Cyber-Physical System (CPS) 已經應用於許多的安全關鍵系統(Safty-Critical Ssystem, SCS)，其設備故障或功能異常可能嚴重危害到生態環境、硬體設備，甚 至是人們的生命安全，例如:例如病人監視器、鐵路系統、飛機飛行控制、核電 站控制和軍事裝置等。其中，電子健康照護 (eHealth) 是台灣相當重視的 CPS 應用 之一，其中低功耗藍牙被廣泛用於 eHealth CPSs 物聯網應用中的生理監控器、心 律調節器、注射幫浦。這些物聯網設備的功能異常將可能導致使用者生命財產的 傷害甚至死亡。例如，攻擊者可以捕獲從醫療設備發送的無線電信號，然後重放 無線訊號進行攻擊以引起 CPS 的故障。
我們提出了一種基於射頻(RF)指紋技術的識別方法。此方法利用機器學習 (Machine Learning, ML)來學習無線電信號的固有缺陷，然後用於區分各個無線 設備。在此研究中的識別框架可以用作物理 (Physical Layer, PHY) 和媒體訪問控制層 (Media Access Control, MAC) 之間的獨立保護。此外，它可以用於並可配合網 路第二層以上的資安防護技術 (Network Layer 至 Application Layer) 諸如基於密碼
學之身份識別與驗證機制，增加惡意攻擊者攻擊成功的難度。
實驗結果表明，此方法的識別率可以達到 93 至 100 的準確率。與現有需要通 道 (wireless channel) 屬性或瞬態屬性的 RF 識別方法相比，我們的方法不會因為更 改設備的位置而影響到識別準確率。我們使用嵌入在無線信號中的固有發射器屬 性實現可擴展的安全識別，無需任何額外的硬體成本，並且由於無線訊號發射器 屬性在現有無線通訊架構中是必要的運算，因此透過 RF 進行識別能大幅降低設 備識別機制整體所需的運算資源。此外，此方法可以應用於任何網絡拓撲，並且 接收器中的機器學習可以在已存在於 IoT 節點中的應用處理器上實現。

CPS has been applied to several Safety-Critical Systems (SCS) whose failure or mal- function could severely harm the environment, equipment, or even human lives. Some well- known examples such as patient monitors, railway system, aircraft flight control, nuclear power station control, and military devices. In particular, eHealth is one of the most important CPS applications in Taiwan. For the mobility of devices, Bluetooth Low Energy (BLE) has been utilized in all aspects of eHealth CPS for IoT applications, which failure or incorrectly behave may lead to injury or death to people. For instance, ad- versaries could capture the radio signal transmitted from medical devices then do replay attacks for causing malfunctions of a CPS.
We proposed an identification method based on Radio Frequency (RF) fingerprint- ing technique. This approach leverages Machine Learning (ML) to learn the inherent imperfections of radio signals then used to distinguish individual wireless devices. The proposed identification framework could be used as stand-alone protection between the Physical and Media Access Control layers. Moreover, which can be used to support exist- ing identification and authentication mechanisms which applied in the upper-layers such as cryptosystems.
Compared to the PUF-based identification that requires the channel properties, our method does not affect by changing device locations and does not impose any implementa- tion overhead on the transmitters. This method enables distinguish wireless devices even which were made from the same vendor and the same batch of raw materials, without any extra hardware cost and any requirement for channel-based or key-based identification. The proposed method can be applied to any network topologies, and the machine learning in the receiver can be implemented on an application processor (onboard, already present in modem IoT nodes).

[1] S. Madden, M. J. Franklin, J. M. Hellerstein, and W. Hong, “Tag: A tiny aggregation service for ad-hoc sensor networks,” in Proceedings of the 5th Symposium on Operating Systems Design and Implementation (OSDI), vol. 36, (Boston, Massachusetts, USA), pp. 131–146, ACM, Dec 2002.
[2] M. Shafique, F. Khalid, and S. Rehman, “Intelligent security measures for smart cyber physical sys- tem,” in 21st Euromicro Conference on Digital System Design (DSD), IEEE, 2018.
[3] A.Humayed,J.Lin,F.Li,andB.Luo,“Cyber-physicalsystemssecurity–asurvey,”inIEEEInternet of Things Journal, vol. 4, pp. 1802–1831, 2017.
[4] M. Kompara and M. Holbl, “Survey on security in intra-body area network communication,” in Ad Hoc Network, Nov. 2017.
[5] H. Zhao, R. Xu, M. Shu, and J. Hu, “Physiological-signal-based key negotiation protocols for body sensor networks: A survey,” vol. 0, p. 1–13, 2016.
