WiFi fingerprints could end MAC spoofing

A new security technique promises to uniquely identify any WiFi device in the world, so hackers cannot hide behind a fake MAC address.

Every wireless device has a unique signal "fingerprint" produced by variations produced in the manufacturing process for silicon components, according to Dr Jeyanthi Hall, of Carleton University in Ottawa.

As a doctoral student, Dr Hall analysed the RF signals of fifteen devices from six manufacturers, and found it was possible to distinguish clearly, even between devices from the same manufacturer.

Using "transceiverprints," Dr Hall got a detection rate of 95 percent, and a false positive rate of zero, according to papers submitted to various conferences, including IEEE events on wireless and security.

She achieved this reliability in the task of "recognising" the transceiverprint from a pre-recorded set - a job which could usefully be built into a wireless IDS, she says in the paper. Beyond this, things could get even more exciting: "It would be interesting to identify the correct transceiver (from the set of all profiled transceivers), using the same set of transceiverprints," she goes on.

Hall used a probabilistic neural network to work out the transceiverprint and compare it with stored prints.

Although the signal processing equipment and analysis software is specialised at present (see a brief by account software vendor Mathworks) it could eventually be delivered on a more general-purpose signal processer system, Dr Hall hopes, according to a report in Electronic Engineering Times.

Limiting network access to specific devices using MACs has been a possible security technique for some time, and is included in many WiFi systems.

However, it has mostly been dismissed by security professionals, as it is easy to spoof the MAC address of a device. Comparing the MAC to a pre-recorded transceiverprint would make an access control list based on devices feasible again.