GTID: A Technique for Physical Device and Device Type Fingerprinting
In this paper, we introduce GTID, a technique that can actively and passively fingerprint wireless devices and their types using wire-side observations in a local network. GTID exploits information that is leaked as a result of heterogeneity in devices, which is a function of different device hardwa...
Gespeichert in:
| Veröffentlicht in: | IEEE transactions on dependable and secure computing 2015-09, Vol.12 (5), p.519-532 |
|---|---|
| Hauptverfasser: | , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 532 |
|---|---|
| container_issue | 5 |
| container_start_page | 519 |
| container_title | IEEE transactions on dependable and secure computing |
| container_volume | 12 |
| creator | Radhakrishnan, Sakthi Vignesh Uluagac, A. Selcuk Beyah, Raheem |
| description | In this paper, we introduce GTID, a technique that can actively and passively fingerprint wireless devices and their types using wire-side observations in a local network. GTID exploits information that is leaked as a result of heterogeneity in devices, which is a function of different device hardware compositions and variations in devices' clock skew. We apply statistical techniques on network traffic to create unique, reproducible device and device type signatures, and use artificial neural networks (ANNs) for classification. We demonstrate the efficacy of our technique on both an isolated testbed and a live campus network (during peak hours) using a corpus of 37 devices representing a wide range of device classes (e.g., iPads, iPhones, Google Phones, etc.) and traffic types (e.g., Skype, SCP, ICMP, etc.). Our experiments provided more than 300 GB of traffic captures which we used for ANN training and performance evaluation. In order for any fingerprinting technique to be practical, it must be able to detect previously unseen devices (i.e., devices for which no stored signature is available) and must be able to withstand various attacks. GTID is a fingerprinting technique to detect previously unseen devices and to illustrate its resilience under various attacker models. We measure the performance of GTID by considering accuracy, recall, and processing time and also illustrate how it can be used to complement existing security mechanisms (e.g., authentication systems) and to detect counterfeit devices. |
| doi_str_mv | 10.1109/TDSC.2014.2369033 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_RIE</sourceid><recordid>TN_cdi_proquest_journals_1712305606</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>6951398</ieee_id><sourcerecordid>3806795781</sourcerecordid><originalsourceid>FETCH-LOGICAL-c293t-fe80d82aa750b1f446cb997e120e2d0c8c8a07990301a3cb217180c3817bd7673</originalsourceid><addsrcrecordid>eNo9kMFKAzEQhoMoWKsPIF4WPG-dSbKbxFvptrVQUHA9h2w2a7fU3Zq0Qt_elFZP8x--mfn5CLlHGCGCeiqL98mIAvIRZbkCxi7IABXHFADlZcwZz9JMCbwmNyGsASiXig9IMS8XxXMyTkpnV137vXdJ0_vkbXUIrTWbpHA_rXWJ6eq_WB62Lpm13afzW992u5huyVVjNsHdneeQfMym5eQlXb7OF5PxMrVUsV3aOAm1pMaIDCpsOM9tpZRwSMHRGqy00oBQsT2gYbaiKFCCZRJFVYtcsCF5PN3d-j42DTu97ve-iy91RCmDLIc8UniirO9D8K7RseeX8QeNoI-y9FGWPsrSZ1lx5-G00zrn_vlcZciUZL-P6mMC</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1712305606</pqid></control><display><type>article</type><title>GTID: A Technique for Physical Device and Device Type Fingerprinting</title><source>IEEE Electronic Library (IEL)</source><creator>Radhakrishnan, Sakthi Vignesh ; Uluagac, A. Selcuk ; Beyah, Raheem</creator><creatorcontrib>Radhakrishnan, Sakthi Vignesh ; Uluagac, A. Selcuk ; Beyah, Raheem</creatorcontrib><description>In this paper, we introduce GTID, a technique that can actively and passively fingerprint wireless devices and their types using wire-side observations in a local network. GTID exploits information that is leaked as a result of heterogeneity in devices, which is a function of different device hardware compositions and variations in devices' clock skew. We apply statistical techniques on network traffic to create unique, reproducible device and device type signatures, and use artificial neural networks (ANNs) for classification. We demonstrate the efficacy of our technique on both an isolated testbed and a live campus network (during peak hours) using a corpus of 37 devices representing a wide range of device classes (e.g., iPads, iPhones, Google Phones, etc.) and traffic types (e.g., Skype, SCP, ICMP, etc.). Our experiments provided more than 300 GB of traffic captures which we used for ANN training and performance evaluation. In order for any fingerprinting technique to be practical, it must be able to detect previously unseen devices (i.e., devices for which no stored signature is available) and must be able to withstand various attacks. GTID is a fingerprinting technique to detect previously unseen devices and to illustrate its resilience under various attacker models. We measure the performance of GTID by considering accuracy, recall, and processing time and also illustrate how it can be used to complement existing security mechanisms (e.g., authentication systems) and to detect counterfeit devices.