Research Article
Detection of Masqueraded Wireless Access Using 802.11 MAC Layer Fingerprints
@INPROCEEDINGS{10.1007/978-3-642-39891-9_18, author={Christer Idland and Thomas Jelle and Stig Mj\`{u}lsnes}, title={Detection of Masqueraded Wireless Access Using 802.11 MAC Layer Fingerprints}, proceedings={Digital Forensics and Cyber Crime. 4th International Conference, ICDF2C 2012, Lafayette, IN, USA, October 25-26, 2012, Revised Selected Papers}, proceedings_a={ICDF2C}, year={2013}, month={10}, keywords={WLAN 802.11 wireless media access layer masquerading intrusion detection network forensics communication fingerprints}, doi={10.1007/978-3-642-39891-9_18} }- Christer Idland
Thomas Jelle
Stig Mjølsnes
Year: 2013
Detection of Masqueraded Wireless Access Using 802.11 MAC Layer Fingerprints
ICDF2C
Springer
DOI: 10.1007/978-3-642-39891-9_18
Abstract
Many wireless Internet access operators prefer open local area network (WLAN) access because this reduces the need for user assistance for a variety of smaller devices. A 802.11 MAC spoofer masquerades as an authorized user and gains access by using an already whitelisted MAC address. We consider the scenario where the spoofer waits until the authorized user has finished the session, and then uses the still whitelisted MAC address for the network access. We propose and experiment with “implementation fingerprints” that can be used to detect MAC layer spoofing in this setting. We include eight different tests in the detection algorithm, resulting in 2.8 in average Hamming distance of the tests. Eleven different STA devices are tested with promising detection results. No precomputed database of fingerprints is needed.