Vladimir Brik
ABSTRACT
We design, implement, and evaluate a technique to identify the source network interface card (NIC) of an IEEE 802.11 frame through passive radio-frequency analysis. This technique, called PARADIS, leverages minute imperfections of transmitter hardware that are acquired at manufacture and are present even in otherwise identical NICs. These imperfections are transmitter-specific and manifest themselves as artifacts of the emitted signals. In PARADIS, we measure differentiating artifacts of individual wireless frames in the modulation domain, apply suitable machine-learning classification tools to achieve significantly higher degrees of NIC identification accuracy than prior best known schemes.
We experimentally demonstrate effectiveness of PARADIS in differentiating between more than 130 identical 802.11 NICs with accuracy in excess of 99%. Our results also show that the accuracy of PARADIS is resilient against ambient noise and fluctuations of the wireless channel.
Although our implementation deals exclusively with IEEE 802.11, the approach itself is general and will work with any digital modulation scheme.
- AAgilent Technologies. Agilent 802.11a/g Manufacturing Test Application Note : A Guide to Getting Started. Application note 1308-3.Google Scholar
- Agilent Technologies. Making 802.11g transmitter measurements. Application note 1380-4.Google Scholar
- Agilent Technologies. RF Testing of WLAN products. Application note 1380-1.Google Scholar
- Agilent Technologies. Testing and Troubleshooting Digital RF Communications Transmitter Designs. Application note 1313.Google Scholar
- M. Barbeau, J. Hall, and E. Kranakis. Detecting Impersonation Attacks in Future Wireless and Mobile Networks. MADNES, 2006. Google ScholarDigital Library
- David K. Barton and Sergey A. Leonov. Radar Technology Encyclopedia. Artech House, 1998. See entry on Target Recongnition and Identification.Google Scholar
- Carl Rasmussen and Christopher Williams. Gaussian Processes for Machine Learning. The MIT Press, 2006. Google ScholarDigital Library
- Chih-Chung Chang and Chih-Jen Lin. LIBSVM: a library for support vector machines, 2001. http://www.csie.ntu.edu.tw/~cjlin/libsvm.Google Scholar
- H.C. Choe, C.E. Poole, A.M. Yu, and H.H. Szu. Novel identification of intercepted signals from unknown radio transmitters. SPIE, 2491:504, 2003.Google Scholar
- D.B. Faria and D.R. Cheriton. Detecting identity-based attacks in wireless networks using signalprints. ACM WiSe, pages 43--52, 2006. Google ScholarDigital Library
- J. Franklin, D. McCoy, P. Tabriz, V. Neagoe, J. Van Randwyk, and D. Sicker. Passive Data Link Layer 802.11 Wireless Device Driver Fingerprinting. Usenix Security Symposium, 2006. Google ScholarDigital Library
- R. Gerdes, T. Daniels, M. Mina, and S. Russell. Device Identification via Analog Signal Fingerprinting: A Matched Filter Approach. NDSS, 2006.Google Scholar
- Gordon Lyon. Nmap network mapper. http://nmap.org.Google Scholar
- F. Guo and T. Chiueh. Sequence Number-Based MAC Address Spoof Detection. Recent Advances in Intrusion Detection: 8th International Symposium, RAID 2005, 2006. Google ScholarDigital Library
- J. Hall, M. Barbeau, and E. Kranakis. Radio frequency fingerprinting for intrusion detection in wirless networks. Defendable and Secure Computing, 2005.Google Scholar
- Jeyanthi Hall. Detection of rogue devices in wireless networks. PhD thesis, 2006. Google ScholarDigital Library
- IEEE Standards Association. IEEE Std 802.11a. http://standards.ieee.org/getieee802/download/802.11a-1999.pdf.Google Scholar
- IEEE Standards Association. IEEE Std 802.11b. http://standards.ieee.org/getieee802/download/802.11b-1999.pdf.Google Scholar
