Ph.D. Dissertation Defense: Mirza Athar Baig
Wednesday, April 22
11 AM
103C Avery Hall
Zoom: https://unl.zoom.us/j/98482410393
"Utilizing Physical Layer Characteristics for Internet of Things (IoT) Security"
The proliferation of the Internet of Things (IoT) and cyber-physical systems introduces significant security and privacy challenges that traditional, computationally intensive models fail to resolve. While existing paradigms focus on the upper network layers, the physical layer remains an overlooked vector for both vulnerabilities and solutions. This dissertation demonstrates that intrinsic hardware imperfections—specifically manufacturing-induced clock circuitry variations—generate unique, unclonable fingerprints. We demonstrate that these signatures can be exploited by adversaries to compromise privacy or, conversely, harnessed to build a novel class of lightweight, passive security primitives.
This research first exposes a foundational privacy flaw in wireless IoT devices. We demonstrate that conventional network-level anonymization, such as MAC address randomization, fails to conceal unique hardware signatures. We introduce a two-phase attack framework using unsupervised statistical clustering and machine learning to de-anonymize and track devices. Achieving over 99.8% accuracy in real-world conditions, this framework exposes a critical, previously underexplored threat to IoT privacy.
Pivoting to defense, we leverage these physical layer phenomena to address security challenges where traditional cryptography is impractical. We introduce a lightweight data provenance framework that enables receivers to verify a packet's physical origin without imposing overhead on resource-constrained endpoints. This is validated through two critical infrastructure case studies: securing smart grid Phasor Measurement Units (PMUs) against hardware proxy attacks and deploying a software-only defense against GPS spoofing, which achieved up to 100% detection accuracy.
The final phase expands physical-layer analysis to the hardware supply chain, focusing on detecting malicious Trojans in Field Programmable Gate Arrays (FPGAs). We address the challenge of identifying covert circuitry within opaque, proprietary bitstreams by transforming binary configuration files into two-dimensional spatial representations of resource utilization. By applying machine learning to these spatial blueprints, our system identifies structural anomalies indicative of Ring Oscillator (RO) Trojans with over 98% accuracy, providing a scalable approach to pre-deployment hardware assurance.
Collectively, this dissertation establishes physical layer fingerprinting as a versatile security primitive. It contributes a comprehensive cross-layer security analysis, provides practical defenses for critical infrastructure, and offers open-source tools and datasets to foster reproducible research in this emergent domain.
Committee:
Dr. Muhammad Naveed Aman, Advisor
Dr. Nirnimesh Ghose
Dr. Arman Roohi
Dr. Mohammad Rashedul Hasan