This work addresses security vulnerabilities in radio-frequency fingerprint identification (RFFI), where deep learning models are susceptible to model copying, tampering, and evasion attacks. To this end, we propose a verifiable and tamper-resistant LoRa device authentication system. Methodologically, it integrates triple ownership watermarking—comprising adversarial training–based embedding, gradient-weight signature, and VAE latent-space watermarking—with out-of-distribution anomaly detection enabled by a convolutional variational autoencoder (with KL annealing and free-bits regularization). Feature extraction employs ResNet-34 on log-Mel spectrograms. Evaluated on a LoRa dataset, the system achieves 94.6% classification accuracy, 98% watermark success rate, and an AUROC of 0.94 for anomaly detection. These results demonstrate significant improvements in both model copyright protection and input robustness, thereby enhancing the security and practicality of RFFI systems.

Radio frequency fingerprint identification (RFFI) distinguishes wireless devices by the small variations in their analog circuits, avoiding heavy cryptographic authentication. While deep learning on spectrograms improves accuracy, models remain vulnerable to copying, tampering, and evasion. We present a stronger RFFI system combining watermarking for ownership proof and anomaly detection for spotting suspicious inputs. Using a ResNet-34 on log-Mel spectrograms, we embed three watermarks: a simple trigger, an adversarially trained trigger robust to noise and filtering, and a hidden gradient/weight signature. A convolutional Variational Autoencoders (VAE) with Kullback-Leibler (KL) warm-up and free-bits flags off-distribution queries. On the LoRa dataset, our system achieves 94.6% accuracy, 98% watermark success, and 0.94 AUROC, offering verifiable, tamper-resistant authentication.