A passive technique for fingerprinting wireless devices with Wired-side Observations

In this paper, we introduce GTID, a technique that passively fingerprints wireless devices and their types from the wired backbone. GTID exploits the heterogeneity of devices, which is a function of different device hardware compositions and variations in devices' clock skew. We use statistical techniques to create unique, reproducible device and device type signatures that represent time variant behavior in network traffic and use artificial neural networks (ANNs) to classify devices and device types. We demonstrate the efficacy of our technique on both an isolated testbed and a live campus network (during peak hours) using a corpus of 27 devices representing a wide range of device classes. We collected more than 100 GB of traffic captures for ANN training and classification. We assert that for any fingerprinting technique to be practical, it must be able to detect previously unseen devices (i.e., devices for which no stored signature is available) and must be able to withstand various attacks. GTID is the first fingerprinting technique to detect previously unseen devices and to illustrate its resilience under various attacker models. We measure the performance of GTID by considering accuracy, recall, and processing time and illustrate how it can be used to complement existing authentication systems and to detect counterfeit devices.

[1]  Radu State,et al.  Enforcing security with behavioral fingerprinting , 2011, 2011 7th International Conference on Network and Service Management.

[2]  Andreas Zinnen,et al.  Clock skew based remote device fingerprinting demystified , 2012, 2012 IEEE Global Communications Conference (GLOBECOM).

[3]  Christoph Neumann,et al.  An Empirical Study of Passive 802.11 Device Fingerprinting , 2012, 2012 32nd International Conference on Distributed Computing Systems Workshops.

[4]  Michel Barbeau,et al.  Detecting rogue devices in bluetooth networks using radio frequency fingerprinting , 2006, Communications and Computer Networks.

[5]  Sneha Kumar Kasera,et al.  On Fast and Accurate Detection of Unauthorized Wireless Access Points Using Clock Skews , 2010, IEEE Transactions on Mobile Computing.

[6]  Radu State,et al.  PTF: Passive Temporal Fingerprinting , 2011, 12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops.

[7]  Scott Rixner,et al.  Exploiting task-level concurrency in a programmable network interface , 2003, PPoPP '03.

[8]  Joel Young,et al.  Auto-learning of SMTP TCP Transport-Layer Features for Spam and Abusive Message Detection , 2011, LISA.

[9]  Vern Paxson,et al.  On calibrating measurements of packet transit times , 1998, SIGMETRICS '98/PERFORMANCE '98.

[10]  Sergey Bratus,et al.  Active behavioral fingerprinting of wireless devices , 2008, WiSec '08.

[11]  Kevin R. B. Butler,et al.  Host Identification via USB Fingerprinting , 2011, 2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering.

[12]  T. Kohno,et al.  Remote physical device fingerprinting , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[13]  Ieee Staff,et al.  2013 IEEE Conference on Communications and Network Security (CNS) , 2013 .

[14]  Marco Gruteser,et al.  Wireless device identification with radiometric signatures , 2008, MobiCom '08.

[15]  Miodrag Potkonjak,et al.  Can EDA combat the rise of electronic counterfeiting? , 2012, DAC Design Automation Conference 2012.

[16]  Ke Gao,et al.  A passive approach to wireless device fingerprinting , 2010, 2010 IEEE/IFIP International Conference on Dependable Systems & Networks (DSN).