CSI-RFF: Leveraging Micro-Signals on CSI for RF Fingerprinting of Commodity WiFi

This paper introduces CSI-RFF, a new framework that leverages micro-signals embedded within Channel State Information (CSI) curves to realize Radio-Frequency Fingerprinting of commodity off-the-shelf (COTS) WiFi devices for open-set authentication. The micro-signals that serve as RF fingerprints are termed ``micro-CSI''. Through experimentation, we have found that the presence of micro-CSI can primarily be attributed to imperfections in the RF circuitry. Furthermore, this characteristic signal is detectable in WiFi 4/5/6 network interface cards (NICs). We have conducted further experiments to determine the most effective CSI collection configurations to stabilize micro-CSI. Yet, extracting micro-CSI for authentication purposes poses a significant challenge. This complexity arises from the fact that CSI measurements inherently include both micro-CSI and the distortions introduced by wireless channels. These two elements are intricately intertwined, making their separation non-trivial. To tackle this challenge, we have developed a signal space-based extraction technique for line-of-sight (LoS) scenarios, which can effectively separate the distortions caused by wireless channels and micro-CSI. Over the course of our comprehensive CSI data collection period extending beyond one year, we found that the extracted micro-CSI displays unique characteristics specific to each WiFi device and remains invariant over time. This establishes micro-CSI as a suitable candidate for device fingerprinting. Finally, we conduct a case study focusing on area access control for mobile robots. Our experimental results demonstrate that the micro-CSI-based authentication algorithm can achieve an average attack detection rate close to 99% with a false alarm rate of 0% in both static and mobile conditions when using 20 CSI measurements to construct one fingerprint.