Data Injection Attacks against Radio Frequency Fingerprinting Models

Abstract

Radio Frequency (RF) fingerprinting is a technology widely used in applications like device authentication. It takes advantage of the unique characteristics of RF signals to identify devices. However, malicious actors can misuse these same features to compro- mise user privacy and track devices without permission. In this work, we approach the topic from an attacker’s perspective, simulating a scenario where an attacker can inject malicious data into the model at two points: 1. Substitu- tion; by injecting malicious data during data collection, and 2. Addition; by injecting malicious data after data collection. The difference in the effort required by the attacker to complete the attack successfully is showcased in both scenarios. Such a method can be used by an attacker to establish persistence into a system that he has gained initial ac- cess into. However, with continuous, and seemingly legitimate access to the system, an attacker can carry out more complex attacks that span for longer periods. In addition, such an attack can be difficult to detect as the identification model does not consider him as an intruder, and therefore no alarms would be raised. This study aims to shed light on the dual nature of RF fingerprinting—its value for legitimate use and its potential for misuse. The results emphasize the importance of developing privacy-preserving measures to protect against adversarial use while main- taining the benefits this technology offers.

Date of Award	2025
Original language	American English
Awarding Institution	HBKU College of Science and Engineering