</description><identifier>ISSN: 1545-5971</identifier><identifier>EISSN: 1941-0018</identifier><identifier>DOI: 10.1109/TDSC.2014.2369033</identifier><identifier>CODEN: ITDSCM</identifier><language>eng</language><publisher>Washington: IEEE</publisher><subject>Artificial neural networks ; Clocks ; Communication system security ; Counterfeiting ; Data integrity ; Device Fingerprinting ; Device Type Fingerprinting ; Digital signatures ; Fingerprinting ; GTID ; Neural networks ; Object recognition ; Performance evaluation ; Protocols ; Studies ; Timing ; Traffic congestion ; Wireless communication ; Wireless Device Fingerprinting</subject><ispartof>IEEE transactions on dependable and secure computing, 2015-09, Vol.12 (5), p.519-532</ispartof><rights>Copyright IEEE Computer Society Sep-Oct 2015</rights><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c293t-fe80d82aa750b1f446cb997e120e2d0c8c8a07990301a3cb217180c3817bd7673</citedby><cites>FETCH-LOGICAL-c293t-fe80d82aa750b1f446cb997e120e2d0c8c8a07990301a3cb217180c3817bd7673</cites><orcidid>0000-0002-9823-3464</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/6951398$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,780,784,796,27924,27925,54758</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/6951398$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Radhakrishnan, Sakthi Vignesh</creatorcontrib><creatorcontrib>Uluagac, A. Selcuk</creatorcontrib><creatorcontrib>Beyah, Raheem</creatorcontrib><title>GTID: A Technique for Physical Device and Device Type Fingerprinting</title><title>IEEE transactions on dependable and secure computing</title><addtitle>TDSC</addtitle><description>In this paper, we introduce GTID, a technique that can actively and passively fingerprint wireless devices and their types using wire-side observations in a local network. GTID exploits information that is leaked as a result of heterogeneity in devices, which is a function of different device hardware compositions and variations in devices' clock skew. We apply statistical techniques on network traffic to create unique, reproducible device and device type signatures, and use artificial neural networks (ANNs) for classification. We demonstrate the efficacy of our technique on both an isolated testbed and a live campus network (during peak hours) using a corpus of 37 devices representing a wide range of device classes (e.g., iPads, iPhones, Google Phones, etc.) and traffic types (e.g., Skype, SCP, ICMP, etc.). Our experiments provided more than 300 GB of traffic captures which we used for ANN training and performance evaluation. In order for any fingerprinting technique to be practical, it must be able to detect previously unseen devices (i.e., devices for which no stored signature is available) and must be able to withstand various attacks. GTID is a fingerprinting technique to detect previously unseen devices and to illustrate its resilience under various attacker models. We measure the performance of GTID by considering accuracy, recall, and processing time and also illustrate how it can be used to complement existing security mechanisms (e.g., authentication systems) and to detect counterfeit devices.</description><subject>Artificial neural networks</subject><subject>Clocks</subject><subject>Communication system security</subject><subject>Counterfeiting</subject><subject>Data integrity</subject><subject>Device Fingerprinting</subject><subject>Device Type Fingerprinting</subject><subject>Digital signatures</subject><subject>Fingerprinting</subject><subject>GTID</subject><subject>Neural networks</subject><subject>Object recognition</subject><subject>Performance evaluation</subject><subject>Protocols</subject><subject>Studies</subject><subject>Timing</subject><subject>Traffic congestion</subject><subject>Wireless communication</subject><subject>Wireless Device Fingerprinting</subject><issn>1545-5971</issn><issn>1941-0018</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2015</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><recordid>eNo9kMFKAzEQhoMoWKsPIF4WPG-dSbKbxFvptrVQUHA9h2w2a7fU3Zq0Qt_elFZP8x--mfn5CLlHGCGCeiqL98mIAvIRZbkCxi7IABXHFADlZcwZz9JMCbwmNyGsASiXig9IMS8XxXMyTkpnV137vXdJ0_vkbXUIrTWbpHA_rXWJ6eq_WB62Lpm13afzW992u5huyVVjNsHdneeQfMym5eQlXb7OF5PxMrVUsV3aOAm1pMaIDCpsOM9tpZRwSMHRGqy00oBQsT2gYbaiKFCCZRJFVYtcsCF5PN3d-j42DTu97ve-iy91RCmDLIc8UniirO9D8K7RseeX8QeNoI-y9FGWPsrSZ1lx5-G00zrn_vlcZciUZL-P6mMC</recordid><startdate>201509</startdate><enddate>201509</enddate><creator>Radhakrishnan, Sakthi Vignesh</creator><creator>Uluagac, A. Selcuk</creator><creator>Beyah, Raheem</creator><general>IEEE</general><general>IEEE Computer Society</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>JQ2</scope><orcidid>https://orcid.org/0000-0002-9823-3464</orcidid></search><sort><creationdate>201509</creationdate><title>GTID: