Stéphane Onno

An Empirical Study of Passive 802.11 Device Fingerprinting

802.11 device fingerprinting is the action of characterizing a target device through its wireless traffic. This results in a signature that may be used for identification, network monitoring or intrusion detection. The fingerprinting method can be active by sending traffic to the target device, or passive by just observing the traffic sent by the target device. Many passive fingerprinting methods rely on the observation of one particular network feature, such as the rate switching behavior or the transmission pattern of probe requests. In this work, we evaluate a set of global wireless network parameters with respect to their ability to identify 802.11 devices. We restrict ourselves to parameters that can be observed passively using a standard wireless card. We evaluate these parameters for two different tests: i) the identification test that returns one single result being the closest match for the target device, and ii) the similarity test that returns a set of devices that are close to the target devices. We find that the network parameters transmission time and frame inter-arrival time perform best in comparison to the other network parameters considered. Finally, we focus on inter-arrival times, the most promising parameter for device identification, and show its dependency from several device characteristics such as the wireless card and driver but also running applications.

Distributed and Private Group Management

Group management is a fundamental building block of todays Internet applications. Mailing lists, chat systems, collaborative document editing, even well established online social networks such as Twitter and Facebook also use group management systems. In many cases, group security is required to restrict access and visibility of data in a group only to members of the group. Some applications also require privacy by keeping group members anonymous and unlinkable. Group management systems routinely rely on a central authority that manages and controls the infrastructure and data of the system. This can negatively impact the privacy and scalability properties of the system. In this paper, we propose a completely distributed approach for group management based on distributed hash tables. Enrollment to the system is not controlled by any central authority. Anyone can create groups and principals, and a various set of applications can share existing groups. In this paper, we describe a novel decentralized system for group management, address various security and privacy issues that arise by removing the central authority, and formally validate the security properties using AVISPA. We demonstrate the feasibility of this protocol by implementing a prototype running on top of Vuzes DHT.

User-based authentication for wireless home networks

Most wireless home networks apply a shared key authentication model to authenticate devices. This results in security weaknesses due to the wireless protocol itself and the home environment conditions. Beyond the security aspects, there are some advantages to provide a user-based authentication for better controlling who accesses the network rather than which device accesses the network. User-based authentication schemes also facilitate user profiling, which is useful to leverage further recommendation services. This paper describes a WPA2-802.1X based solution for mitigating the weaknesses mentioned above while enabling a user-based authentication at home. It also discusses the appropriateness of the solution regarding the home environment.

Conciliating remote home network access and MAC-address control

Users are increasingly nomadic and want to access their home network from anywhere. Such remote access might also be granted for family members or friends and controlled by the home network owner on a per device basis. This paper describes an overall sound solution for a layer 2 VPN, providing one-click access to the home network. Layer 2 VPN transports all home network protocols, including multicast, UPnP, Windows shares, thus providing full home network experience to remote users. Our solution addresses several practical and technical is- sues such as MAC address filtering and IP collisions. Our solution enables in particular per-device security policy enforcement while sharing the same access credentials with several remote users. We implemented and tested the solution by extending OpenVPN and a home gateway.

DNStamp: Short-lived trusted timestamping

Trusted timestamping consists in proving that certain data existed at a particular point in time. Existing timestamping methods require either a centralized and dedicated trusted service or the collaboration of other participants using the timestamping service. We propose a novel trusted timestamping scheme, called DNStamp, that does not require a dedicated service nor collaboration between participants. DNStamp produces short-lived timestamps with a validity period of several days. The generation and verification involves a large number of Domain Name System cache resolvers, thus removing any single point of failure and any single point of trust. Any host with Internet access may request or verify a timestamp, with no need to register to any timestamping service. We provide a full description and analysis of DNStamp. We analyze the security against various adversaries and show resistance to forward-dating, back-dating and erasure attacks. Experiments with our implementation of DNStamp show that one can set and then reliably verify timestamps even under continuous attack conditions.