A dense flow wireless fingerprint confusion method and system
By using real-time acquisition and dynamic scheduling of antenna configuration, a method is used to generate a mixture of fake and real signals for propagation. This solves the problem of easy leakage of physical layer fingerprints in wireless encrypted communication and achieves efficient privacy protection and anti-tracking capabilities without modifying terminal hardware.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- XI AN JIAOTONG UNIV
- Filing Date
- 2026-03-19
- Publication Date
- 2026-06-05
AI Technical Summary
In existing wireless encrypted communication technologies, physical layer fingerprints are easily extracted by attackers, leading to the leakage of user location and behavior patterns. Existing protection technologies are costly, have poor compatibility or high computational overhead, and their effectiveness is unstable.
By collecting target device signals in real time, extracting physical layer fingerprint features, deploying distributed defense nodes and differentiated antennas, dynamically and randomly scheduling antenna configurations, generating fake signals that are mixed with real signals for propagation, thus obfuscating the physical layer fingerprint.
Without modifying the terminal hardware, it effectively improves the device's privacy protection capabilities, significantly enhances its anti-tracking capabilities, and does not affect normal communication.
Smart Images

Figure CN122160760A_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of network security technology, and in particular to a method and system for obfuscating wireless fingerprints. Background Technology
[0002] With the widespread adoption of wireless encryption technologies such as Wi-Fi, Bluetooth, and IoT short-range communication, data layer encryption has become a fundamental means of ensuring information security. However, even if the data content is encrypted, the received signal strength (RSSI), channel state information (CSI), amplitude, and phase characteristics naturally carried by wireless signals during physical layer transmission can still be extracted by attackers to construct a unique physical layer fingerprint of the device. This fingerprint can be used to accurately identify and track target devices, thereby leaking sensitive privacy information such as user location and behavior patterns, posing a serious challenge to communication security and privacy protection in high-density communication scenarios.
[0003] In the existing technology, the current protection technologies against physical layer fingerprints mainly include terminal hardware modification solutions, physical layer feature algorithm disturbance solutions, and network-side active interference solutions. Specifically, firstly, terminal hardware modification schemes actively alter physical layer fingerprint characteristics to evade identification by modifying hardware parameters such as the target device's antenna structure, RF front-end gain, and transmit power, or dynamically adjusting RF characteristics such as signal transmission phase and bandwidth. However, hardware modification schemes are costly, have poor compatibility, cannot be adapted to existing devices, and easily affect normal communication quality. Secondly, physical layer feature algorithm perturbation schemes inject random noise into the baseband signal, scramble and encrypt CSI / RSSI features, or use precoding techniques to mask the real fingerprint characteristics. However, algorithm perturbation schemes rely on additional computing power from the terminal, increasing computational overhead and communication latency. The perturbation noise is easily filtered out by attackers, and the obfuscation effect is unstable. Finally, network-side active interference schemes transmit interference signals from the access point or dedicated jamming equipment to the target device's communication channel in an attempt to mask the real physical layer fingerprint. However, network-side interference schemes are highly invasive, easily interfere with legitimate devices, and the fixed interference patterns are easily evaded, limiting the scope and effectiveness of protection.
[0004] It should be noted that the information disclosed in the background section above is only used to enhance the understanding of the background of this disclosure, and therefore may include information that does not constitute prior art known to those skilled in the art. Summary of the Invention
[0005] To address the aforementioned issues, this application provides a method and system for obfuscating wireless fingerprints in encrypted wireless communication. This method effectively obfuscates the physical layer fingerprint of encrypted wireless communication without requiring modifications to the terminal hardware, significantly improving the privacy protection and anti-tracking capabilities of devices in encrypted communication scenarios.
[0006] To achieve the objectives of this application, the following technical solution is provided: In a first aspect, this application provides a method for obfuscating a secret stream wireless fingerprint, comprising: Real-time acquisition of the actual signals emitted by the target device during encryption, and extraction of physical layer fingerprint features after analog-to-digital conversion to determine the physical layer fingerprint features of the target to be obfuscated; Based on the actual signal coverage of the target device, multiple distributed defense nodes are deployed, and each defense node is configured with multiple communication antennas with different structural parameters and radio frequency characteristics; An antenna configuration selection algorithm based on random probability is executed on the communication antenna to dynamically update the communication antenna configuration status of each defense node within a preset time interval, and a communication antenna is randomly selected as the selected antenna in the current configuration status. The original bit sequence of the real wireless signal of the target device is extracted, and after being modulated by binary phase shift keying, a fake signal sequence is generated and transmitted through the selected antenna, so that the fake signal is mixed with the real signal to obfuscate the physical layer fingerprint characteristics.