A Technique for Physical Device and Device Type Fingerprinting</title><author>Radhakrishnan, Sakthi Vignesh ; Uluagac, A. Selcuk ; Beyah, Raheem</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c293t-fe80d82aa750b1f446cb997e120e2d0c8c8a07990301a3cb217180c3817bd7673</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2015</creationdate><topic>Artificial neural networks</topic><topic>Clocks</topic><topic>Communication system security</topic><topic>Counterfeiting</topic><topic>Data integrity</topic><topic>Device Fingerprinting</topic><topic>Device Type Fingerprinting</topic><topic>Digital signatures</topic><topic>Fingerprinting</topic><topic>GTID</topic><topic>Neural networks</topic><topic>Object recognition</topic><topic>Performance evaluation</topic><topic>Protocols</topic><topic>Studies</topic><topic>Timing</topic><topic>Traffic congestion</topic><topic>Wireless communication</topic><topic>Wireless Device Fingerprinting</topic><toplevel>online_resources</toplevel><creatorcontrib>Radhakrishnan, Sakthi Vignesh</creatorcontrib><creatorcontrib>Uluagac, A. Selcuk</creatorcontrib><creatorcontrib>Beyah, Raheem</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>ProQuest Computer Science Collection</collection><jtitle>IEEE transactions on dependable and secure computing</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Radhakrishnan, Sakthi Vignesh</au><au>Uluagac, A. Selcuk</au><au>Beyah, Raheem</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>GTID: A Technique for Physical Device and Device Type Fingerprinting</atitle><jtitle>IEEE transactions on dependable and secure computing</jtitle><stitle>TDSC</stitle><date>2015-09</date><risdate>2015</risdate><volume>12</volume><issue>5</issue><spage>519</spage><epage>532</epage><pages>519-532</pages><issn>1545-5971</issn><eissn>1941-0018</eissn><coden>ITDSCM</coden><abstract>In this paper, we introduce GTID, a technique that can actively and passively fingerprint wireless devices and their types using wire-side observations in a local network. GTID exploits information that is leaked as a result of heterogeneity in devices, which is a function of different device hardware compositions and variations in devices' clock skew. We apply statistical techniques on network traffic to create unique, reproducible device and device type signatures, and use artificial neural networks (ANNs) for classification. We demonstrate the efficacy of our technique on both an isolated testbed and a live campus network (during peak hours) using a corpus of 37 devices representing a wide range of device classes (e.g., iPads, iPhones, Google Phones, etc.) and traffic types (e.g., Skype, SCP, ICMP, etc.). Our experiments provided more than 300 GB of traffic captures which we used for ANN training and performance evaluation. In order for any fingerprinting technique to be practical, it must be able to detect previously unseen devices (i.e., devices for which no stored signature is available) and must be able to withstand various attacks. GTID is a fingerprinting technique to detect previously unseen devices and to illustrate its resilience under various attacker models. We measure the performance of GTID by considering accuracy, recall, and processing time and also illustrate how it can be used to complement existing security mechanisms (e.g., authentication systems) and to detect counterfeit devices.</abstract><cop>Washington</cop><pub>IEEE</pub><doi>10.1109/TDSC.2014.2369033</doi><tpages>14</tpages><orcidid>https://orcid.org/0000-0002-9823-3464</orcidid></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | ISSN: 1545-5971 |
| ispartof | IEEE transactions on dependable and secure computing, 2015-09, Vol.12 (5), p.519-532 |
| issn | 1545-5971 1941-0018 |
| language | eng |
| recordid | cdi_proquest_journals_1712305606 |
| source | IEEE Electronic Library (IEL) |
| subjects | Artificial neural networks Clocks Communication system security Counterfeiting Data integrity Device Fingerprinting Device Type Fingerprinting Digital signatures Fingerprinting GTID Neural networks Object recognition Performance evaluation Protocols Studies Timing Traffic congestion Wireless communication Wireless Device Fingerprinting |
| title | GTID: A Technique for Physical Device and Device Type Fingerprinting |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-26T01%3A58%3A45IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=GTID:%20A%20Technique%20for%20Physical%20Device%20and%20Device%20Type%20Fingerprinting&rft.jtitle=IEEE%20transactions%20on%20dependable%20and%20secure%20computing&rft.au=Radhakrishnan,%20Sakthi%20Vignesh&rft.date=2015-09&rft.volume=12&rft.issue=5&rft.spage=519&rft.epage=532&rft.pages=519-532&rft.issn=1545-5971&rft.eissn=1941-0018&rft.coden=ITDSCM&rft_id=info:doi/10.1109/TDSC.2014.2369033&rft_dat=%3Cproquest_RIE%3E3806795781%3C/proquest_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1712305606&rft_id=info:pmid/&rft_ieee_id=6951398&rfr_iscdi=true |