If you operate wireless networks, you know that media access control (MAC) address filtering is an unreliable way to prevent unwanted network access. The reasons are that it's relatively simple to spoof any MAC address and to collect MAC addresses from the airwaves.
One technique used to improve on MAC filtering is to develop a fingerprint of the wireless network driver, which can help identify the wireless hardware by manufacturer. This approach works because each manufacturer develops its own driver behavior. The characteristics of that behavior can be tracked, identified, stored, and later matched when a wireless device is detected by an intrusion detection system (IDS) or authentication system. Other techniques involve actively or passively discovering wireless device model numbers, chipset model numbers, and OS versions.
Jeyanthi Hall has explored a way to take wireless device fingerprinting even further. In her research, Hall discovered that each wireless network device has a unique frequency signal profile, which can be discovered as the device transmits over the airwaves. This holds true even for identical card models from the same manufacturer and even when those cards use exactly the same chipset.
Therefore, a fingerprint can be developed that will match one specific physical device. Hall thinks that, based on her research, the only way such a fingerprint can be spoofed is to physically recreate all the characteristics of the circuits in the original device. In order to accomplish that task, the original device would be required, which implies that someone must first steal it. But in the case of a stolen device, the fingerprint could be blocked, hopefully before someone replicates the exact circuitry.
In practical use, transceiver fingerprint identification could be used in wireless intrusion detection and prevention systems and in authentication systems. What's more, transceiver fingerprinting isn't limited to Wi-Fi devices. Since Bluetooth technology is also based on radio transmissions, similar techniques could be used to guard Bluetooth connectivity.
According to Hall's research (as published to date), transceiver fingerprinting is about 95 percent accurate. So there is room for error, which means that additional methods of protection might be necessary in some situations.
One important issue to keep in mind about any radio transmitter is that as a device ages, its radio signal profile changes. Therefore, in order to maintain fingerprint accuracy, the fingerprint must be updated continually. This of course creates processing overhead and could pose significant hurdles in large wireless network installations. Regardless, the hurdles aren't insurmountable.
Hall has published two detailed white papers (one that covers Wi-Fi and one that covers Bluetooth) that describe her research and its potential applications. If you're interested in this technology, which very well might make its way into wireless security solutions, then be sure to read the papers. They're available at the first two URLs below in PDF format. If you're interested in other wireless security-related work published by Hall, then visit her site at Carleton University at the third URL below.
http://www.scs.carleton.ca/~jhall2/Publications/IEEETDSC.pdf
http://www.scs.carleton.ca/~jhall2/Publications/548-088.pdf
http://www.scs.carleton.ca/~jhall2/