[0007] Secondly, this application also provides a secret stream wireless fingerprint obfuscation system for performing the above-described secret stream wireless fingerprint obfuscation method, the system comprising: The signal acquisition module is used to acquire the real signals emitted by the target device during the encryption process in real time, and extract the physical layer fingerprint features after analog-to-digital conversion to determine the physical layer fingerprint features of the target to be obfuscated. The node configuration module is used to deploy multiple distributed defense nodes according to the actual signal coverage range of the target device, and to configure multiple communication antennas with different structural parameters and radio frequency characteristics for each defense node; The antenna configuration module is used to perform an antenna configuration selection algorithm based on random probability on the communication antenna, dynamically update the communication antenna configuration status of each defense node within a preset time interval, and randomly select a communication antenna as the selected antenna in the current configuration status. The signal obfuscation module is used to extract the original bit sequence of the real wireless signal of the target device, modulate it with binary phase shift keying, and generate and transmit a fake signal sequence through the selected antenna, so that the fake signal is mixed with the real signal to obfuscate the physical layer fingerprint features.
[0008] The technical solution provided in this application may include the following beneficial effects: The wireless fingerprint obfuscation method and system provided in this application can accurately determine the target fingerprint to be obfuscated by real-time acquisition of the real encrypted communication signal of the target device and extraction of physical layer fingerprint features. Furthermore, relying on the deployment of distributed defense nodes and antennas with differentiated radio frequency characteristics, it can achieve non-intrusive and flexible deployment without modifying the terminal hardware. At the same time, based on the random probability dynamic scheduling of antennas and the transmission of fake signals mixed with real signals, it effectively obfuscates the physical layer fingerprint and improves the privacy protection capability of devices in wireless encrypted communication.
[0009] It should be understood that the above general description and the following detailed description are exemplary and explanatory only, and are not intended to limit this disclosure. Attached Figure Description
[0010] The accompanying drawings are provided to further illustrate the present application and form part of the specification. They are used together with the embodiments of the present application to explain the application and do not constitute a limitation thereof. Obviously, the drawings described below are merely some embodiments of this disclosure, and those skilled in the art can obtain other drawings based on these drawings without any creative effort.
[0011] Figure 1 A flowchart illustrating a method for obfuscating wireless fingerprints provided in an embodiment of this application; Figure 2 A flowchart illustrating step S100 of a secret-stream wireless fingerprint obfuscation method provided in an embodiment of this application; Figure 3 A flowchart illustrating step S200 of a secret-stream wireless fingerprint obfuscation method provided in an embodiment of this application; Figure 4 A flowchart illustrating step S300 of a wireless fingerprint obfuscation method provided in an embodiment of this application; Figure 5 A flowchart illustrating step S400 of a wireless fingerprint obfuscation method provided in this application embodiment; Figure 6 This is a schematic diagram of the structure of a dense stream wireless fingerprint obfuscation system provided in an embodiment of this application. Detailed Implementation
[0012] Exemplary embodiments will now be described more fully with reference to the accompanying drawings. However, these exemplary embodiments can be implemented in many forms and should not be construed as limited to the examples set forth herein; rather, they are provided so that this disclosure will be more comprehensive and complete, and will fully convey the concept of the exemplary embodiments to those skilled in the art. The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
[0013] This example implementation first provides a method for obfuscating wireless fingerprints within a dense stream. (See reference...) Figure 1 As shown, the secret stream wireless fingerprint obfuscation method may include the following steps: Step S100: Real-time acquisition of the actual signals emitted by the target device during the encryption process, and extraction of physical layer fingerprint features after analog-to-digital conversion to determine the target physical layer fingerprint features to be obfuscated.
[0014] Step S200: Based on the actual signal coverage of the target device, deploy multiple distributed defense nodes and configure multiple communication antennas with different structural parameters and radio frequency characteristics for each defense node.