[6] A. R. Cheema, M. Alsmadi, and S. Ikki, “Survey of identity-based attacks detection techniques in wireless networks using received signal strength,” in IEEE Canadian Conference on Electrical and Computer Engineering (CCECE), IEEE, 2018.
[7] T. Salman and R. Jain, “A survey of protocols and standards for internet of things,” in Advanced Computing and Communications, vol. 1, pp. 1–20, 2017.
[8] and W. C. Headley, , and A. J. Michaels, “Specific emitter identification using convolutional neural network-based iq imbalance estimators,” IEEE Access, vol. 7, pp. 33544–33555, 2019.
[9] A.Longo,M.Rizzi,D.Amendolare,S.Stanisci,R.Russo,G.Cice,andM.DAloia,“Localizationand monitoring system based on ble fingerprint method,” in CEUR Workshop Proceedings 2017 Workshop on Artificial Intelligence with Application in Health (WAIAH), vol. 1982, pp. 25–32, 2017.
[10] J. Chen, S. Wang, M. Ouyang, Y. Chen, and Y. Xuan, “Iterative positioning algorithm of the target node based on distance correction in wsn,” in Preprints, 2019.
[11] C. Ke, M. Wu, Y. Chan, and K. Lu, “Developing a ble beacon-based location system using location fingerprint positioning for smart home power management,” Energies, vol. 11, 2018.
[12] A. Chattopadhyay, A. Prakash, and M. Shafique, “Secure cyber-physical systems: Current trends, tools, and open research problems,” in Design, Automation and Test in Europe Conference and Exhi- bition (DATE), pp. 132–145, IEEE, 2017.
[13] K.Wan,“Investigationoncompositionmechanismsforcyberphysicalsystems,”InternationalJour- nal of Design, Analysis and Tools for Circuits and Systems, vol. 2, pp. 30–40, 2011.
[14] J.Knight,“Safetycriticalsystems:challengesanddirections,”inProceedingsofthe24thInternational Conference on Software Engineering (ICSE), pp. 547–550, IEEE, 2002.
49
[15] R. Raval, A. Maskus, B. Saltmiras, M. Dunn, P. J. Hawrylak, and J. Hale, “Competitive learning environment for cyber-physical system security experimentation,” in 1st International Conference on Data Intelligence and Security (ICDIS), IEEE, 2018.
[16] P.Rizwan,U.Pradesh,M.R.Babu,B.Balamurugan,andK.Suresh,“Real-timebigdatacomputing for internet of things and cyber physical system aided medical devices for better healthcare,” in Majan International Conference (MIC), IEEE, 2018.
[17] M.Jbair,B.Ahmad,M.H.Ahmad,andR.Harrison,“Industrialcyberphysicalsystems:Asurveyfor control-engineering tools,” in IEEE Industrial Cyber-Physical Systems (ICPS), IEEE, 2018.
[18] S. Sridhar, A. Hahn, and M. Govindarasu, “Cyber–physical system security for the electric power grid,” vol. 100, pp. 210–224, Jan 2012.
[19] C.-S.ChengandM.-S.Tseng,“Studyonhealthinsuranceburdenofelderness,”2009.
[20] Y.-T.Dai,F.P.Lai,andH.-S.Chen,“Preventivecare:Telehealthcareforchronicdiseases,”vol.15:2, pp. 143–150, 2011.
[21] P.-Y. Lin, “The empirical study of chronic diseases based on taiwan national health insurance database,” 2013.
[22] W.-W.LiandW.-S.Lai,“Theuseoftelemedicineinterventionstoimprovehypertensionmanagement among racial ethnic minorities: A systematic review,” vol. 63:4, pp. 25–34, 2016.
[23] T.-P.Hsu,P.-Y.Chuang,andY.-L.Ho,“Theapplicationoftelehealthcareforpatientswithcardiovas- cular diseases,” vol. 15:2, pp. 157–163, 2011.
[24] A. A. C. ́rdenas, B. S. S. Amin, A. Perrig, and S. Sastry, “Challenges for securing cyber physical systems,” in Workshop on Cyber-physical Systems Security, pp. 363–369, 2006.
[25] D.C.Neuman,“Challengesinsecurityforcyber-physicalsystems,”inWorkshoponFutureDirections in Cyber-Physical Systems Security, pp. 1–2, 2009.
[26] A.Burg,A.Chattopadhyay,andK.-Y.Lam,“Wirelesscommunicationandsecurityissuesforcyber– physical systems and the internet-of-things,” in Proceedings of the IEEE, vol. 106, pp. 38–60, 2018.
