Sergey Bratus, Cory Cornelius, Daniel Peebles, and David Kotz. Active Behavioral Fingerprinting of Wireless Devices. Technical Report TR2008-610, Dartmouth Computer Science, March 2008.

Abstract: We propose a simple active method for discovering facts about the chipset, the firmware or the driver of an 802.11 wireless device by observing its responses (or lack thereof) to a series of crafted non-standard or malformed 802.11 frames. We demonstrate that such responses can differ significantly enough to distinguish between a number of popular chipsets and drivers. We expect to significantly expand the number of recognized device types through community contributions of signature data for the proposed open fingerprinting framework. Our method complements known fingerprinting approaches, and can be used to interrogate and spot devices that may be spoofing their MAC addresses in order to conceal their true architecture from other stations, such as a fake AP seeking to engage clients in complex protocol frame exchange (e.g., in order to exploit a driver vulnerability). In particular, it can be used to distinguish rogue APs from legitimate APs before association.

Keywords: wireless, security

BibTeX

PDF (302K)

Copyright © 2008 by the authors.

See also earlier version bratus:fingerprint.