[0015] Step S300: Execute an antenna configuration selection algorithm based on random probability on the communication antenna, dynamically update the communication antenna configuration status of each defense node within a preset time interval, and randomly select a communication antenna as the selected antenna in the current configuration status.
[0016] Step S400: Extract the original bit sequence of the real wireless signal of the target device, modulate it with binary phase shift keying, and generate and transmit a fake signal sequence through the selected antenna, so that the fake signal is mixed with the real signal to confuse the physical layer fingerprint features.
[0017] The aforementioned dense-flow wireless fingerprint obfuscation method can accurately locate the physical layer fingerprint features to be obfuscated without modifying the target device's hardware or software. It achieves non-intrusive and flexible deployment by relying on distributed defense nodes and differentiated radio frequency antennas. By dynamically and randomly scheduling antennas to transmit a mixture of fake and real signals, it effectively interferes with attackers' identification and tracking of devices, significantly improving the privacy protection capabilities of wireless communication devices in dense-flow scenarios.
[0018] Below, we will refer to Figures 2 to 5 The steps of the above-described dense stream wireless fingerprint obfuscation method in this example embodiment will be described in more detail.
[0019] In step S100, the real signals emitted by the target device during the encryption process are collected in real time, and the physical layer fingerprint features are extracted after analog-to-digital conversion to determine the target physical layer fingerprint features to be obfuscated.
[0020] It should be noted that signal acquisition is completed using a dedicated wireless sniffer, requiring no software or hardware modifications to the target device throughout the process. The acquisition process does not interfere with the target device's normal encrypted communication, and physical layer fingerprint features are extracted to identify the target feature types that need to be obfuscated subsequently.
[0021] The data acquisition operation is independent of the target device's communication process, and it is a non-intrusive signal monitoring method. Analog-to-digital conversion and feature extraction are both completed on the defense-side device, without occupying the target device's computing and communication resources.
[0022] In one possible implementation, step S100 may further include the following sub-steps: In step S110, based on a preset frequency band range, the actual signals emitted by the target device during encrypted communication are collected in real time.
[0023] It should be noted that the preset frequency band range is determined based on the wireless communication protocol used by the target device, such as Wi-Fi. For the 2.4GHz / 5GHz frequency band of Fi, the wireless sniffer must support signal capture in this frequency band to ensure complete collection of the encrypted communication signals of the target device.
[0024] By deploying dedicated wireless sniffers within the target area, wireless signals transmitted by the target device are captured in real time within a preset frequency band. The captured raw analog signals are assumed to be the real signals. It can be described using a signal model.
[0025] Optionally, the expression for the real signal is:
[0026] in, For real signals, The baseband signal transmitted by the target device. This represents the impulse response of the wireless channel. It is additive white Gaussian noise.
[0027] In step S120, the real signal is converted into a discrete-time signal sequence by an analog-to-digital converter.
[0028] It should be noted that the sampling rate of the analog-to-digital converter satisfies the Nyquist sampling theorem, matches the bandwidth requirements of the target device's wireless signal, and has no signal distortion during the conversion process, providing a stable digital signal foundation for subsequent feature extraction.
[0029] The real signal r(t) is converted into a discrete-time signal sequence r[n] using an analog-to-digital converter (ADC). In the signal preprocessing stage, a bandpass filter is used to remove out-of-band interference, and a noise reduction algorithm is combined to enhance signal quality, thereby improving the accuracy and robustness of feature extraction. In step S130, physical layer fingerprint features are extracted based on the discrete-time signal sequence; the physical layer fingerprint features include received signal strength, channel state information, amplitude and phase information.
[0030] It should be noted that the four types of physical layer fingerprint features are the core basis for the identification of wireless physical layer devices and are the target features that need to be obfuscated. The Received Signal Strength Indicator (RSSI) is calculated based on N consecutive sampling points, and the result is converted into logarithmic form; the Channel State Information (CSI) estimates the channel coefficient vector H by comparing the known pilot signal s[n] with the received signal rn; the amplitude and phase information represents the received signal r[n] in complex form and performs amplitude and phase decomposition.
