Wireless Intrusion Detection and Device Fingerprinting through Preamble Manipulation

Wireless networks are particularly vulnerable to spoofing and route poisoning attacks due to the contested transmission medium. Recent works investigate physical layer features such as received signal strength or radio frequency fingerprints to localize and identify malicious devices. In this paper we demonstrate a novel and complementary approach to exploiting physical layer differences among wireless devices that is more energy efficient and invariant with respect to the environment. Specifically, we exploit subtle design differences among transceiver hardware types. Transceivers fulfill the physical-layer aspects of wireless networking protocols, yet specific hardware implementations vary among manufacturers and device types. In this paper we demonstrate that precise manipulation of the physical layer header prevents a subset of transceiver types from receiving the manipulated packet. By soliciting acknowledgments from wireless devices using a small number of packets with manipulated preambles and frame lengths, a response pattern identifies the true transceiver class of the device under test. Herein we demonstrate a transceiver taxonomy of six classes with greater than 99 percent accuracy, irrespective of environment. We successfully demonstrate wireless multi-factor authentication, intrusion detection, and transceiver type fingerprinting through preamble manipulation.