Clock Skew Based Remote Device Fingerprinting Demystified
Commonly used identifiers for IEEE 802.11 Access Points (APs), such as network name (SSID), MAC, or IP address can be easily spoofed. This allows an attacker to fake a real AP and intercept, collect, or alter (potentially even encrypted) data. In this paper, the authors address the aforementioned problem by studying limits of unique remote physical device identification based on their clock skew - an unavoidable phenomenon that causes clocks to run at marginal but measurably different speed. To this end, they propose an algorithm for passive fingerprinting using timestamps regularly sent by APs in beacon frames. The major advantages of their method are that it is online and that they are able to eliminate the influence of clock skew of the measurement device.