[27] M.Technology,“Bluetoothlowenergyphysicallayer„”tech.rep.
[28] “Bluetoothcorespecificationversion4.0,”tech.rep.,BluetoothSIG,2010.
[29] M. A. Ameen, J. Liu, and K. Kwak, “Security and privacy issues in wireless sensor networks for healthcare applications,” vol. 36, p. 93–101, 2012.
[30] S.Malladi,J.Alves-Foss,andR.B.Heckendorn,“Onpreventingreplayattacksonsecurityprotocols,” 2002.
[31] T.Halperin,T.Heydt-Benjamin,B.Ransford,S.Clark,B.Defend,W.Morgan,K.Fu,T.Kohno,and W. Maisel, “Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses,” in In Security and Privacy,, pp. 129–142, IEEE Symposium, 2008.
50

[32] C. Li, A. Raghunathan, and N. Jha, “Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system,” in e-Health Networking Applications and Services (Healthcom), pp. 150– 156, 13th IEEE International Conference, June 2011.
[33] S.Gollakota,H.Hassanieh,B.Ransford,D.Katabi,andK.Fu,“Theycanhearyourheartbeats:Non- invasive security for implantable medical devices,” in SIGCOMM Comput. Commun., vol. 41, pp. 2– 13, August 2011.
[34] M.Azarmehr,A.Mehta,andR.Rashidzadeh,“Wirelessdeviceidentificationusingoscillatorcontrol voltage as rf fingerprint,” in In Proceedings of the 2017 IEEE 30th Canadian Conference on Electrical and Computer Engineering (CCECE), (Windsor, ON, Canada), pp. 1–4, May 2017.
[35] F. Guo and T. C. Chiueh, “Sequence number-based mac address spoof detection,” in International Workshop on Recent Advances in Intrusion Detection, p. 309–329, 2005.
[36] Y.Zou,J.Zhu,X.Wang,andL.Hanzo,“Asurveyonwirelesssecurity:Technicalchallenges,recent advances, and future trends,” in Proceedings of the IEEE, vol. 104, pp. 1727–1765, IEEE, September 2016.
[37] M.Conti,N.Dragoni,andV.Lesyk,“Asurveyofmaninthemiddleattacks,”inIEEECommunications Surveys Tutorials, vol. 18, p. 2027–2051, 2016.
[38] S. Bao, C. Y. P. Carmen, L. Shen, and Y. Zhang, “Authenticated symmetric-key establishment for medical body sensor networks,” The Journal of Electronic, vol. 24, pp. 421–427, 2007.
[39] K.M.Sharmilee,R.Mukesh,A.Damodaram,andV.S.Bharathi,“Securewbanusingrule-basedids with biometrics and mac authentication,” in 10th IEEE Intl. Conf. e-Health Networking, Appl., p. 102– 107, 2008.
[40] R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key crypto systems,” in Commun. ACM, vol. 21, p. 120–126, ACM, Feb 1978.
[41] C. Huang, H. Lee, and D. H. Lee, “A privacy-strengthened scheme for e-healthcare monitoring sys- tem,” The Journal of Medical Systems, vol. 36, p. 2959–2971, 2012.
[42] R. Pappu, Physical One-Way Functions. PhD thesis, Massachusetts Institute of Technology, 2001.
[43] P.Tuyls,G.-J.Schrijen,B.Skoric,J.vanGeloven,N.Verhaegh,andR.Wolters,“Read-proofhardware from protective coatings,” in Conference on Cryptographic Hardware and Embedded Systems (CHES), (Yokohama, Japan), p. 369–383, 2006.
[44] D. Holcomb, W. Burleson, and K. Fu, “Initial sram state as a fingerprint and source of true random numbers for rfid tags,” in Proceedings of the Conference on RFID Security, (Malaga, Spain), 2007.
[45] B.Chatterjee,D.Das,S.Maity,andS.Sen,“Rf-puf:Enhancingiotsecuritythroughauthenticationof wireless nodes using in-situ machine learning,” IEEE Internet of Things Journal, 2018.
51

[46] B.Chatterjee,D.Das,andS.Sen,“Rf-puf:Iotsecurityenhancementthroughauthenticationofwireless nodes using in-situ machine learning,” IEEE International Symposium on Hardware Oriented Security and Trust (HOST), pp. 205–208, 2018.
[47] D. Kirovski and G. DeJean, “Identifying rf-dna instances via phase differences,” in IEEE Antennas and Propagation Society International Symposiu, (Charleston, SC, USA), pp. 1–4, 2009.
