Towards Designing of Wireless Device Fingerprinting Systems

Abstract

The current communication era prefers wireless networks over wired networks. The advantages of seamless connectivity, ease of use, and cost effectiveness have led to a large-scale migration from wired infrastructure to wireless infrastructure. Providing foolproof security is one of the major concerns of a wireless network. Message confidentiality can be assured by Wi-Fi encryption protocols such as Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), Wi-Fi Protected Access II (WPA2), and the latest Wi-Fi Protected Access 3 (WPA3). Authentication of users is performed through Remote Authentication Dial-In User Service (RADIUS). There is, however, a lack of device authentication in the current wireless network infrastructure. Filtering based on physical addresses can easily be circumvented. The need for a device authentication mechanism has become increasingly important in order to identify devices connected to a network. The process of generating the unique profile for each device by extracting the discriminating pattern imbibed in their network characteristics is known as device fingerprinting. Over the past decade, device fingerprinting systems have made remarkable advancements. In spite of this, there are still a number of open challenges in the field of device fingerprinting. In this thesis, we attempt to design a device and device type fingerprinting system within a wireless network infrastructure based upon IEEE 802.11. A primary objective of this research is to propose various methods for selecting features, extracting features, generating fingerprints and developing classifiers for fingerprinting devices and types. As part of this thesis, a method of device type fingerprinting is employed in order to determine how to categorize devices based on their make. Inputs to the proposed model come from the probe requests that are emitted from the target device. Feature selection is based on correlation among the various fields in the packet header in order to choose the most suitable one. To generate fingerprints that are distinctive for each device, statistical techniques have been employed. The classification of device types is based on distance similarity techniques. This technique uses a set of features extracted from each packet request to create a fingerprint. The fingerprints are then compared to a database of known fingerprints from other devices in order to determine the class of the device. The classification is based on how well the features of each fingerprint match those in the database. Detecting a device’s make/vendor can only be accomplished by fingerprinting its type. In contrast, it is more challenging to identify each and every device connected to a wireless network. Subsequent contributions of the thesis focus on the identification of end user devices in networks using device fingerprinting techniques. It has been discussed how device fingerprinting can be used for identifying end-user devices. A technique based on packet sequence number was used prior to device fingerprinting to remove outliers. Due to heterogeneity in devices, the time-variant behavior of network traffic stemming from different devices has been utilized to create distinct, reproducible device fingerprints. For feature extraction the built-in scale localization and multi resolution ability of biorthogonal wavelets has been applied. The wavelet algorithm is ideal for the detection of hidden, but highly regular/irregular traffic patterns in captured network parameters. To generate the device fingerprint, the energy, variance, and entropy present in the detailed coefficients are calculated. A classifier that is based on ensembles is used for the classification of devices. Biorthogonal wavelets have two orthogonal wavelet functions that are combined in a wavelet transform, which makes them suitable for multiresolution feature extraction. The energy is a measure of the strength of the signal, the variance is a measure of the signal’s regularity, and entropy is a measure of the signal’s randomness. The combination of these parameters in the wavelet transform allows for the detection of hidden traffic patterns, and the device classification is based on an ensemble of classifiers, which increases the accuracy of the device identification. Although wavelet transformation and ensemble classifier produces fair results, they are computationally intensive because of the complexities involved in them. Therefore, the objective is to develop a device fingerprinting method that is computationally efficient and provides better accuracy than the previous method. For the generation of device fingerprints, an optimized histogram-based feature extraction technique has been used. In order to minimize the expected L2 loss between the histogram and the underlying density function, the optimized histogram method estimates a bin-width which minimizes the expected loss. To classify devices, a single hidden layer feed forward neural network known as Extreme Learning Machine (ELM) was used. Despite being derived from an artificial neural network, ELM is much faster than conventional neural networks, resulting in improved performance. Since ELM is not iterative, it facilitates faster decision-making since it does not require weights and biases to be adjusted. Additionally, the Jaya optimization algorithm is used to fine tune the parameters. ELM has fewer parameters than other neural networks, which makes it more computationally efficient. This also reduces the complexity of the model, making it easier to interpret and understand. The last contribution uses deep learning algorithms to address the problem of selecting and extracting appropriate features from input data. The thesis concludes with the development of a deep convolution neural network model for fingerprinting multiple devices. This deep neural network architecture facilitates end-to-end learning and is capable of achieving promising results. The deep learning algorithms allow for the extraction of features that are not immediately apparent, such as patterns in the data that can be difficult to detect by hand. Furthermore, the deep neural network architecture allows for the efficient training and testing of models, as well as the ability to generalize to new data. This enables the model to accurately detect and identify multiple devices, even when presented with novel data. An extensive set of experiments has been conducted separately for device fingerprinting and type fingerprinting. Each proposed framework has been evaluated using benchmark datasets. Our proposed frameworks have been compared with the state-of-the-art fingerprinting schemes based on their accuracy, frame count, and number of devices involved. Compared to their counterparts, the proposed methods perform better. Our proposed frameworks are more efficient in terms of accuracy, frame count, and the number of devices involved. The benchmarks used to evaluate the approaches are more stringent, which ensures that the results are representative of real-world scenarios. Furthermore, the experiments we conducted independently gave us more insight into the strengths and weaknesses of each framework.