[0031] Optionally, the expression for the received signal strength is:
[0032] in, The received signal strength is N, and the number of sampling points used for power averaging calculation is N. The sampling point index variable represents the sampling point index of the current summing window. Each sampling offset, For at any time Discrete received signals sampled at the location; The expression for the channel state information is:
[0033] in, , Here is the channel coefficient vector, and M is the number of subcarriers. Let be the channel coefficient of the i-th subcarrier. In the first On each subcarrier, at time Discrete received signals sampled at the receiving end, In the first On each subcarrier, at time The reference signal is known at the transmitting end; The expressions for the amplitude and phase information are:
[0034] in, , , For the complex form of a discrete-time signal sequence, Instantaneous amplitude, It is the instantaneous phase; The expression for the physical layer fingerprint feature is:
[0035] in, Physical layer fingerprint features The average value of the received signal strength. The standard deviation of the received signal strength. The mean of the amplitude. The standard deviation of the amplitude. The mean of the phase. This represents the standard deviation of the phase.
[0036] In step S200, multiple distributed defense nodes are deployed according to the actual signal coverage range of the target device, and multiple communication antennas with different structural parameters and radio frequency characteristics are configured for each defense node.
[0037] It should be noted that the differentiated parameters of the communication antenna are the core hardware foundation for achieving fingerprint obfuscation. The greater the difference in the radio frequency characteristics of different antennas, the more significant the feature perturbation effect of the forged signal.
[0038] In one possible implementation, step S200 may further include the following sub-steps: In step S210, the defense area is delineated based on the actual signal coverage of the target device, and the deployment locations of distributed defense nodes are planned.
[0039] It should be noted that the defense zone must completely encompass the actual signal coverage area of the target device. Deployment points should be prioritized for locations with unobstructed views and stable signal transmission to improve the signal coverage efficiency of the defense nodes. Specifically, let the wireless signal coverage area of the target device be... The deployment locations of distributed defense nodes are planned within this area.
[0040] In step S220, within the defense area, multiple distributed defense nodes are deployed based on the deployment locations and using a non-intrusive deployment method; the distributed defense nodes satisfy the coverage constraint.
[0041] It should be noted that non-intrusion deployment means that the defense nodes are independently powered and operate, without needing to establish a physical or logical connection with the target device; the nodes can communicate with the main control system via the VirtualHere wireless protocol to achieve remote scheduling and status feedback. Multiple distributed defense nodes are deployed. The coverage constraint is satisfied.
[0042] Optionally, the coverage constraint is:
[0043] in, The number of defense nodes, Let j be the signal coverage area of the j-th defense node. This represents the actual signal coverage area.
[0044] In step S230, for each deployed distributed defense node, multiple communication antennas with different structural parameters and radio frequency characteristics are configured; the communication antennas are capable of generating and transmitting spoofed signals.
[0045] It should be noted that each defense node Configuration Antennas with different radio frequency characteristics form an antenna assembly. The aforementioned antennas exhibit inherent differences in structural parameters and radio frequency characteristics. The greater the difference, the richer the antenna's physical fingerprint. The structural parameters include size, shape, and polarization, while the radio frequency characteristics include gain, beamwidth, and phase response. The high degree of diversity in physical layer characteristics can be enhanced by selecting different models or customized antenna components.
[0046] The radio frequency response of each antenna can be modeled as a time function. ,satisfy:
[0047] in, .
[0048] The differences in response between antennas provide a rich space for physical feature perturbation of subsequent spoofed signals, thereby enhancing the signal confusion effect.
[0049] All defense nodes maintain a real-time connection with the main control system via a wireless network, receiving scheduling instructions and reporting operational status based on the VirtualHere protocol, ensuring that the defense nodes are remotely controllable and possess self-organizing response capabilities. Multiple defense nodes can work collaboratively to achieve comprehensive coverage of spoofed signals within the defense area and ensure that spoofed signals and the target device's real signals propagate mixed in the spatial and frequency domains.
[0050] Optionally, the forged signal transmission model is:
[0051] in, To forge signals, This is a baseband signal generated based on the original bit sequence of the target device using a predetermined modulation scheme. For antenna The applied radio frequency characteristic factor.
[0052] It should be noted that, due to the different antennas... The radio frequency responses of these signals differ significantly. When multiple defense nodes coordinate to transmit spoofed signals, these signals exhibit a diverse and mixed distribution in terms of physical layer characteristics. This can effectively disrupt attackers' identification of the physical fingerprint of the target device and significantly improve the strength of physical layer privacy protection.
