ABSTRACT
We propose a new fingerprinting technique that differentiates between unique devices over a Wireless Local Area Network (WLAN) simply through the timing analysis of 802.11 probe request frames. Our technique can be applied to spoof detection, network reconnaissance, and implementation of access control against masquerading attacks. Experimental results indicate that our technique is consistent and accurate in differentiating between unique devices. In contrast with existing wireless fingerprinting techniques, our technique is passive, non-invasive and does not require the co-operation of fingerprintee hosts.
- AirDefense. Website, 2007, http://www.airdefense.net/index.php.Google Scholar
- Snort Intrusion Detection and Prevention System, 2007, http://www.snort.org. Google ScholarDigital Library
- Ryan M. Gerdes, Thomas E. Daniels, Mani Mina, Steve F. Russell. Device Identification via Analog Signal Fingerprinting: A Matched Filter Approach. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2006, San Diego, California, USAGoogle Scholar
- Jeyanthi Hall, Michel Barbeau, Evangelos Kranakis. Radio Frequency Fingerprinting for Intrusion Detection in Wireless Networks. In IEEE Transactions on Defendable and Secure Computing, July 2005.Google Scholar
- Bartlomiej Sieka. Active Fingerprinting of 802.11 Devices by Timing. In IEEE Consumer Communications and Networking Conference (CCNC 2006), Las Vegas, NV, USAGoogle ScholarCross Ref
- Jason Franklin, Damon McCoy, Parisa Tabriz, Vicentiu Neagoe, Jamie Van Randwyk, Douglas Sicker. Passive Data Link Layer 802.11 Wireless Device Driver Fingerprinting. In Proceedings of the 15th USENIX Security Symposium, Vancouver, Canada, 2006. Google ScholarDigital Library
- Tadayoshi Kohno, Andre Broido, and K. C. Claffy. Remote Physical Device Fingerprinting. In Proceedings of the 2005 IEEE Symposium on Security and Privacy (SP 2005), Washington, DC, USA Google ScholarDigital Library
- Vern Paxson. On Calibrating Measurements of Packet Transit Times. In Proceedings of SIGMETRICS '98, June 1998. June 1998. Google ScholarDigital Library
- Sue B. Moont, Paul Skelly, Don Towsley. Estimation and Removal of Clock Skew from Network Delay Measurements. In Proceedings of IEEE INFOCOM '99, New York, NY.Google Scholar
- Joshua Wright. (2003). Detecting Wireless LAN MAC Address Spoofing. http://home.jwu.edu/jwright/Google Scholar
- Mathieu Lacage, Mohammad Hossein Manshaei, and Thierry Turletti. IEEE 802.11 Rate Adaptation: A Practical Approach. In Proceedings of the 7th ACM International Symposium on Modelling, Analysis and Simulation of Wireless and Mobile Systems, 2004 Google ScholarDigital Library
- Cor J. Veenman, Marcel J. T. Reinders and Eric Backer. A Maximum Variance Cluster Algorithm. In IEEE Transactions on Pattern Analysis and Machine Intelligence, Vol.24, No.9, 2002, pp. 1273--1280 Google ScholarDigital Library
- Cor J. Veenman and Marcel J. T. Reinders. The Nearest Subclass Classifier: A Compromise between the Nearest Mean and Nearest Neighbour Classifier. In IEEE Transactions on Pattern Analysis and Machine Intelligence, Vol.27, No.9, 2005, pp. 1417--1429 Google ScholarDigital Library
- Cherita Corbett, Raheem Beyah and John Copeland. A Passive Approach to Wireless NIC Identification. In Proceedings of IEEE International Conference on Communications (ICC), 2006.Google ScholarCross Ref
- S. S. Shapiro and M. B. Wilk. An Analysis of Variance Test for Normality (Complete Samples). In Biometrika, Vol.52, No.3/4, 1965, pp. 591--611.Google ScholarCross Ref
- H. B. Mann and D. R. Whitney. On a Test of Whether one of Two Random Variables is Stochastically Larger than the Other. In The Annals of Mathematical Statistics, Vol.18, No.1, 1947, pp. 50--60.Google ScholarCross Ref
