Active behavioral fingerprinting of wireless devices

Authors:
Sergey Bratus;Cory Cornelius;David Kotz;Daniel Peebles
Affiliations:
Dartmouth College, Hanover, NH;Dartmouth College, Hanover, NH;Dartmouth College, Hanover, NH;Dartmouth College, Hanover, NH
Venue:
WiSec '08 Proceedings of the first ACM conference on Wireless network security
Year:
2008

Citing 4
Cited 9

Learning Decision Lists

Machine Learning
An empirical analysis of heterogeneity in IEEE 802.11 MAC protocol implementations and its implications

WiNTECH '06 Proceedings of the 1st international workshop on Wireless network testbeds, experimental evaluation & characterization
A virtual honeypot framework

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Passive data link layer 802.11 wireless device driver fingerprinting

USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15

Attacks on public WLAN-based positioning systems

Proceedings of the 7th international conference on Mobile systems, applications, and services
Transient-based identification of wireless sensor nodes

IPSN '09 Proceedings of the 2009 International Conference on Information Processing in Sensor Networks
honeyM: a framework for implementing virtual honeyclients for mobile devices

Proceedings of the third ACM conference on Wireless network security
On the reliability of wireless fingerprinting using clock skews

Proceedings of the third ACM conference on Wireless network security
Refocusing in 802.11 wireless measurement

PAM'08 Proceedings of the 9th international conference on Passive and active network measurement
Experience with heterogenous clock-skew based device fingerprinting

Proceedings of the 2012 Workshop on Learning from Authoritative Security Experiment Results
Privacy in mobile technology for personal healthcare

ACM Computing Surveys (CSUR)
On physical-layer identification of wireless devices

ACM Computing Surveys (CSUR)
ArrayTrack: a fine-grained indoor location system

nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation

Quantified Score

Hi-index	0.00

Visualization

Abstract

We propose a simple active method for discovering facts about the chipset, the firmware or the driver of an 802.11 wireless device by observing its responses (or lack thereof) to a series of crafted non-standard or malformed 802.11 frames. We demonstrate that such responses can differ significantly enough to distinguish between a number of popular chipsets and drivers. We expect to significantly expand the number of recognized device types through community contributions of signature data for the proposed open fingerprinting framework. Our method complements known fingerprinting approaches, and can be used to interrogate and spot devices that may be spoofing their MAC addresses in order to conceal their true architecture from other stations, such as a fake AP seeking to engage clients in complex protocol frame exchange (e.g., in order to exploit a driver vulnerability). In particular, it can be used to distinguish rogue APs from legitimate APs before association.