[0053] In step S300, an antenna configuration selection algorithm based on random probability is executed on the communication antenna to dynamically update the communication antenna configuration status of each defense node within a preset time interval, and to randomly select a communication antenna as the selected antenna in the current configuration status.
[0054] It should be noted that the algorithm runs at fixed preset time intervals and dynamically switches the antenna state through a random probability mechanism to prevent attackers from identifying and confusing patterns, thereby improving the stability of physical layer fingerprint protection. The antenna configuration state only controls the antenna to turn on and off, without changing the inherent radio frequency characteristics of the antenna itself. The random selection mechanism ensures that there is no pattern to the transmission channel of the forged signal.
[0055] In one possible implementation, step S300 may include the following sub-steps: In step S310, the antenna configuration state of the distributed defense node is constructed.
[0056] It should be noted that the antenna configuration state vector dimension is consistent with the number of antennas in a single node, and the vector element value is 0 or 1, where 1 indicates that the antenna is on and 0 indicates that the antenna is off, which is used to intuitively represent the antenna working status.
[0057] Optionally, the vector of the antenna configuration state is:
[0058] in, A vector for configuring the antenna state. This represents the operating state of the i-th antenna at time t. That is, 1 indicates on and 0 indicates off.
[0059] In step S320, within each preset time interval, the communication antenna configuration status of each distributed defense node is dynamically updated based on a random probability mechanism; the update strategy includes a partial reversal strategy and a full reversal strategy.
[0060] It should be noted that the preset time interval can be adjusted according to the time-varying nature of the wireless channel, and the random variable... Following a uniform distribution U(0,1), two update strategies are randomly switched to enhance the dynamics and unpredictability of antenna configuration. Within each preset time interval Δt, the system updates the antenna configuration state based on a random probability mechanism. The partial reversal strategy is as follows: when... At that time, a subset of indexes is randomly selected from the current configuration state. The states of the antennas within the subset are inverted and mapped; that is, for The antenna, with its updated configuration, is as follows:
[0061] in, For at any time First The updated configuration state vector of the root antenna. For at any time First The configuration state vector of the root communication antenna, j This is the inverse mapping index corresponding to i.
[0062] The complete reversal strategy is: when At this time, the current antenna configuration status is inverted as a whole, and the updated configuration is represented as follows:
[0063] in, For at any time First The inverse of the root antenna configuration state vector.
[0064] Optionally, the process of dynamically updating based on a random probability mechanism is modeled as follows:
[0065] in, For the updated configuration vector, Let be a random variable generated at time t. The update function for antenna configuration.
[0066] In step S330, a communication antenna is randomly selected as the selected antenna in the updated current communication antenna configuration state.
[0067] It should be noted that random selection only applies to antennas that are currently active. All active antennas have an equal probability of being selected, resulting in an unpredictable selection process that further enhances the obfuscation effect. To further enhance the randomness and unpredictability of the configuration process, a random waiting time can be introduced within each time interval. Its value follows a uniform distribution. Through the above mechanism, the antenna activation state exhibits dynamic uncertainty in the time dimension, enabling the transmission of spoofed signals to possess highly diverse physical characteristics.
[0068] Optionally, the selection process for the selected antenna is as follows:
[0069] in, The target antenna is randomly selected. For at any time First The configuration state vector of the root antenna. This is the antenna number.
[0070] In step S400, the original bit sequence of the real wireless signal of the target device is extracted, and after being modulated by binary phase shift keying, a fake signal sequence is generated and transmitted through the selected antenna, so that the fake signal is mixed with the real signal to confuse the physical layer fingerprint features.
[0071] It should be noted that the forged signal is synchronized with the real signal in time. After being mixed and propagated, it forms a messy feature distribution at the physical layer. It does not affect the normal encrypted communication of the target device, but only interferes with the attacker's device identification behavior. Furthermore, the forged signal only reuses the original bit sequence of the real signal and does not crack the communication encryption key, which complies with the privacy and security specifications of wireless communication.
[0072] In one possible implementation, step S400 may include the following sub-steps: In step S410, the original bit sequence is extracted from the real wireless signal of the target device.
