ESP32 Wi-Fi Fingerprinting for Device Authentication

ISEF Category: Embedded Systems

Subcategory: Networking and Data Communications  ·  Difficulty: Advanced  ·  Setup: University Lab  ·  Time: Full Year

The Hook

Two ESP32 boards can run the same code and still not look identical to a Wi-Fi receiver. Tiny hardware quirks leave a signal trace behind. That trace can act like a fingerprint. You can test whether those fingerprints can stop cloned IoT devices.

What Is It?

This project studies physical-layer fingerprinting, which means identifying a device from tiny traits in its wireless signal rather than from its software name or MAC address. CSI, or channel-state information, describes how a Wi-Fi signal changes as it travels from sender to receiver. If you think of each board as a singer, CSI is the sound of the room plus the singer’s voice, and the small hardware differences are part of that voice.

ESP32 boards make a good test platform because they are cheap, common, and easy to program. Even boards from the same model line can have slight differences in transmit power, oscillator drift, antenna behavior, and analog circuitry. A classifier can try to learn those patterns and decide whether a signal came from one specific board or from an impostor. This matters for IoT security, where attackers may copy software or spoof network IDs but still struggle to copy the physical signal behavior.

Why This Is a Good Topic

This is a strong science fair topic because the question is measurable, real, and hard to fake. You can test whether wireless fingerprints stay stable across different distances, channels, or device settings, and you can turn that into accuracy, precision, and confusion-matrix data. It connects to a real security problem, cloned IoT devices, and it gives you a clear path to original analysis if you compare feature sets, models, or environmental conditions.

Research Questions

• How does receiver distance affect CSI-based identification accuracy for individual ESP32 devices?
• What is the effect of changing Wi-Fi channel on the stability of device fingerprints?
• Does a classifier trained on one room still identify the same ESP32 boards in a different room?
• To what extent do temperature changes alter the separability of CSI fingerprints from the same device set?
• Which feature set, raw CSI, summary statistics, or frequency-domain features, gives the best device classification accuracy?
• What is the effect of adding more sample packets per device on false accept and false reject rates?

Basic Materials

• Multiple ESP32 development boards with Wi-Fi support.
• One Wi-Fi-capable laptop or desktop computer.
• Router or access point with configurable channel settings.
• USB cables for each board.
• Stable test table or other fixed mounting surface.
• Ruler or tape measure for repeatable placement.
• Notebook or spreadsheet for logging runs.
• Optional external antenna boards, if your setup supports them.

Advanced Materials

• Multiple ESP32 development boards from the same model batch and from different batches.
• One or more Wi-Fi sniffing or CSI capture setups compatible with ESP32 firmware and drivers.
• Dedicated access point with manual channel and power control.
• RF shielded or low-interference test space.
• Temperature sensor or environmental monitor.
• Reference radio hardware for calibration checks.
• Higher precision mounting fixtures for repeatable geometry.
• External antenna options for controlled comparisons.

Software & Tools

• Python: Cleans CSI data, extracts features, trains classifiers, and scores identification accuracy.
• Jupyter Notebook: Lets you document preprocessing, model choices, and plots in one place.
• scikit-learn: Provides baseline classifiers, cross-validation tools, and confusion matrices.
• pandas: Organizes packet records, labels, and metadata in tables.
• Matplotlib: Plots feature distributions, receiver drift, and model performance.

Experiment Steps

1. Define the attack question you want to test, such as whether one ESP32 can impersonate another under fixed conditions.
2. Choose the device identity signal you will analyze, then decide whether you will use raw CSI values or engineered features.
3. Design a capture plan that keeps geometry, channel, and device settings controlled while you vary one factor at a time.
4. Build a labeling scheme and split strategy so packets from the same device do not leak between training and test sets.
5. Select a classifier and evaluation metric that match the security goal, such as accuracy, false accept rate, and false reject rate.
6. Plan stress tests that check whether the fingerprint still works when the room, distance, or channel changes.

Common Pitfalls

• Mixing packets from the same capture session into both training and test sets, which inflates accuracy.
• Letting device position shift between runs, which changes the radio path more than the board fingerprint.
• Ignoring channel interference from nearby Wi-Fi traffic, which adds noise that masks device differences.
• Treating one strong classifier score as proof, which hides unstable performance across devices or sessions.
• Using too few boards, which makes the fingerprint look better than it is because the class set is too small.

What Makes This Competitive

A class-level version of this project stops at one classifier and one accuracy score. A stronger entry compares multiple feature pipelines, tests more than one environment, and reports errors with confusion matrices, ROC-style metrics, or false accept rates. You can push it further by asking whether the fingerprint survives device resets, antenna swaps, or cross-room transfer. That kind of analysis looks more like real security work than a simple demo.

Project Variations

• Test whether CSI fingerprints still work after an ESP32 firmware update.
• Compare fingerprint accuracy for boards from the same production batch versus different batches.
• Measure whether model performance changes when you move from one access point to another.

Learn More

• ESP32 Technical Reference Manual: Search the Espressif documentation for Wi-Fi and PHY details on ESP32 hardware.
• Espressif ESP-IDF Programming Guide: Find official setup, Wi-Fi, and radio configuration notes in the Espressif docs.
• IEEE Xplore: Search for review articles on physical-layer device fingerprinting and wireless authentication.
• PubMed: Search for review articles on wireless sensing and signal-based authentication methods.
• MIT OpenCourseWare, Digital Communications: Use lecture notes to review channel behavior, noise, and signal classification basics.