Active Behavioral Fingerprinting of Wireless Devices
[bratus:fingerprint-tr]Sergey Bratus, Cory Cornelius, Daniel Peebles, and David Kotz. Active Behavioral Fingerprinting of Wireless Devices. Technical Report number TR2008-610, Dartmouth Computer Science, Hanover, NH, March 2008. ©Copyright the authors. Revision of bratus:fingerprint.
We propose a simple active method for discovering facts about the chipset, the firmware or the driver of an 802.11 wireless device by observing its responses (or lack thereof) to a series of crafted non-standard or malformed 802.11 frames. We demonstrate that such responses can differ significantly enough to distinguish between a number of popular chipsets and drivers. We expect to significantly expand the number of recognized device types through community contributions of signature data for the proposed open fingerprinting framework. Our method complements known fingerprinting approaches, and can be used to interrogate and spot devices that may be spoofing their MAC addresses in order to conceal their true architecture from other stations, such as a fake AP seeking to engage clients in complex protocol frame exchange (e.g., in order to exploit a driver vulnerability). In particular, it can be used to distinguish rogue APs from legitimate APs before association.
Citable with [BibTeX]
Keywords: [security] [wifi]
Available from the publisher: [page]
Available from the author:
This pdf was produced by the publisher and its posting here is permitted by the publisher.