[0073] It should be noted that the original bit sequence is parsed from the physical layer data of the real signal, and only the valid data bits are extracted. It does not involve the decryption of encrypted information, and the extraction process does not interfere with normal communication.
[0074] Optionally, the original bit sequence is:
[0075] in, The original bit sequence, Let L be the i-th binary bit, and L be the length of the bit sequence.
[0076] In step S420, the original bit sequence is subjected to binary phase shift keying modulation to generate a modulated signal sequence.
[0077] It should be noted that Binary Phase Shift Keying (BPSK) is a fixed preset modulation method. The modulation rules follow general wireless communication protocols, and the generated signal sequence format is standardized and adapted to subsequent radio frequency processing.
[0078] Optionally, the modulation mapping function of the binary phase shift keying modulation is:
[0079] in, For binary phase shift keying modulation, the modulation mapping function is used. The modulated signal sequence is:
[0080] in, This is the modulated signal sequence.
[0081] In step S430, based on the antenna configuration parameters of the selected antenna, the modulated signal sequence is subjected to radio frequency level processing to generate a fake signal sequence.
[0082] It should be noted that the antenna configuration parameters are determined by the inherent RF characteristics of the selected antenna. The RF-level processing only adjusts the signal amplitude and phase, without changing the original bit sequence information, thus ensuring the effectiveness of the forged signal. This forged signal sequence differs significantly from the target device's real signal in amplitude and phase characteristics, thereby introducing new fingerprint features at the physical layer and effectively interfering with and obfuscating the device's fingerprint.
[0083] Optionally, the antenna configuration parameters are:
[0084] in, Configure the radio frequency parameters of the transmitting antenna at time t. This is the antenna's gain factor. For phase shift; The forged signal sequence is:
[0085] in, To forge a signal sequence.
[0086] In step S440, the fake signal sequence is encapsulated based on a preset frame structure to construct a complete fake signal, and the fake signal is propagated in combination with the real signal through the selected antenna.
[0087] It should be noted that the preset frame structure follows the wireless communication protocol corresponding to the target device, including preamble, data payload, error correction check code, etc., to ensure that the forged frame has the function of obfuscation but does not interfere with the normal communication process. The encapsulated forged signal can be transmitted normally and achieves physical layer fingerprint obfuscation after being superimposed with the real signal.
[0088] The forged signal frames are synchronized with the real signal of the target device in time and coexist in the wireless channel, thus forming a mixed fingerprint distribution at the physical layer, effectively interfering with the attacker's device identification and location based on features such as RSSI and CSI.
[0089] Optionally, the forged signal is:
[0090] in, To forge signals, Let T be the impulse response function of the transmit filter, and T be the symbol period.
[0091] Furthermore, this application can also introduce a real-time feedback mechanism, which monitors the received signal in the wireless channel in real time through the defense node and extracts physical layer features such as RSSI, CSI, amplitude, and phase to evaluate the obfuscation effect of the spoofed signal in real time. When insufficient obfuscation effect is detected, the system dynamically adjusts the antenna configuration, transmit power, or phase parameters based on the feedback results to change the distribution of physical layer features of the spoofed signal and improve the physical fingerprint obfuscation effect.
[0092] Furthermore, this example embodiment also provides a secret stream wireless fingerprint obfuscation system for performing the above-described secret stream wireless fingerprint obfuscation method. (See reference...) Figure 6 As shown, the system may include a signal acquisition module, a node configuration module, an antenna configuration module, and a signal mixing module.
[0093] The signal acquisition module is used to acquire the real signals emitted by the target device during the encryption process in real time, and extract the physical layer fingerprint features after analog-to-digital conversion to determine the physical layer fingerprint features of the target to be obfuscated. The node configuration module is used to deploy multiple distributed defense nodes according to the actual signal coverage range of the target device, and to configure multiple communication antennas with different structural parameters and radio frequency characteristics for each defense node; The antenna configuration module is used to perform an antenna configuration selection algorithm based on random probability on the communication antenna, dynamically update the communication antenna configuration status of each defense node within a preset time interval, and randomly select a communication antenna as the selected antenna in the current configuration status. The signal obfuscation module is used to extract the original bit sequence of the real wireless signal of the target device, modulate it with binary phase shift keying, and generate and transmit a fake signal sequence through the selected antenna, so that the fake signal is mixed with the real signal to obfuscate the physical layer fingerprint features.
