Detecting intrusions at layer one: device fingerprinting for network access authorization
Jackson, Edward Alan (2006) Detecting intrusions at layer one: device fingerprinting for network access authorization. Masters thesis, Iowa State University.
Full text available as:
In modern computer networks, administrators have limited control over physical security of the network. Although reasonable control may be exercised over the digital services running on the network, the administrator can often do little to prevent unauthorized physical connections. The DILON (Detecting Intrusions at Layer ONe) research project is based on the hypothesis that due to inevitable variations in the construction of network devices, each will have a unique "voiceprint" or "fingerprint" which may be used to identify it, and that these features may be extracted from sections of data required by the data link protocols used on most networks. This presents the possibility of detecting connections by intruders who use techniques such as MAC address spoofing to pose as an authorized network user. It may also eventually be possible to use changes in the voiceprint to detect imminent device failure. We present a brief background of the DILON project, followed by an overview of the fingerprinting methods investigated so far. These methods draw on tools used in a variety of fields, ranging from engineering to collider physics to process quality control. The common goal is to identify parameters which may be used to uniquely identify a device and to monitor those parameters over time. The methods presented have met with varying levels of success so far, but all have shown promise for future work with both wired and wireless network security applications.
Archive Staff Only: edit this record