Securing IoT RF Fingerprinting Systems with Generative Adversarial Networks

Abstract

Recently, a number of neural network approaches to physical-layer wireless security have been introduced. In particular, these approaches are able to authenticate the identity of different wireless transmitters by the device-specific imperfections present in their transmitted signals. In this paper, we introduce a weakness in the training protocol of these approaches, namely, that a generative adversarial network (GAN) can be trained to produce signals that are realistic enough to force classifier errors. We show that the GAN can learn to introduce signal imperfections without modifying the bandwidth or data contents of the signal, and demonstrate via experiment that classifiers trained only on transmissions from real devices are vulnerable to this sort of attack. Finally, we demonstrate that by augmenting the training dataset of the classifier with adversarial examples from a different GAN, we are able to strengthen the classifier against this vulnerability.