[0094] Other embodiments of this disclosure will readily occur to those skilled in the art upon consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of this disclosure that follow the general principles of this disclosure and include common knowledge or customary techniques in the art not disclosed herein. The specification and examples are to be considered exemplary only, and the true scope and spirit of this disclosure are indicated by the appended claims.
[0095] The above embodiments are only used to illustrate the technical solutions of this application, and are not intended to limit it. This application is not limited to the exact structures described above and illustrated in the accompanying drawings, and it should not be considered that the specific implementation of this application is limited to these descriptions. For those skilled in the art, various changes and modifications made without departing from the concept of this application should be considered to fall within the protection scope of this application.
Claims
1. A method for obfuscating wireless fingerprints in a dense stream, characterized in that, include: Real-time acquisition of the actual signals emitted by the target device during encryption, and extraction of physical layer fingerprint features after analog-to-digital conversion to determine the physical layer fingerprint features of the target to be obfuscated; Based on the actual signal coverage of the target device, multiple distributed defense nodes are deployed, and each defense node is configured with multiple communication antennas with different structural parameters and radio frequency characteristics; An antenna configuration selection algorithm based on random probability is executed on the communication antenna to dynamically update the communication antenna configuration status of each defense node within a preset time interval, and a communication antenna is randomly selected as the selected antenna in the current configuration status. The original bit sequence of the real wireless signal of the target device is extracted, and after being modulated by binary phase shift keying, a fake signal sequence is generated and transmitted through the selected antenna, so that the fake signal is mixed with the real signal to obfuscate the physical layer fingerprint characteristics.
2. The dense-flow wireless fingerprint obfuscation method according to claim 1, characterized in that, The steps of real-time acquisition of the actual signal emitted by the target device during encryption, extraction of physical layer fingerprint features after analog-to-digital conversion, and determination of the target physical layer fingerprint features to be obfuscated include: Based on a preset frequency band range, the actual signals emitted by the target device during encrypted communication are collected in real time. The real signal is converted into a discrete-time signal sequence using an analog-to-digital converter; Physical layer fingerprint features are extracted based on the discrete-time signal sequence; the physical layer fingerprint features include received signal strength, channel state information, amplitude and phase information.
3. The dense-flow wireless fingerprint obfuscation method according to claim 2, characterized in that, The expression for the real signal is: in, For real signals, The baseband signal transmitted by the target device. This represents the impulse response of the wireless channel. It is additive white Gaussian noise; The expression for the received signal strength is: in, The received signal strength is N, and the number of sampling points used for power averaging calculation is N. Here, the sampling point index variable represents the sampling offset of the current summing window. For discrete received signals sampled at time t; The expression for the channel state information is: in, , Here is the channel coefficient vector, and M is the number of subcarriers. Let be the channel coefficient of the i-th subcarrier. In the first On each subcarrier, at time Discrete received signals sampled at the receiving end, In the first On each subcarrier, at time The reference signal is known at the transmitting end; The expressions for the amplitude and phase information are: in, , , For the complex form of a discrete-time signal sequence, Instantaneous amplitude, It is the instantaneous phase; The expression for the physical layer fingerprint feature is: in, Physical layer fingerprint features The average value of the received signal strength. The standard deviation of the received signal strength. The mean of the amplitude. The standard deviation of the amplitude. The mean of the phase. This represents the standard deviation of the phase.
4. The dense-flow wireless fingerprint obfuscation method according to claim 1, characterized in that, The step of deploying multiple distributed defense nodes based on the actual signal coverage range of the target device, and configuring multiple communication antennas with different structural parameters and radio frequency characteristics for each defense node, includes: The defense zone is delineated based on the actual signal coverage of the target device, and the deployment locations of distributed defense nodes are planned. Within the defense area, multiple distributed defense nodes are deployed based on the deployment locations and using a non-intrusive deployment method; the distributed defense nodes satisfy coverage constraints. For each deployed distributed defense node, multiple communication antennas with different structural parameters and radio frequency characteristics are configured; the communication antennas are capable of generating and transmitting spoofed signals.
