Tech Briefs

Forensic characterization of portable electronic devices helps pilots verify which devices are approved for use on aircraft.

Forensic characterization of a wireless device is useful in many applications. An example of this is in the testing of Federal Communications Commission (FCC) Part 15 devices that must adhere to strict guidelines with regard to RF interference; one reason being problems with Portable Electronic Devices (PEDs) carried onboard aircraft. The operation of PEDs aboard U.S.-registered civil aircraft is limited. These rules also permit the use of specific PEDs after the aircraft operator has determined that the PED will not interfere with the operations of the aircraft. However, how can the aircraft operator know which PEDs are approved, or if the approved devices are being operated at inappropriate times? Compliance can be verified by detecting the operation of transmitting PEDs (T-PEDs) using an onboard monitoring system, or it could be verified by characterizing the device at a gate entry point, whether powered on or off, using specially designed probe signals and forensic techniques to classify the returned signal. In a more general setting, forensic characterization allows determination of the type of device, make, model, configuration, and other characteristics based on observation of the data that the device produces. The unique characteristics of the device are known as device signatures or device fingerprints.

A block diagram of the general Forensic Device Characterization system.
To characterize an RF device, the device is excited using a specially designed probe signal. The probe signal interacts with several circuit components, each of which modifies the probe signal, effectively embedding information into the signal. The embedded information is unique to each circuit component. The modified signal is then transmitted from the device and captured by a receiver. Features, or key characteristics, are extracted from the received signal and formed into a feature vector. The feature vector forms the device signature or device fingerprint that is then characterized using a classification system. A block diagram of the general system is shown in the figure.

The waveform and modeling design has been enhanced from two previous experiments. Experiment 1 used a linear chirp signal multiplied by a Gaussian window to excite a nonlinear system model. This experiment focused on mathematical modeling of the system response and classification methods using five combinations of filters and nonlinear components. This work was conducted at Purdue University. The research was extended by developing a model for the nonlinearity based on a diode. A comprehensive analysis was performed of all possible combinations (not limited to five) of the filter and nonlinearity at several different noise levels.

Experiment 2 used a linear chirp to excite the system with a focus on large bandwidth filter responses without the presence of a nonlinearity. This experiment, initially conducted by Purdue University and North Carolina State University, encountered several hardware limitations that restricted the bandwidth of the probe to 100 MHz. To overcome this limitation, the measured reflected responses were mapped to a larger response prior to feature selection and analysis. For this experiment, the response to a large bandwidth signal is captured for analysis, and a diode is added to act as a nonlinearity in the system. This alleviates the need for mapping.

This experiment studies reflected signals resulting from a Gaussian windowed chirp exciting a combination of filter and nonlinearity models with noise added. Features were extracted from the reflected signals and then were classified using a set of known classifiers to compare the results.

Five circuit models were used in this experiment. Each nonlinearity parameter in the system is defined as ai, which is the ith coefficient in the Taylor-series. This specific parameter value was initially based on observations of an actual nonlinear response, with additional values determined to elicit a specific response.

Typical RF devices contain a “frontend” circuit, where the front end is the circuitry between the antenna and the intermediate frequency (IF) section of the circuit. The probe signal is received by an antenna, passes through a bandpass filter, and is input into an amplifier. Typically, these three components are impedance matched, which allows one to simplify the front end to the model, where the only component of interest is the bandpass filter.

While the diode model used provides a foundation for modeling nonlinearities, it still warrants further investigation. The amplitude plays a major role in the response of the nonlinearity; this parameter should be looked at in more detail. When combined with a filter, it would be of interest to observe whether the shape or the amplitude of the response plays a more significant role in classification. Also, since the filter seems to be the dominant feature in both sets of experiments, a tiered classification system should be explored. This type of system would classify based on filter first, followed by a diode-based classification.

This work was done by Deen King-Smith, Anthony Martone, and Marc Ressler of the Army Research Laboratory. For more information, download the Technical Support Package (free white paper) at www.defensetechbriefs.com/tsp under the Electronics/Computers category. ARL-0096

This Brief includes a Technical Support Package (TSP).

Reflected Signal Analysis (reference ARL-0096) is currently available for download from the TSP library.

Please Login at the top of the page to download.