Wireless device identification with radiometric signatures
Proceedings of the 14th ACM international conference on Mobile computing and networking
On physical-layer identification of wireless devices
ACM Computing Surveys (CSUR)
| Hi-index | 0.00 |
The need for robust access control mechanisms is paramount, especially in Wireless Local Area Network (WLAN)s and Wireless Wide Area Network (WWAN)s. Current authentication systems are vulnerable to device impersonation by rogue devices. Within cellular mobile networks, this threat is actualized by cloning cell phones, and using the clones for obtaining free services. A well known example in Wireless Fidelity (WiFi)/802.11 networks is Media Access Control (MAC) address spoofing. In this case, an attacker captures the MAC address of an authorized device and programs it into his device, in order to obtain unauthorized access. The threat of address spoofing is equally applicable to Bluetooth (BT) ad-hoc networks. The underlying problem is the continued use of Access Control List (ACL)s, based on a single malleable identifier, e.g. MAC addresses. Given the ease with which the aforementioned attacks are mounted, and the potential impact on these networks, there is a requirement for access control mechanisms that are capable of detecting impersonation attacks. What would prove useful is to associate a malleable identifier with less malleable characteristics. Hence, we explore the feasibility of using Anomaly-based Intrusion Detection (ABID), which makes use of device-based and/or user-based profiles for ad dressing the aforementioned problem. For example, an ABID system would compare multiple instances of device/user characteristics, associated with a given identifier, to those in the corresponding profile. Deviations from pre-established thresholds would be indicative of cloning or address spoofing. More specifically, we explore the use of Radio Frequency Fingerprinting (RFF) for characterizing transceivers in WiFi/802.11 and BT wireless cards, i.e. create device-based profiles, and Hotelling's T 2 statistics for classification purposes. Similarly, we also investigate the adoption of User Mobility Pattern (UMP)s for user-based profiles and the Instance-Based Learning (IBL) technique for classification. Average detection rates of 93% (BT) and 94.5% (WiFi/802.11) support the feasibility of incorporating RFF, in ABID, for detecting address spoofing. On the other hand, the use of UMPs for similar purposes is also technically feasible. Thus, device-based and user-based characteristics can be exploited for detecting rogue devices in wireless networks.