Abstract
Many wireless Internet access operators prefer open local area network (WLAN) access because this reduces the need for user assistance for a variety of smaller devices. A 802.11 MAC spoofer masquerades as an authorized user and gains access by using an already whitelisted MAC address. We consider the scenario where the spoofer waits until the authorized user has finished the session, and then uses the still whitelisted MAC address for the network access. We propose and experiment with “implementation fingerprints” that can be used to detect MAC layer spoofing in this setting. We include eight different tests in the detection algorithm, resulting in 2.8 in average Hamming distance of the tests. Eleven different STA devices are tested with promising detection results. No precomputed database of fingerprints is needed.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Holgernes, E.: Detecting Identity Thefts in Open 802.11e Enabled Wireless Networks. Masters thesis, Department of Telematics, NTNU, 109 pages (June 2010), http://daim.idi.ntnu.no/masteroppgave?id=5476
Idland, C.: Detecting MAC Spoofing Attacks in 802.11 Networks through Fingerprinting on the MAC Layer. Masters thesis, Department of Telematics, NTNU, 96 pages (June 2011), http://daim.idi.ntnu.no/masteroppgave?id=6260
Eian, M., Mjølsnes, S.F.: The modeling and comparison of wireless network denial of service attacks. In: Proceedings of the 3rd ACM SOSP Workshop on Networking, Systems, and Applications on Mobile Handhelds. ACM (2011)
Franklin, J., McCoy, D., Tabriz, P., Neagoe, V., Van Randwyk, J., Sicker, D.: Passive Data Link Layer 802.11 Wireless Device Driver Fingerprinting. In: Proceedings of the 15th Conference on USENIX Security Symposium, vol. 15 (2006)
Gopinath, K.N., Bhagwat, P., Gopinath, K.: An empirical analysis of heterogeneity in IEEE 802.11 MAC protocol implementations and its implications. In: Proceedings of the 1st International Workshop on Wireless Network Testbeds, Experimental Evaluation & Characterization (2006)
IEEE. IEEE Standard for Information Technology—Telecommunications and Information Exchange Between Systems— Local and Metropolitan Area Networks—Specific Requirements. Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. Technical Report. IEEE (2007)
Gu, W., Yang, Z., Que, C., Xuan, D., Jia, W.: On Security Vulnerabilities of Null Data Frames in IEEE 802.11 based WLANs. In: Proceedings of The 28th International Conference on Distributed Computing Systems, pp. 28–35. IEEE (2008)
fdXtended. HSMX - Internet Access Platform, Datasheet (June 9, 2011), http://www.fdxtended.com/datasheets/HSMX-datasheet.pdf (retrieved)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Idland, C., Jelle, T., Mjølsnes, S.F. (2013). Detection of Masqueraded Wireless Access Using 802.11 MAC Layer Fingerprints. In: Rogers, M., Seigfried-Spellar, K.C. (eds) Digital Forensics and Cyber Crime. ICDF2C 2012. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 114. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39891-9_18
Download citation
DOI: https://doi.org/10.1007/978-3-642-39891-9_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-39890-2
Online ISBN: 978-3-642-39891-9
eBook Packages: Computer ScienceComputer Science (R0)