- Maya Rodrig, Charles Reis, Ratul Mahajan, David Wetherall, John Zahorjan and Ed Lazowska. {CRAWDAD} trace uw/sigcomm2004/wireless/sahara (v. 2006-10-17)Google Scholar
- Felix Hernandez-Campos and Maria Papadopouli. Assessing the Real Impact of 802.11 WLANs: A Large-scale Comparison of Wired and Wireless Traffic. In Proceedings of the 14th IEEE Workshop on Local and Metropolitan Area Networks, Crete, Greece, 2005Google ScholarCross Ref
- David W. Allan, Chairman, James A. Barnes, Franco Cordara, Michael Garvey, William Hanson, Jack Kusters, Robert Smythe and Fred L. Walls. Precision Oscillators: Dependence of Frequency on Temperature, Humidity and Pressure. In Proceedings of the IEEE Frequency Control Symposium, 1992Google Scholar
- Steven J. Murdoch. Hot or Not: Revealing Hidden Services by their Clock Skew. In ACM Conference on Computer and Communications Security, 2006. Google ScholarDigital Library
- G. David Garson, "Significance Testing", from Statnotes: Topics in Multivariate Analysis. Retrieved 09/20/2007 from http://www2.chass.ncsu.edu/garson/pa765/statnote.htmGoogle Scholar
- Daniel B. Faria, David R. Cheriton, Detecting Identity-Based Attacks in Wireless Networks Using Signalprints. In Proceedings of the 5th ACM workshop on Wireless security, WiSec 2006. Google ScholarDigital Library
- Nikita Borisov, Ian Goldberg, and David Wagner, Intercepting mobile communications: the insecurity of 802.11. In Proceedings of ACM MobiCom 2001, pp. 180--189. Google ScholarDigital Library
- Erik Tews, Ralf-Philipp Weinmann and Andrei Pyshkin. Breaking 104 bit WEP in less than 60 seconds. In Cryptology ePrint Archive, Report 2007/120, 2007.Google Scholar
- Kasper Bonne Rasmussen and Srdjan Capkun. Implications of radio fingerprinting on the security of sensor networks. In Proceedings of IEEE SecureComm, 2007.Google ScholarCross Ref
- L. Xiao, L. J. Greenstein, N. B. Mandayam, W. Trappe, "Using the Physical Layer for Wireless Authentication under Time-variant Channels", to appear in IEEE Transactions on Wireless Communications, Feb 2007. Google ScholarDigital Library
- Neal Patwari, Sneha Kumar Kasera. Robust location distinction using temporal link signatures. In Proceedings of the 13th annual ACM international conference on Mobile computing and networking (MOBICOM 2007), pp 111--122. Google ScholarDigital Library
- Qing Li and Wade Trappe. Detecting Spoofing and Anomalous Traffic in Wireless Networks via Forge-Resistant Relationships. In IEEE Transactions on Information Forensics and Security, Volume 2, Issue 4, Dec. 2007, pp 793--808. Google ScholarDigital Library
Index Terms
- Identifying unique devices through wireless fingerprinting
Recommendations
Behavioral Fingerprinting of IoT Devices
ASHES '18: Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware SecurityThe Internet-of-Things (IoT) has brought in new challenges in device identification --what the device is, and authentication --is the device the one it claims to be. Traditionally, the authentication problem is solved by means of a cryptographic ...
Techniques and countermeasures of website/wireless traffic analysis and fingerprinting
The behavior of a communication traffic may reveal some patterns (such as, packet size, packet direction, and inter-packet time, etc.) that can expose users' identities and their private interactions. Such information may not be concealed even if ...
Fingerprinting Wi-Fi Devices Using Software Defined Radios
WiSec '16: Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile NetworksWi-Fi (IEEE 802.11), is emerging as the primary medium for wireless Internet access. Cellular carriers are increasingly offloading their traffic to Wi-Fi Access Points to overcome capacity challenges, limited RF spectrum availability, cost of deployment,...
Comments