首页> 外文期刊>Mobile Computing, IEEE Transactions on >On Fast and Accurate Detection of Unauthorized Wireless Access Points Using Clock Skews
【24h】

On Fast and Accurate Detection of Unauthorized Wireless Access Points Using Clock Skews

机译:利用时钟偏斜快速准确地检测未经授权的无线访问点

获取原文
获取原文并翻译 | 示例

摘要

We explore the use of clock skew of a wireless local area network access point (AP) as its fingerprint to detect unauthorized APs quickly and accurately. The main goal behind using clock skews is to overcome one of the major limitations of existing solutionsȁ4;the inability to effectively detect Medium Access Control (MAC) address spoofing. We calculate the clock skew of an AP from the IEEE 802.11 Time Synchronization Function (TSF) time stamps sent out in the beacon/probe response frames. We use two different methods for this purposeȁ4;one based on linear programming and the other based on least-square fit. We supplement these methods with a heuristic for differentiating original packets from those sent by the fake APs. We collect TSF time stamp data from several APs in three different residential settings. Using our measurement data as well as data obtained from a large conference setting, we find that clock skews remain consistent over time for the same AP but vary significantly across APs. Furthermore, we improve the resolution of received time stamp of the frames and show that with this enhancement, our methodology can find clock skews very quickly, using 50-100 packets in most of the cases. We also discuss and quantify the impact of various external factors including temperature variation, virtualization, clock source selection, and NTP synchronization on clock skews. Our results indicate that the use of clock skews appears to be an efficient and robust method for detecting fake APs in wireless local area networks.
机译:我们探索使用无线局域网访问点(AP)的时钟偏斜作为其指纹来快速准确地检测未经授权的AP。使用时钟偏斜的主要目的是克服现有解决方案的主要限制之一[4];无法有效检测媒体访问控制(MAC)地址欺骗。我们根据信标/探针响应帧中发送的IEEE 802.11时间同步功能(TSF)时间戳计算AP的时钟偏斜。为此,我们使用两种不同的方法[4];一种基于线性规划,另一种基于最小二乘拟合。我们用启发式方法补充这些方法,以区分原始数据包与伪造的AP发送的数据包。我们从三个不同的住宅环境中的几个AP收集TSF时间戳数据。使用我们的测量数据以及从大型会议设置中获得的数据,我们发现相同AP的时钟偏斜在时间上保持一致,但在各个AP之间差异很大。此外,我们提高了帧接收时间戳的分辨率,并表明通过这种增强,我们的方法可以非常快速地找到时钟偏斜,在大多数情况下使用50-100个数据包。我们还将讨论并量化各种外部因素(包括温度变化,虚拟化,时钟源选择和NTP同步)对时钟偏斜的影响。我们的结果表明,使用时钟偏斜似乎是一种用于检测无线局域网中伪造AP的有效且健壮的方法。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有
  • 客服微信

  • 服务号