Passive Classification of Wireless NICs during Rate Switching

Computer networks have become increasingly ubiquitous. However, with the increase in networked applications, there has also been an increase in difficulty to manage and secure these networks. The proliferation of 802.11 wireless networks has heightened this problem by extending networks beyond physical boundaries. We propose the use of spectral analysis to identify the type of wireless network interface card (NIC). This mechanism can be applied to support the detection of unauthorized systems that use NICs which are different from that of a legitimate system. We focus on rate switching, a vaguely specified mechanism required by the 802.11 standard that is implemented in the hardware and software of the wireless NIC. We show that the implementation of this function influences the transmission patterns of a wireless stream, which are observable through traffic analysis. Our mechanism for NIC identification uses signal processing to analyze the periodicity embedded in the wireless traffic caused by rate switching. A stable spectral profile is created from the periodic components of the traffic and used for the identity of the wireless NIC. We show that we can distinguish between NICs manufactured by different vendors and NICs manufactured by the same vendor using their spectral profiles.

[1]  Michel Barbeau,et al.  DETECTION OF TRANSIENT IN RADIO FREQUENCY FINGERPRINTING USING SIGNAL PHASE , 2003 .

[2]  Raheem A. Beyah,et al.  A Passive Approach to Wireless NIC Identification , 2006, 2006 IEEE International Conference on Communications.

[3]  Leo Monteban,et al.  WaveLAN®-II: A high-performance wireless LAN for the unlicensed band , 1997, Bell Labs Technical Journal.

[4]  M. A. Yoder,et al.  Signal Processing First , 2003 .

[5]  Joshua Wright,et al.  Detecting Wireless LAN MAC Address Spoofing , 2003 .

[6]  Kihong Park,et al.  On the performance characteristics of WLANs: revisited , 2005, SIGMETRICS '05.

[7]  Thierry Turletti,et al.  IEEE 802.11 rate adaptation: a practical approach , 2004, MSWiM '04.

[8]  Alefiya Hussain,et al.  Identification of Repeated Attacks Using Network Traffic Forensics , 2003 .

[9]  H. T. Kung,et al.  Use of spectral analysis in defense against DoS attacks , 2002, Global Telecommunications Conference, 2002. GLOBECOM '02. IEEE.

[10]  T. Kohno,et al.  Remote physical device fingerprinting , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[11]  Rajesh Krishnan,et al.  Using signal processing to analyze wireless data traffic , 2002, WiSE '02.

[12]  Hong Linh Truong,et al.  A dynamic link adaptation algorithm for IEEE 802.11 a wireless LANs , 2003, IEEE International Conference on Communications, 2003. ICC '03..

[13]  Chad Sullivan Cisco Security Agent , 2005 .