Fingerprinting Wi-Fi Devices Using Software Defined Radios

Wi-Fi (IEEE 802.11), is emerging as the primary medium for wireless Internet access. Cellular carriers are increasingly offloading their traffic to Wi-Fi Access Points to overcome capacity challenges, limited RF spectrum availability, cost of deployment, and keep up with the traffic demands driven by user generated content. The ubiquity of Wi-Fi and its emergence as a universal wireless interface makes it the perfect tracking device. The Wi-Fi offloading trend provides ample opportunities for adversaries to collect samples (e.g., Wi-Fi probes) and track the mobility patterns and location of users. In this work, we show that RF fingerprinting of Wi-Fi devices is feasible using commodity software defined radio platforms. We developed a framework for reproducible RF fingerprinting analysis of Wi-Fi cards. We developed a set of techniques for distinguishing Wi-Fi cards, most are unique to the IEEE802.11a/g/p standard, including scrambling seed pattern, carrier frequency offset, sampling frequency offset, transient ramp-up/down periods, and a symmetric Kullback-Liebler divergence-based separation technique. We evaluated the performance of our techniques over a set of 93 Wi-Fi devices spanning 13 models of cards. In order to assess the potential of the proposed techniques on similar devices, we used 3 sets of 26 Wi-Fi devices of identical model. Our results, indicate that it is easy to distinguish between models with a success rate of 95%. It is also possible to uniquely identify a device with 47% success rate if the samples are collected within a 10s interval of time.

[1]  Marco Gruteser,et al.  Wireless device identification with radiometric signatures , 2008, MobiCom '08.

[2]  Jeffrey H. Reed,et al.  Specific Emitter Identification for Cognitive Radio with Application to IEEE 802.11 , 2008, IEEE GLOBECOM 2008 - 2008 IEEE Global Telecommunications Conference.

[3]  Frank Piessens,et al.  Why MAC Address Randomization is not Enough: An Analysis of Wi-Fi Network Discovery Mechanisms , 2016, AsiaCCS.

[4]  M. Sliskovic,et al.  Sampling frequency offset estimation and correction in OFDM systems , 2001, ICECS 2001. 8th IEEE International Conference on Electronics, Circuits and Systems (Cat. No.01EX483).

[5]  Maja Sliskovic,et al.  Carrier and sampling frequency offset estimation and correction in multicarrier systems , 2001, GLOBECOM'01. IEEE Global Telecommunications Conference (Cat. No.01CH37270).

[6]  Srinivasan Seshan,et al.  802.11 user fingerprinting , 2007, MobiCom '07.

[7]  Damon McCoy,et al.  Passive Data Link Layer 802.11 Wireless Device Driver Fingerprinting , 2006, USENIX Security Symposium.

[8]  Falko Dressler,et al.  Decoding IEEE 802.11a/g/p OFDM in software using GNU radio , 2013, MobiCom.

[9]  Dong Chao,et al.  Universal Software Radio Peripheral , 2010 .

[10]  Henry Haverinen,et al.  Extensible Authentication Protocol Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM) , 2006, RFC.

[11]  Donald C. Cox,et al.  Robust frequency and timing synchronization for OFDM , 1997, IEEE Trans. Commun..

[12]  PUF – Physical Unclonable Functions Protecting next-generation Smart Card ICs with SRAM-based PUFs , .

[13]  Triet Vo Huu,et al.  Counter-jamming using mixed mechanical and software interference cancellation , 2013, WiSec '13.

[14]  Marc Moeneclaey,et al.  The BER performance of OFDM systems using non-synchronized sampling , 1994, 1994 IEEE GLOBECOM. Communications: The Global Bridge.

[15]  Srdjan Capkun,et al.  Physical-Layer Identification of Wireless Devices , 2011 .

[16]  Kevin W. Sowerby,et al.  Analysis of impersonation attacks on systems using RF fingerprinting and low-end receivers , 2014, J. Comput. Syst. Sci..

[17]  Srdjan Capkun,et al.  Implications of radio fingerprinting on the security of sensor networks , 2007, 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007.

[18]  Tzi-cker Chiueh,et al.  Sequence Number-Based MAC Address Spoof Detection , 2005, RAID.

[19]  Stefan Katzenbeisser,et al.  PUFs: Myth, Fact or Busted? A Security Evaluation of Physically Unclonable Functions (PUFs) Cast in Silicon , 2012, CHES.