research-article

On the reliability of wireless fingerprinting using clock skews

Authors:

Chrisil Arackaparambil,

David KotzAuthors Info & Claims

WiSec '10: Proceedings of the third ACM conference on Wireless network security

Pages 169 - 174

https://doi.org/10.1145/1741866.1741894

Published: 22 March 2010 Publication History

Abstract

Determining whether a client station should trust an access point is a known problem in wireless security. Traditional approaches to solving this problem resort to cryptography. But cryptographic exchange protocols are complex and therefore induce potential vulnerabilities in themselves. We show that measurement of clock skews of access points in an 802.11 network can be useful in this regard, since it provides fingerprints of the devices. Such fingerprints can be used to establish the first point of trust for client stations wishing to connect to an access point. Fingerprinting can also be used in the detection of fake access points.

We demonstrate deficiencies of previously studied methods that measure clock skews in 802.11 networks by means of an attack that spoofs clock skews. We then provide means to overcome those deficiencies, thereby improving the reliability of fingerprinting. Finally, we show how to perform the clock-skew arithmetic that enables network providers to publish clock skews of their access points for use by clients.

References

[1]

Chrisil Arackaparambil, Sergey Bratus, Anna Shubina, and David Kotz. On the Reliability of Wireless Fingerprinting using Clock Skews. Technical Report TR2010-661, Dartmouth College, Computer Science, Hanover, NH, January 2010.

Digital Library

[2]

Paramvir Bahl, Ranveer Chandra, Jitendra Padhye, Lenin Ravindranath, Manpreet Singh, Alec Wolman, and Brian Zill. Enhancing the security of corporate wi-fi networks using dair. In MobiSys'06: Proceedings of the 4th international conference on Mobile systems, applications and services, pages 1--14, New York, NY, USA, 2006. ACM.

Digital Library

[3]

Sergey Bratus, Cory Cornelius, David Kotz, and Daniel Peebles. Active behavioral fingerprinting of wireless devices. In WiSec'08: Proceedings of the first ACM conference on Wireless network security, pages 56--61. ACM, 2008.

Digital Library

[4]

Laurent Butti. Wi-Fi advanced fuzzing. Black Hat Europe, February 2007.

[5]

Johnny Cache and David Maynor. Hijacking a MacBook in 60 seconds. Black Hat, August 2006.

[6]

Johnny Cache, H D Moore, and skape. Exploiting 802.11 wireless driver vulnerabilities on Windows. Uninformed.org, 6, January 2007.

[7]

J.P. Ellch. Fingerprinting 802.11 devices. Master's thesis, U.S. Naval Postgraduate School, September 2006.

[8]

Jason Franklin, Damon McCoy, Parisa Tabriz, Vicentiu Neagoe, Jamie Van Randwyk, and Douglas Sicker. Passive data link layer 802.11 wireless device driver fingerprinting. In Proceedings of 15th USENIX Security Symposium, pages 167--178. USENIX, August 2006.

Digital Library

[9]

The Shmoo group. 802.11 bait, the tackle for wireless phishing. Toorcon, October 2005.

[10]

Suman Jana and Sneha Kumar Kasera. On fast and accurate detection of unauthorized wireless access points using clock skews. In MobiCom'08: Proceedings of the 14th ACM international conference on Mobile computing and networking, pages 104--115. ACM, 2008.

Digital Library

[11]

Tadayoshi Kohno, Andre Broido, and K.C. Claffy. Remote physical device fingerprinting. IEEE Transactions on Dependable and Secure Computing, 2(2):93--108, 2005.

Digital Library

[12]

S.B. Moon, P. Skelly, and D. Towsley. Estimation and removal of clock skew from network delay measurements. In IEEE INFOCOM'99, volume 1, pages 227--234, March 1999.

[13]

H D Moore. Mastering the Metasploit framework. http://www.blackhat.com/html/bh-usa-09/train-bh-usa-09-hdm--meta.html, July 2009.

[14]

Simple Nomad. Hacking the friendly skies. Shmoocon, January 2006.

[15]

Dino A. Dai Zovi and Shane "K2" Macaulay. Karma. http://trailofbits.wordpress.com/karma/.

Cited By

Gui SDai LShi MWang JTang CWu HZhao J(2024)GNSS Receiver Fingerprinting Based on Time Skew of Embedded CSAC ClockSensors10.3390/s2415489724:15(4897)Online publication date: 28-Jul-2024
https://doi.org/10.3390/s24154897
Han XXiong JShen WWei MZhao SLu ZLiu Y(2024)The Perils of Wi-Fi Spoofing Attack Via Geolocation API and its DefenseIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.3352981(1-17)Online publication date: 2024
https://doi.org/10.1109/TDSC.2024.3352981
Givehchian HBhaskar NRedding AZhao HSchulman ABharadia D(2024)Practical Obfuscation of BLE Physical-Layer Fingerprints on Mobile Devices2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00073(2867-2885)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00073
Show More Cited By