[48] M. D. Williams, M. A. Temple, and D. R. Reising, “Augmenting bit-level network security using physical layer rf-dna fingerprinting,” in IEEE Global Telecommunications Conference (GLOBECOM), (Miami, FL, USA), pp. 1–6, 2010.
[49] S.U.Rehman,K.W.Sowerby,andC.Coghill,“Radio-frequencyfingerprintingformitigatingprimary user emulation attack in low-end cognitive radios,” in IET Communication, vol. 8, p. 1274–1284, 2014.
[50] S.U.Rehman,K.W.Sowerby,S.Alam,andI.Ardekani,“Portabilityofanrffingerprintofawireless transmitter,” in IEEE Int. Conf. Commun. Network Security (CNS), (San Francisco, USA), pp. 151– 156, 2014.
[51] U.J.etal.,“Blockpro:Blockchainbaseddataprovenanceandintegrityforsecureiotenvironments,” in The 1st Workshop on Blockchain-enabled Networked Sensor Systems (BlockSys), (New York, NY, USA), ACM, November 2018.
[52] M. W. et al., “Safety and security in cyber-physical systems and internet-of-things systems,” in in Proceedings of the IEEE, vol. 106, pp. 9–20, 2018.
[53] D. Ma, C. Qian, W. Li, and J. H. Geneprint, “Generic and accurate physical-layer identification for uhf rfid tags,” in IEEE Int. Conf. Network Protocols (ICNP), (Gottingen, Germany), pp. 1–10, 2013.
[54] P. J. O. Doets and R. L. Lagendijk, “Distortion estimation in compressed music using only audio fingerprints,” IEEE Trans., vol. 16, pp. 302–317, Feb. 2008.
[55] L. Xiao, L. Greenstein, N. Mandayam, and W. Trappe, “Fingerprints in the ether: Using the physical layer for wireless authentication,” in IEEE International Conference on Communications, 2007.
[56] L.Xiao,A.Reznik,W.Trappe,C.Ye,Y.Shah,L.Greenstein,andN.Mandayam,“Phy-authentication protocol for spoofing detection in wireless networks,” in IEEE Global Telecommunications Conference (GLOBECOM), 2010.
[57] D.A.KnoxandT.Kunz,“Practicalrffingerprintsforwirelesssensornetworkauthentication,”inInt. Wireless Commun. Mobile Computing Conf. (IWCMC), p. 531–536, 2012.
[58] T. D. VoHuu, T. D. VoHuu, and G. Noubir, “Fingerprinting wi-fi devices using software defined ra- dios,” in ACM Conference Security Privacy in Wireless and Mobile Networks(WiSec), 2016.
[59] D.A.KnoxandT.Kunz,“Agc-basedrffingerprintsinwirelesssensornetworksforauthentication,”in IEEE Int. Symp. on A World of Wireless Mobile and Multimedia Networks (WoWMoM), 2010.
52

[60] G. Huang, Y. Yuan, X. Wang, and Z. Huang, “Specific emitter identification based on nonlinear dy- namical characteristics,” Canadian Journal of Electrical and Computer Engineering, 2016.
[61] F.DemersandM.St-Hilaire,“Radiometricidentificationofltetransmitters,”inIEEEGlobalTelecom- mun. Conf. (GLOBECOM), 2014.
[62] P.Robyns,E.Marin,W.Lamotte,P.Quax,D.Singele,andB.Preneel,“Physical-layerfingerprinting of lora devices using supervised and zero-shot learning,” in ACM Conf. Security Privacy in Wireless and Mobile Networks (WiSec), 2017.
[63] G.Zhang,L.Xia,S.Jia,andY.Ji,“Identificationofclonedhfrfidproximitycardsbasedonrffinger- printing,” in IEEE Int. Conf. on Trust, Security and Privacy in Computing and Commun. (TrustCom), 2016.
[64] C.G.WheelerandD.R.Reising,“Assessmentoftheimpactofcfoonrf-dnafingerprintclassification performance,” in Int. Conf. Computing Networking and Commun. (ICNC), 2017.
[65] Y.Xing,A.Hu,J.Zhang,L.Peng,andG.Li,“Onradiofrequencyfingerprintidentificationfordsss systems in low snr scenarios,” IEEE Communications Letters, 2018.
[66] L.Peng,A.Hu,J.Zhang,Y.Jiang,J.Yu,andY.Yan,“Designofahybridrffingerprintextractionand device classification scheme,” IEEE Internet of Things Journal, 2018.
