Direction Finding of rogue Wi-Fi access points using an off-the-shelf MIMO-OFDM receiver

Elimination of rogue Access Points (APs) is a challenging security goal of growing interest and practical importance. However, even when network administrators suspect that such devices are indeed present to attack their organization, physically locating their whereabout is an intricate task. In this work a method is suggested for implementing autonomous Direction Finding (DF), i.e.,?an apparatus for passively identifying the Angle-of-Arrival (AoA) of a received Wi-Fi signal, using a standard off-the-shelf Wi-Fi receiver.Modern wireless communication standards, such as Wi-Fi (e.g.?IEEE 802.11n), are based on Orthogonal Frequency Division Multiplexing (OFDM) and Multiple-Input Multiple-Output (MIMO) technologies. The key contribution of the current work is an approach of employing the multiple receiving antennas jointly with OFDM Channel State Information (CSI) as the basis for implementing an interferometry DF tool. This approach is theoretically investigated via numeric analysis, and practically validated by a working prototype. The performance of the prototype was evaluated both in the laboratory, in a sterile environment, as well as in field trials. In realistic indoor setting the prototype was able to acquire the AoA with a median error of 8-15 degrees.

[1]  David Wetherall,et al.  Tool release: gathering 802.11n traces with channel state information , 2011, CCRV.

[2]  Sachin Katti,et al.  PinPoint: Localizing Interfering Radios , 2013, NSDI.

[3]  Haiyun Luo,et al.  Zero-configuration indoor localization over IEEE 802.11 wireless infrastructure , 2010, Wirel. Networks.

[4]  Yong Sheng,et al.  Detecting 802.11 MAC Layer Spoofing Using Received Signal Strength , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[5]  Kaishun Wu,et al.  FIFS: Fine-Grained Indoor Fingerprinting System , 2012, 2012 21st International Conference on Computer Communications and Networks (ICCCN).

[7]  Xinwen Fu,et al.  3DLoc: Three Dimensional Wireless Localization Toolkit , 2010, 2010 IEEE 30th International Conference on Distributed Computing Systems.

[8]  Kaishun Wu,et al.  CSI-Based Indoor Localization , 2013, IEEE Transactions on Parallel and Distributed Systems.

[9]  Moustafa Youssef,et al.  The Horus WLAN location determination system , 2005, MobiSys '05.

[10]  Paramvir Bahl,et al.  RADAR: an in-building RF-based user location and tracking system , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[11]  S.K. Wilson,et al.  On channel estimation in OFDM systems , 1995, 1995 IEEE 45th Vehicular Technology Conference. Countdown to the Wireless Twenty-First Century.

[12]  Jie Yang,et al.  Push the limit of WiFi based localization for smartphones , 2012, Mobicom '12.

[13]  Tom Minka,et al.  You are facing the Mona Lisa: spot localization using PHY layer information , 2012, MobiSys '12.

[14]  Raheem A. Beyah,et al.  Rogue access point detection using temporal traffic characteristics , 2004, IEEE Global Telecommunications Conference, 2004. GLOBECOM '04..

[15]  Raheem A. Beyah,et al.  Rogue Access Point Detection Using Innate Characteristics of the 802.11 MAC , 2009, SecureComm.

[16]  Jie Xiong,et al.  SecureAngle: improving wireless security using angle-of-arrival information , 2010, Hotnets-IX.

[17]  Gang Wang,et al.  I am the antenna: accurate outdoor AP location using smartphones , 2011, MobiCom '11.

[18]  Geoffrey G. Messier,et al.  Using WLAN Infrastructure for Angle-of-Arrival Indoor User Location , 2008, 2008 IEEE 68th Vehicular Technology Conference.

[19]  Kostas E. Bekris,et al.  On the feasibility of using wireless ethernet for indoor localization , 2004, IEEE Transactions on Robotics and Automation.

[20]  Sneha Kumar Kasera,et al.  On Fast and Accurate Detection of Unauthorized Wireless Access Points Using Clock Skews , 2008, IEEE Transactions on Mobile Computing.

[21]  Yunhao Liu,et al.  From RSSI to CSI , 2013, ACM Comput. Surv..

[22]  Moustafa Youssef,et al.  MonoPHY: Mono-stream-based device-free WLAN localization via physical layer information , 2013, 2013 IEEE Wireless Communications and Networking Conference (WCNC).

[23]  Bo Sheng,et al.  A Timing-Based Scheme for Rogue AP Detection , 2011, IEEE Transactions on Parallel and Distributed Systems.

[24]  Robin Henniges Current approches of Wifi Positioning , 2012 .

[25]  Marco Gruteser,et al.  Wireless device identification with radiometric signatures , 2008, MobiCom '08.

[26]  Jie Xiong,et al.  Towards fine-grained radio-based indoor location , 2012, HotMobile '12.

[27]  Donald F. Towsley,et al.  Identifying 802.11 Traffic from Passive Measurements Using Iterative Bayesian Inference , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[28]  B. R. Badrinath,et al.  VOR base stations for indoor 802.11 positioning , 2004, MobiCom '04.

[29]  Bo Sheng,et al.  A Measurement Based Rogue AP Detection Scheme , 2009, IEEE INFOCOM 2009.

[30]  Min Gao,et al.  FILA: Fine-grained indoor localization , 2012, 2012 Proceedings IEEE INFOCOM.

[31]  Srihari Nelakuditi,et al.  SpinLoc: spin once to know your location , 2012, HotMobile '12.