Index Terms

On the reliability of wireless fingerprinting using clock skews
1. Networks
  1. Network architectures

Recommendations

On fast and accurate detection of unauthorized wireless access points using clock skews
MobiCom '08: Proceedings of the 14th ACM international conference on Mobile computing and networking

We explore the use of clock skew of a wireless local area network access point (AP) as its fingerprint to detect unauthorized APs quickly and accurately. The main goal behind using clock skews is to overcome one of the major limitations of existing ...
On Fast and Accurate Detection of Unauthorized Wireless Access Points Using Clock Skews

We explore the use of clock skew of a wireless local area network access point (AP) as its fingerprint to detect unauthorized APs quickly and accurately. The main goal behind using clock skews is to overcome one of the major limitations of existing ...
Statistical skew modeling for general clock distribution networks in presence of process variations

Clock skew modeling is important in the performance evaluation and prediction of clock distribution networks. This paper addresses the problem of statistical skew modeling for general clock distribution networks in the presence of process variations. ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WiSec '10: Proceedings of the third ACM conference on Wireless network security

March 2010

186 pages

ISBN:9781605589237

DOI:10.1145/1741866

General Chair:
Susanne Wetzel
Stevens Institute of Technology, USA
,
Program Chairs:
Cristina Nita-Rotaru
Purdue University, USA
,
Frank Stajano
University of Cambridge, UK

Copyright © 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

In-Cooperation

SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 March 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

WISEC '10

Sponsor:

SIGSAC

WISEC '10: Third ACM Conference on Wireless Network Security

March 22 - 24, 2010

New Jersey, Hoboken, USA

Acceptance Rates

Overall Acceptance Rate 98 of 338 submissions, 29%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

71
Total Citations
View Citations
493
Total Downloads

Downloads (Last 12 months)18
Downloads (Last 6 weeks)2

Reflects downloads up to 07 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Gui SDai LShi MWang JTang CWu HZhao J(2024)GNSS Receiver Fingerprinting Based on Time Skew of Embedded CSAC ClockSensors10.3390/s2415489724:15(4897)Online publication date: 28-Jul-2024
https://doi.org/10.3390/s24154897
Han XXiong JShen WWei MZhao SLu ZLiu Y(2024)The Perils of Wi-Fi Spoofing Attack Via Geolocation API and its DefenseIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.3352981(1-17)Online publication date: 2024
https://doi.org/10.1109/TDSC.2024.3352981
Givehchian HBhaskar NRedding AZhao HSchulman ABharadia D(2024)Practical Obfuscation of BLE Physical-Layer Fingerprints on Mobile Devices2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00073(2867-2885)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00073
Li YLin HLv JGao YDong W(2024)BLE Location Tracking Attacks by Exploiting Frequency Synthesizer ImperfectionIEEE INFOCOM 2024 - IEEE Conference on Computer Communications10.1109/INFOCOM52122.2024.10621247(1860-1869)Online publication date: 20-May-2024
https://doi.org/10.1109/INFOCOM52122.2024.10621247
Lavoie PNaboulsi DGagnon F(2024)Clustering of radio emitter characteristics with complex-valued CNNs2024 IEEE Canadian Conference on Electrical and Computer Engineering (CCECE)10.1109/CCECE59415.2024.10667267(283-288)Online publication date: 6-Aug-2024
https://doi.org/10.1109/CCECE59415.2024.10667267
Mishra AViana AAchir N(2024)Bleach: From WiFi probe-request signatures to MAC associationAd Hoc Networks10.1016/j.adhoc.2024.103623164(103623)Online publication date: Nov-2024
https://doi.org/10.1016/j.adhoc.2024.103623
Bar-on MBezawada BRay IRay I(2024)A Small World–Privacy Preserving IoT Device-Type Fingerprinting with Small DatasetsFoundations and Practice of Security10.1007/978-3-031-57537-2_7(104-122)Online publication date: 25-Apr-2024
https://doi.org/10.1007/978-3-031-57537-2_7
Zhang JLi XLi JDai QLing ZYang M(2023)Bluetooth Low Energy Device Identification Based on Link Layer Broadcast Packet FingerprintingTsinghua Science and Technology10.26599/TST.2022.901005928:5(1-11)Online publication date: Oct-2023
https://doi.org/10.26599/TST.2022.9010059
Zhao XChen WSrinivasan KBoureanu ISchneider SReaves BTippenhauer N(2023)Malicious Relay Detection and Legitimate Channel RecoveryProceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3558482.3590193(353-363)Online publication date: 29-May-2023
https://dl.acm.org/doi/10.1145/3558482.3590193
Chatzisofroniou GKotzanikolaou PGroß TViganò L(2022)Exploiting WiFi usability features for association attacks in IEEE 802.11Journal of Computer Security10.3233/JCS-21003630:3(357-380)Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.3233/JCS-210036
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents