Device Identification via Analog Signal Fingerprinting: A Matched Filter Approach
Date
2006
Authors
Major Professor
Advisor
Committee Member
Journal Title
Journal ISSN
Volume Title
Publisher
The Internet Society
Abstract
As part of the Detecting Intrusions at Layer ONe
(DILON) project, we show that Ethernet devices can be
uniquely identified and tracked—using as few as 25 Ethernet
frames—by analyzing variations in their analog signal
caused by hardware and manufacturing inconsistencies. An
optimal detector, the matched filter, is utilized to create signal
profiles, which aid in identifying the device the signal
originated from. Several non-traditional applications of the
filter are presented in order to improve its ability to discriminate
between signals from seemingly identical devices
of the same manufacturing lot. The experimental results of
applying these filters to three different models of Ethernet
cards, totaling 16 devices, are presented and discussed.
Important applications of this technology include intrusion
detection (discovering node impersonation and network
tampering), authentication (preventing unauthorized
access to the physical network), forensic data collection (tying
a physical device to a specific network incident), and
assurance monitoring (determining whether a device will
or is in the process of failing).
Series Number
Journal Issue
Is Version Of
Versions
Series
Academic or Administrative Unit
Type
Presentation
Comments
This conference presentation is publshed as Gerdes, R. M., Daniels, T. E., Mina, M., & Russell, S. (2006, February). “Device Identification via Analog Signal Fingerprinting: A Matched Filter Approach”. In Network and Distributed System Security Symposium 2006 (2006), San Diego, CA. The Internet Society. Copyright 2006 The Authors. Posted with permission.