ISU Electrical and Computer Engineering Archives

Detecting intrusions at layer one: device fingerprinting for network access authorization

Jackson, Edward Alan (2006) Detecting intrusions at layer one: device fingerprinting for network access authorization. Masters thesis, Iowa State University.

Full text available as:

PDF - Requires Adobe Acrobat Reader or other PDF viewer.


In modern computer networks, administrators have limited control over physical security of the network. Although reasonable control may be exercised over the digital services running on the network, the administrator can often do little to prevent unauthorized physical connections. The DILON (Detecting Intrusions at Layer ONe) research project is based on the hypothesis that due to inevitable variations in the construction of network devices, each will have a unique "voiceprint" or "fingerprint" which may be used to identify it, and that these features may be extracted from sections of data required by the data link protocols used on most networks. This presents the possibility of detecting connections by intruders who use techniques such as MAC address spoofing to pose as an authorized network user. It may also eventually be possible to use changes in the voiceprint to detect imminent device failure. We present a brief background of the DILON project, followed by an overview of the fingerprinting methods investigated so far. These methods draw on tools used in a variety of fields, ranging from engineering to collider physics to process quality control. The common goal is to identify parameters which may be used to uniquely identify a device and to monitor those parameters over time. The methods presented have met with varying levels of success so far, but all have shown promise for future work with both wired and wireless network security applications.

EPrint Type:Thesis (Masters)
Subjects:Electrical Engineering > ELECTROMAGNETICS & NONDESTRUCTIVE EVALUATION > Signal Processing Applications
Electrical Engineering > ELECTROMAGNETICS & NONDESTRUCTIVE EVALUATION > Computer and Communication Networking
Computer Engineering > INFORMATION SYSTEMS SECURITY & NETWORKING > Computer Networking and Security
ID Code:242
Identification Number:TR-2006-04-19
Deposited By:Edward Jackson
Deposited On:20 April 2006

Archive Staff Only: edit this record