[67] R.W.Klein,M.A.Temple,andM.J.Mendenhall,“Applicationofwavelet-basedrffingerprintingto enhance wireless network security,” J. Commun. Networks, vol. 11, p. 544–555, 2012.
[68] H.J.Patel,M.A.Temple,andR.O.Baldwin,“Improvingzigbeedevicenetworkauthenticationusing ensemble decision tree classifiers with radio frequency distinct native attribute fingerprinting,” IEEE Trans. Rel., vol. 64, p. 221–233, 2015.
[69] H.YuanandA.Hu,“Preamble-baseddetectionofwi-fitransmitterrffingerprints,”IETElectron.Lett, vol. 46, p. 1165–1167, 2005.
[70] H. Patel, “Non-parametric feature generation for rf-fingerprinting on zigbee devices,” in IEEE Sym- posium, Computational Intelligence for Security and Defense Applications (CISA), 2015.
[71] T. J. Bihl, K. W. Bauer, , and M. A. Temple, “Feature selection for rf fingerprinting with multiple discriminant analysis and using zigbee device emissions,” IEEE Trans. Inf. Forensics Security, vol. 11, p. 1862–1874, 2016.
[72] B.DanevandS.Capkun,“Transient-basedidentificationofwirelesssensornodes,”inIEEEComputer Society, Information Processing in Sensor Networks, 2009.
[73] J.N.SamuelandW.P.duPlessis,“Specificemitteridentificationforenhancedaccesscontrolsecurity,” SAIEE African Research Journal (ARJ), vol. 108, pp. 71–79, June 2018.
[74] P. Hao, X. Wang, and W. Shen, “A collaborative phy-aided technique for end-to-end iot device au- thentication,” IEEE Access, vol. 6, pp. 42279–42293, 2018.
53

[75] “Bluetoothadvanced,”tech.rep.,ACE.Solution.
[76] M.Hall,E.Frank,G.Holmes,B.Pfahringer,P.Reutemann,andI.H.Witten,“Thewekadatamining
software: An update,” SIGKDD Explor. Newsl., vol. 11, pp. 10–18, 2009.
[77] I.Ben-Gal,“Bayesiannetworks,”tech.rep.,JohnWileyandSons,2008.
[78] G.Nguefack-Tsague,“Usingbayesiannetworkstomodelhierarchicalrelationshipsinepidemiological studies,” Epidemiol Health, 2011.
[79] C.-C. Chang and C.-J. Lin, “Libsvm: A library for support vector machines,” ACM Transactions on Intelligent Systems and Technology, 2011.
[80] P.MISHRAandA.GIRI,“Reviewofsystemidentificationusingneuralnetworktechniques,”Inter- national Journal of Electrical, Electronics and Data Communication, vol. 2, July 2014.
[81] H.SHARMAandS.KUMAR,“Asurveyondecisiontreealgorithmsofclassificationindatamining,” International Journal of Science and Research (IJSR), p. 2094–2097, 2016.
[82] K. Fawagreh, M. M. Gaber, and E. Elyan, “Random forests: from early developments to recent ad- vancements,” Systems Science and Control Engineering Journal, p. 602–609, September 2014.
[83] M. Hamedi, S. H. Salleh, A. M. Noor, T. T. Swee, and I. K. Afizam, “Comparison of different time- domain feature extraction methods on facial gestures’ emgs,” in Progress In Electromagnetics Re- search Symposium Proceedings, (KL,MALAYSIA), pp. 1897–1900, 2012.
[84] R. Fu, Y. Ye, N. Yang, and K. Pahlavan, “Doppler spread analysis of human motions for body area network applications,” in IEEE 22nd International Symposium on Personal, Indoor and Mobile Radio Communications, 2011.
[85] P. Robyns, P. Quax, and W. Lamotte, “Phy-layer security is no alternative to cryptography,” in Pro- ceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks - WiSec ’17, ACM Press, (New York, New York, USA), pp. 160–162, 2017.
[86] B. Danev, H. Luecken, S. Capkun, and K. E. Defrawy, “Attacks on physical-layer identification,” in In Proceedings of the third ACM conference on Wireless network security, pp. 89–98, ACM, 2010.
[87] V. Va and R. W. Heath, “Basic relationship between channel coherence time and beam width in ve- hicular channels,” in In Proc. IEEE 82nd Veh. Technol. Conf., pp. 1–5, Sep. 2015.
[88] X. Wang, P. Hao, and L. Hanzo, “Physical-layer authentication for wireless security enhancement: Current challenges and future development,” IEEE Commun. Mag., vol. 56, pp. 152–158, Jun. 2016.