiFi Connections Using Environment-Independent Physical Features. In IEEE INFOCOM. 190--198.","DOI":"10.1109\/INFOCOM.2019.8737455"},{"key":"e_1_2_1_24_1","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1109\/TIT.1978.1055879","article-title":"A modified Cram\u00e9r-Rao bound and its applications (Corresp.)","volume":"24","author":"Miller R.","year":"1978","unstructured":"R. Miller and C. B. Chang. 1978. A modified Cram\u00e9r-Rao bound and its applications (Corresp.) . IEEE Transactions on Information Theory , Vol. 24, 3 (May 1978), 398--400.","journal-title":"IEEE Transactions on Information Theory"},{"key":"e_1_2_1_25_1","volume-title":"Phantom: Physical Layer Cooperation for Location Privacy Protection","author":"Oh Sangho","year":"2012","unstructured":"Sangho Oh, Tam Vu, Marco Gruteser, and Suman Banerjee. 2012. Phantom: Physical Layer Cooperation for Location Privacy Protection. In IEEE INFOCOM . 3061--3065."},{"key":"e_1_2_1_26_1","unstructured":"Yue Qiao Ouyang Zhang Wenjie Zhou Kannan Srinivasan and Anish Arora. 2016. PhyCloak: Obfuscating Sensing from Communication Signals. In USENIX NSDI . 685--699."},{"key":"e_1_2_1_27_1","volume-title":"Proceedings of the 2014 ACM conference on Security and privacy in wireless & mobile networks . 129--140","author":"Rahbari Hanif","year":"2014","unstructured":"Hanif Rahbari and Marwan Krunz. 2014. Friendly CryptoJam: A Mechanism for Securing Physical-layer Attributes. In Proceedings of the 2014 ACM conference on Security and privacy in wireless & mobile networks . 129--140."},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.2015.7355566"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.2015.7355566"},{"key":"e_1_2_1_30_1","doi-asserted-by":"crossref","unstructured":"Kasper Bonne Rasmussen and Srdjan Capkun. 2007. Implications of Radio Fingerprinting on the Security of Sensor Networks. In EAI SecureComm . 331--340.","DOI":"10.1109\/SECCOM.2007.4550352"},{"key":"e_1_2_1_31_1","volume-title":"Security and Communication Networks","author":"Robyns Pieter","year":"2017","unstructured":"Pieter Robyns, Bram Bonn\u00e9, Peter Quax, and Wim Lamotte. 2017. Noncooperative 802.11 MAC Layer Fingerprinting and Tracking of Mobile Devices . Security and Communication Networks (2017)."},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/26.650240"},{"key":"e_1_2_1_33_1","volume-title":"Shadow Wi-Fi: Teaching Smartphones to Transmit Raw Signals and to Extract Channel State Information to Implement Practical Covert Channels over Wi-Fi . (Jun","author":"Schulz Matthias","year":"2018","unstructured":"Matthias Schulz, Jakob Link, Francesco Gringoli, and Matthias Hollick. 2018. Shadow Wi-Fi: Teaching Smartphones to Transmit Raw Signals and to Extract Channel State Information to Implement Practical Covert Channels over Wi-Fi . (Jun 2018), 256--268."},{"key":"e_1_2_1_34_1","volume-title":"Nexmon: The C-based Firmware Patching Framework . https:\/\/nexmon.org","author":"Schulz Matthias","year":"2017","unstructured":"Matthias Schulz, Daniel Wegemer, and Matthias Hollick. 2017. Nexmon: The C-based Firmware Patching Framework . https:\/\/nexmon.org"},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897883"},{"key":"e_1_2_1_37_1","doi-asserted-by":"crossref","unstructured":"Mathy Vanhoef and Frank Piessens. 2017. Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. In CCS ACM SIGSAC . 1313--1328.","DOI":"10.1145\/3133956.3134027"},{"key":"e_1_2_1_38_1","first-page":"6","article-title":"Precise Power Delay Profiling with Commodity Wi-Fi","volume":"18","author":"Xie Yaxiong","year":"2018","unstructured":"Yaxiong Xie, Zhenjiang Li, and Mo Li. 2018. Precise Power Delay Profiling with Commodity Wi-Fi . IEEE Transactions on Mobile Computing , Vol. 18, 6 (Sep 2018), 1342--1355.","journal-title":"IEEE Transactions on Mobile Computing"},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2015.2476338"},{"key":"e_1_2_1_40_1","volume-title":"Aegis: An Interference-negligible RF Sensing Shield","author":"Yao Yao","year":"2018","unstructured":"Yao Yao, Yan Li, Xin Liu, Zicheng Chi, Wei Wang, Tiantian Xie, and Ting Zhu. 2018. Aegis: An Interference-negligible RF Sensing Shield. In IEEE INFOCOM . 1718--1726."},{"key":"e_1_2_1_41_1","volume-title":"Perceiving Accurate CSI Phases with Commodity WiFi Devices","author":"Zhuo Yiwei","unstructured":"Yiwei Zhuo, Hongzi Zhu, Hua Xue, and Shan Chang. 2017. Perceiving Accurate CSI Phases with Commodity WiFi Devices. In IEEE INFOCOM . 1--9."}],"container-title":["Proceedings of the ACM on Measurement and Analysis of Computing Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3428329","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3428329","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:02:58Z","timestamp":1750197778000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3428329"}},"subtitle":["Enhancing Security and Privacy in WiFi via Obfuscating Radiometric Fingerprints"],"short-title":[],"issued":{"date-parts":[[2020,11,30]]},"references-count":40,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2020,11,30]]}},"alternative-id":["10.1145\/3428329"],"URL":"https:\/\/doi.org\/10.1145\/3428329","relation":{},"ISSN":["2476-1249"],"issn-type":[{"value":"2476-1249","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,11,30]]},"assertion":[{"value":"2020-11-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}