AFIT alumni Major Benjamin Ramsey (PhD Computer Science, 2014 and M.S. Electrical Engineering, 2009) and AFIT Professor of Computer Engineering Dr. Barry Mullins (M.S. Computer Engineering, 1987) were awarded U.S. Patent #10,111,094 for Wireless Intrusion Detection and Device Fingerprinting Through Preamble Manipulation.
Summary of the invention:
Wireless networks are particularly vulnerable to spoofing and route poisoning attacks due to the contested transmission medium. Embodiments of the invention demonstrate a novel and complementary approach to exploiting physical layer differences among wireless devices that is more energy efficient and invariant with respect to the environment. Specifically, the embodiments exploit subtle design differences among transceiver hardware types. Transceivers fulfill the physical layer aspects of wireless networking protocols, yet specific hardware implementations vary among manufacturers and device types. Precise manipulation of the physical layer preamble may assist in preventing a subset of transceiver types from receiving the modified packet. By soliciting acknowledgments from wireless devices using a small number of packets with modified preambles, a response pattern identifies the true transceiver class of the device under test. Herein the embodiments demonstrate a transceiver taxonomy of eight manufacturers into seven classes with greater than 99% accuracy, irrespective of environment. Wireless multi-factor authentication, intrusion detection, and transceiver type fingerprinting through preamble manipulation is successfully demonstrated.
Embodiments of the invention provide a hardware environment and a method for establishing hardware identity of a coordinating device in a wireless network by a joining device. A standard PHY preamble is modified by the joining device to a preamble that can be received by the coordinating device having an expected hardware configuration. The modified PHY preamble is transmitted to the coordinating device with an association request by the joining device. If a response containing an association response from the coordinating device is not received by the joining device, the hardware configuration of the coordinating device is determined to not be the expected hardware configuration.
In some embodiments, if, in response to receiving a reply from the coordinating device, the standard PHY preamble is modified to a second modified preamble that can be received by the coordinating device having the expected hardware configuration and transmitted with a data request to the coordinating device. If a response containing an acknowledgment response from the coordinating device is not received by the joining device, the hardware configuration of the coordinating device is determined to not be the expected hardware configuration.
Embodiments of the invention may also be used to characterize a hardware identity of a device in a wireless network. A request with a modified PHY preamble is transmitted to the device. If a reply is received from the device, the device is characterized as a first hardware type. If no reply is received from the device, characterizing the device as not the first hardware type.
In some embodiments were no reply is received, a request is transmitted with a second modified PHY preamble different from the first modified PHY preamble. If a reply is received from the device, the device is characterized as a second hardware type. If no reply is received from the device, the device is characterized as not the first or second hardware type.
Additional objects, advantages, and novel features of the invention will be set forth in part in the description which follows, and in part will become apparent to those skilled in the art upon examination of the following or may be learned by practice of the invention. The objects and advantages of the invention may be realized and attained by means of the instrumentalities and combinations particularly pointed out in the appended claims.