Active Behavioral Fingerprinting of Wireless Devices


Sergey Bratus, Cory Cornelius, David Kotz, and Dan Peebles. Active Behavioral Fingerprinting of Wireless Devices. Proceedings of the ACM Conference on Wireless Network Security (WiSec), pages 56–61. ACM, March 2008. doi:10.1145/1352533.1352543. ©Copyright ACM. Later revised as bratus:fingerprint-tr.


We propose a simple active method for discovering facts about the chipset, the firmware or the driver of an 802.11 wireless device by observing its responses (or lack thereof) to a series of crafted non-standard or malformed 802.11 frames. We demonstrate that such responses can differ significantly enough to distinguish between a number of popular chipsets and drivers. We expect to significantly expand the number of recognized device types through community contributions of signature data for the proposed open fingerprinting framework. Our method complements known fingerprinting approaches, and can be used to interrogate and spot devices that may be spoofing their MAC addresses in order to conceal their true architecture from other stations, such as a fake AP seeking to engage clients in complex protocol frame exchange (e.g., in order to exploit a driver vulnerability). In particular, it can be used to distinguish rogue APs from legitimate APs before association.

Citable with [BibTeX]

Projects: [map]

Keywords: [security] [wifi]

Available from the publisher: [DOI]

Available from the author: [bib] [pdf]
This pdf was produced by the publisher and its posting here is permitted by the publisher.

[Kotz research]