Hacker News new | past | comments | ask | show | jobs | submit login

I think they have linked to the wrong paper. This paper https://cseweb.ucsd.edu/~schulman/docs/oakland24-phyobfuscat... more closely matches the article and it explains that the obfuscation is possible due to the TI CC2640 having a variable frequency synthesiser which has 16 bits of resolution. It's a clever technique but I'm not sure it is easily implemented on other chipsets. And this is only valid against one fingerprinting methodology: carrier frequency offset (CFO), there are other fingerprinting techniques which are more difficult to defend against.



Thank you for that link.

There are many flaws in the paper's approach. There is much literature on this already, it has been investigated for decades. Much of the fingerprinting used comes from non-linearities in the RF power amplifiers, not the frequency.


Most Bluetooth being GFSK means the TX chain is completely non-linear to begin with, so the frequency error is an easier target for fingerprinting. That said, most also have ramp-up and ramp-down slopes on the transmission start and end to control and shape the spectral emissions. So there might also be something to that. Still a harder thing to fingerprint than frequency errors relating to transmit center frequency and baudrate.


Indeed. For most solid-state transmitters many of these non-linearities in envelope and frequency are temperature dependent too.

The same device will give different signatures at different temps.


Could you recommend a good paper on the topic?


Google "umop ew" for a list.

UMOP stands for unintentional modulation on pulse. This will start you off with the foundation papers in the field.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: