Using Active Scanning to Identify Wireless NICs

Computer networks have become increasingly ubiquitous. However, with the increase in networked applications, there has also been an increase in difficulty to manage and secure these networks. The proliferation of 802.11 wireless networks has heightened this problem by extending networks beyond physical boundaries. We propose the use of spectral analysis to identify the type of wireless network interface card (NIC). This mechanism can be applied to support the detection of unauthorized systems that use NICs which are different from that of a legitimate system. We focus on active scanning, a vaguely specified mechanism required by the 802.11 standard that is implemented in the hardware and software of the wireless NIC. We show that the implementation of this function influences the transmission patterns of a wireless stream that are observable through traffic analysis. Our mechanism for NIC identification uses signal processing to analyze the periodicity embedded in the wireless traffic caused by active scanning. A stable spectral profile is created from the periodic components of the traffic and used for the identity of the wireless NIC. We show that we can distinguish between NICs manufactured by different vendors using the spectral profile

[1]  H. T. Kung,et al.  Use of spectral analysis in defense against DoS attacks , 2002, Global Telecommunications Conference, 2002. GLOBECOM '02. IEEE.

[2]  M. A. Yoder,et al.  Signal Processing First , 2003 .

[3]  Joshua Wright,et al.  Detecting Wireless LAN MAC Address Spoofing , 2003 .

[4]  Michel Barbeau,et al.  DETECTION OF TRANSIENT IN RADIO FREQUENCY FINGERPRINTING USING SIGNAL PHASE , 2003 .

[5]  Raheem A. Beyah,et al.  A Passive Approach to Wireless NIC Identification , 2006, 2006 IEEE International Conference on Communications.

[6]  A. W. M. van den Enden,et al.  Discrete Time Signal Processing , 1989 .

[7]  Rajesh Krishnan,et al.  Using signal processing to analyze wireless data traffic , 2002, WiSE '02.

[8]  T. Kohno,et al.  Remote physical device fingerprinting , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[9]  William A. Arbaugh,et al.  An empirical analysis of the IEEE 802.11 MAC layer handoff process , 2003, CCRV.

[10]  Michel Barbeau,et al.  Enhancing intrusion detection in wireless networks using radio frequency fingerprinting , 2004, Communications, Internet, and Information Technology.

[11]  Karsten P. Ulland,et al.  Vii. References , 2022 .

[12]  Alefiya Hussain,et al.  Identification of Repeated Attacks Using Network Traffic Forensics , 2003 .

[13]  Stefan Savage,et al.  SyncScan: practical fast handoff for 802.11 infrastructure networks , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[14]  Chad Sullivan Cisco Security Agent , 2005 .