IEEE 802.11 wireless networks are plagued with problems of unauthorized access. Left undetected, unauthorized access is the precursor to additional mischief. Current approaches to detecting intruders are invasive or can be evaded by stealthy attackers. We propose the use of spectral analysis to identify the type of wireless network interface card (NIC). This mechanism can be applied to support the detection of unauthorized systems that use NICs which are different from that of a legitimate system.
We focus on two functions, active scanning and dynamic rate switching, required by the 802.11 standard that are implemented in the hardware and software of the wireless NIC. We show that the implementation of these functions influence the transmission patterns of a wireless stream that are observable through traffic analysis. Furthermore, differences in the behavior of a wireless stream caused by differences in the implementation of these functions are exploited to establish the identity of a NIC. Our mechanism for NIC identification uses signal processing to analyze the periodicity embedded in the wireless traffic caused by active scanning and rate switching. A spectral profile is created from the periodic components of the traffic and used for the identity of the wireless NIC. We show that we can discern between NICs manufactured by different vendors and NICs within the same manufacturer using the spectral profile.
| Identifer | oai:union.ndltd.org:GATECH/oai:smartech.gatech.edu:1853/10500 |
| Date | 06 April 2006 |
| Creators | Corbett, Cherita L. |
| Publisher | Georgia Institute of Technology |
| Source Sets | Georgia Tech Electronic Thesis and Dissertation Archive |
| Language | en_US |
| Detected Language | English |
| Type | Dissertation |
| Format | 2685921 bytes, application/pdf |
Page generated in 0.002 seconds