Fingerprinting WiFi Devices using Software Defined Radios
Tien D. Vo-Huu, Triet D. Vo-Huu, Guevara Noubir
Wi-Fi (IEEE 802.11), is emerging as the primary medium for wireless Internet access. Cellular carriers are increasingly offloading their traffic to Wi-Fi Access Points to overcome capacity challenges, limited RF spectrum availability, cost of deployment, and keep up with the traffic demands driven by user generated content. The ubiquity of Wi-Fi and its emergence as a universal wireless interface makes it the perfect tracking device. The Wi-Fi offloading trend provides ample opportunities for adversaries to collect samples (e.g., Wi-Fi probes) and track the mobility patterns and location of users. In this work, we show that RF fingerprinting of Wi-Fi devices is feasible using commodity software defined radio platforms. We developed a framework for reproducible RF fingerprinting analysis of Wi-Fi cards. We developed a set of techniques for distinguishing Wi-Fi cards, most are unique to the IEEE802.11a/g/p standard, including scrambling seed pattern, carrier frequency offset, sampling frequency offset, transient ramp-up/down periods, and a symmetric Kullback-Liebler divergence-based separation technique. We evaluated the performance of our techniques over a set of 93 Wi-Fi devices spanning 13 models of cards. In order to assess the potential of the proposed techniques on similar devices, we used 3 sets of 26 Wi-Fi devices of identical model. Our results, indicate that it is easy to distinguish between models with a success rate of 95%. It is also possible to uniquely identify a device with 47% success rate if the samples are collected within a 10s interval of time.
This paper introduces a software defined radio stack for 802.11 (up to 54Mbps) that is used to fingerprint Wi-Fi devices. This approach is much cheaper than using a signal analyzer to perform physical layer fingerprinting. It also allows control over the entire radio and protocol stack. In contrast, a signal analyzer is limited fingerprinting physical layer features, and hardware WiFi device does not expose information from the lower layers. The evaluation is performed on 93 different devices from 13 different models.
The reviewers felt that the paper reflects a significant amount of work to build and evaluate this low cost and very flexible fingerprinting tool and the introduced techniques. They thought that the fingerprinting success rate for model identification is quite good, but that the identification of similar devices is currently rather low. The reviewers hope that this could be improved in the future. Also future work should provide a comparison with similar work using standard fingerprinting metrics such as the ROC (Receiver Operating Characteristic) curves and EER (Equal Error Rates).