- T. Kohno, A. Broido, and KC Claffy. Remote physical device fingerprinting. Dependable and Secure Computing, 2(2):93--108, 2005. Google ScholarDigital Library
- L.E. Langley. Specific emitter identification (SEI) and classical parameter fusion technology. WESCON, 1993.Google ScholarCross Ref
- Z. Li, W. Xu, R. Miller, and W. Trappe. Securing wireless systems via lower layer enforcements. Proceedings of the 5th ACM workshop on Wireless security, pages 33--42, 2006. Google ScholarDigital Library
- Tom M. Mitchell. Machine Learning. McGraw-Hill, 1997. Google ScholarDigital Library
- Motron Electronics. TxID Transmitter FingerPrinter. http://www.motron.com/TransmitterID.html.Google Scholar
- ORBIT wireless research laboratory. WINLAB, Rutgers University. http://www.orbit-lab.org/.Google Scholar
- Jeffrey Pang, Ben Greenstein, Ramakrishna Gummadi, Srinivasan Seshan, and David Wetherall. 802.11 user fingerprinting. In MobiCom '07: Proceedings of the 13th annual ACM international conference on Mobile computing and networking, pages 99--110, New York, NY, USA, 2007. ACM. Google ScholarDigital Library
- N. Patwari and S.K. Kasera. Robust location distinction using temporal link signatures. ACM MOBICOM, pages 111--122, 2007. Google ScholarDigital Library
- Philip Stepanek and William M. Kilpatrick. Modeling Uncertainties in a Measuring Receiver. Agilent Technologies.Google Scholar
- K.B. Rasmussen and S. Capkun. Implications of Radio Fingerprinting on the Security of Sensor Networks. Proceedings of IEEE SecureComm, 2007.Google ScholarCross Ref
- K.A. Remley, C.A. Grosvenor, R.T. Johnk, D.R. Novotny, P.D. Hale, M.D. McKinley, A. Karygiannis, and E. Antonakakis. Electromagnetic Signatures of WLAN Cards and Network Security. ISSPIT, 2005.Google ScholarCross Ref
- M.J. Riezenman. Cellular security: better, but foes still lurk. Spectrum, IEEE, 2000. Google ScholarDigital Library
- A. Ross and A. Jain. Information fusion in biometrics. Pattern Recognition Letters, 24(13):2115--2125, 2003. Google ScholarDigital Library
- 89600S series VXI-based Vector Signal Analyzer. Agilent technologies.Google Scholar
- K.I. Talbot, P.R. Duley, and M.H. Hyatt. Specific Emitter Identification and Verification. Technology Review, 2003.Google Scholar
- P. Tuyls and J. Goseling. Capacity and Examples of Template-Protecting Biometric Authentication Systems. ECCV, 2004.Google ScholarCross Ref
- O. Ureten and N. Serinken. Wireless security through RF fingerprinting. Electrical and Computer Engineering, Canadian Journal of, 32(1):27--33, 2007.Google Scholar
- J. Wright. Detecting Wireless LAN MAC Address Spoofing. White Paper, January, 2003.Google Scholar
Index Terms
- Wireless device identification with radiometric signatures
Recommendations
A practical cross-layer mechanism for fairness in 802.11 networks
Special issue: Recent advances in wireless networkingMany companies, organizations and communities are providing wireless hotspots that provide networking access using 802.11b wireless networks. Since wireless networks are more sensitive to variations in bandwidth and environmental interference than wired ...
Proportional fair throughput allocation in multirate IEEE 802.11e wireless LANs
Under heterogeneous radio conditions, Wireless LAN stations may use different modulation schemes, leading to a heterogeneity of bit rates. In such a situation, 802.11 DCF allocates the same throughput to all stations independently of their transmitting ...
A Wireless MAC Protocol with Collision Detection
The most popular strategies for dealing with packet collisions at the Medium Access Control (MAC) layer in distributed wireless networks use a combination of carrier sensing and collision avoidance. When the collision avoidance strategy fails such ...
Comments