Remote Physical Device Fingerprinting
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Detecting identity-based attacks in wireless networks using signalprints
WiSe '06 Proceedings of the 5th ACM workshop on Wireless security
802.11 denial-of-service attacks: real vulnerabilities and practical solutions
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Passive data link layer 802.11 wireless device driver fingerprinting
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Wireless device identification with radiometric signatures
Proceedings of the 14th ACM international conference on Mobile computing and networking
Sequence number-based MAC address spoof detection
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
SecureArray: improving wifi security with fine-grained physical-layer information
Proceedings of the 19th annual international conference on Mobile computing & networking
An automatic and self-adaptive multi-layer data fusion system for WiFi attack detection
International Journal of Internet Technology and Secured Transactions
Hi-index | 0.00 |
Wireless networks are vulnerable to identity spoofing attacks, where an attacker can forge the MAC address of his wireless device to assume the identity of another victim device on the network. Identity spoofing allows an attacker to avail network services that are normally restricted to legitimate users. Prior techniques to detect such attacks rely on characteristics such as progressions of MAC sequence numbers. However, these techniques can wrongly classify benign flows as malicious with newer 802.11e wireless devices that allow multiple progressions of MAC sequence numbers from the same device. Several other techniques that rely on physical properties of transmitting devices are ineffective when the attacker and the victim are mobile. In this paper, we propose an architecture to robustly detect identity spoofing attacks under varying operating conditions. Our architecture employs a series of increasingly powerful detectors to identify or eliminate the possibility of an attack, culminating in a powerful, RSSI-based per-packet localizer that reliably detects identity spoofing attacks. We implemented this architecture and used it to detect a variety of identity spoofing attacks. Our experiments show that it can effectively detect identity spoofs with a low false positive rate of 0.5%.