5. The dense-flow wireless fingerprint obfuscation method according to claim 4, characterized in that, The coverage constraint is: in, The number of defense nodes, Let j be the signal coverage area of the j-th defense node. This represents the actual signal coverage area. The forged signal transmission model is as follows: in, To forge signals, This is a baseband signal generated based on the original bit sequence of the target device using a predetermined modulation scheme. For antenna The applied radio frequency characteristic factor.
6. The dense-flow wireless fingerprint obfuscation method according to claim 1, characterized in that, The step of performing an antenna configuration selection algorithm based on random probability on the communication antenna, dynamically updating the communication antenna configuration status of each defense node within a preset time interval, and randomly selecting a communication antenna as the selected antenna in the current configuration status includes: Construct the antenna configuration status of the distributed defense nodes; Within each preset time interval, the communication antenna configuration status of each distributed defense node is dynamically updated based on a random probability mechanism; the update strategy includes a partial reversal strategy and a full reversal strategy. In the updated current communication antenna configuration, a communication antenna is randomly selected as the selected antenna.
7. The dense-flow wireless fingerprint obfuscation method according to claim 6, characterized in that, The vector of the antenna configuration state is: in, For at any time The vector representing the antenna configuration state. This represents the operating state of the i-th antenna at time t; The process of dynamic updating based on a random probability mechanism is modeled as follows: in, For at any time The updated antenna configuration state vector. Let be a random variable generated at time t. An update function for antenna configuration; The partial reversal strategy is as follows: when At that time, a subset of indices is randomly selected from the current configuration state, and the state of the antennas within the subset is reversed and mapped. The complete reversal strategy is: when At that time, the overall configuration status of all antennas is inverted. The process for selecting the chosen antenna is as follows: in, The target antenna is randomly selected. For at any time First The configuration state vector of the root antenna. This is the antenna number.
8. The dense-flow wireless fingerprint obfuscation method according to claim 1, characterized in that, The step of extracting the original bit sequence of the real wireless signal of the target device, modulating it with binary phase shift keying, and then generating and transmitting a fake signal sequence through the selected antenna to mix the fake signal with the real signal to obfuscate the physical layer fingerprint features includes: Extract the original bit sequence from the actual wireless signal of the target device; The original bit sequence is subjected to binary phase shift keying modulation to generate a modulated signal sequence; Based on the antenna configuration parameters of the selected antenna, the modulated signal sequence is processed at the radio frequency level to generate a fake signal sequence; The forged signal sequence is encapsulated based on a preset frame structure to construct a complete forged signal, and then the forged signal is mixed with the real signal and propagated through the selected antenna.
9. The dense-flow wireless fingerprint obfuscation method according to claim 8, characterized in that, The original bit sequence is: in, The original bit sequence, Let L be the i-th binary bit, and L be the length of the bit sequence. The modulation mapping function of the binary phase shift keying modulation is: in, For binary phase shift keying modulation, the modulation mapping function is used. The modulated signal sequence is: in, The modulated signal sequence; The antenna configuration parameters are as follows: in, Configure the radio frequency parameters of the transmitting antenna at time t. This is the antenna's gain factor. For phase shift; The forged signal sequence is: in, To forge a signal sequence; The forged signal is: in, To forge signals, Let T be the impulse response function of the transmit filter, and T be the symbol period.
10. A dense-flow wireless fingerprint obfuscation system, characterized in that, The system is used to execute the dense stream wireless fingerprint obfuscation method as described in any one of claims 1 to 9, the system comprising: The signal acquisition module is used to acquire the real signals emitted by the target device during the encryption process in real time, and extract the physical layer fingerprint features after analog-to-digital conversion to determine the physical layer fingerprint features of the target to be obfuscated. The node configuration module is used to deploy multiple distributed defense nodes according to the actual signal coverage range of the target device, and to configure multiple communication antennas with different structural parameters and radio frequency characteristics for each defense node; The antenna configuration module is used to perform an antenna configuration selection algorithm based on random probability on the communication antenna, dynamically update the communication antenna configuration status of each defense node within a preset time interval, and randomly select a communication antenna as the selected antenna in the current configuration status. The signal obfuscation module is used to extract the original bit sequence of the real wireless signal of the target device, modulate it with binary phase shift keying, and generate and transmit a fake signal sequence through the selected antenna, so that the fake signal is mixed with the real signal to obfuscate the physical layer fingerprint features.