CRAWDAD gatech/fingerprinting

Citation Author(s):
A. Selcuk
Uluagac
Eurecom
Submitted by:
CRAWDAD Team
Last updated:
Mon, 06/09/2014 - 08:00
DOI:
10.15783/C78G67
Data Format:
License:
20 Views
Citations:
3
Categories:
Keywords:
0
0 ratings - Please login to submit your rating.

Abstract 

Fingerprinting of wireless devices exploiting information leaked due to different device hardware compositions: Inter-Arrival-Time (IAT) of packets from wireless devices.

In these datasets, we present the the inter-arrival time information collected actively and passively from different wireless devices using wire-side observations in a local network. The captures were collected from 30 wireless devices including iPads, iPhones, Kindles, Google-Phones, Netbooks, IP Printers, IP Cameras, etc., from various applications and protocols such as Skype, ICMP, SCP, Iperf. Due to heterogeneity in devices (e.g., deterministic hardware and software configurations), time-variant behavior of network traffic stemming from different devices can be used to create unique, reproducible device and device type signatures and to fingerprint devices and their types as explained in A. Selcuk Uluagac, Sakthi V. Radhakrishnan, Cherita Corbett, Antony Baca, and Raheem A. Beyah, A Passive Technique for Fingerprinting Wireless Devices with Wired-side Observations, Proceedings of the IEEE Conference on Communications and Network Security (CNS), October 2013. Further details are available at http://users.ece.gatech.edu/~selcuk/devFingerprinting.html

date/time of measurement start: 2012-12-01

date/time of measurement end: 2013-05-31

collection environment: In these datasets, we present the inter-arrival time information, which is the delay between successive packets stemming from the same wireless device as observed on the first hop at a wired segment between the access point (AP) and the final destination in a local network environment. The captures were collected from 30 wireless devices including iPads, iPhones, Kindles, Google-Phones, Netbooks, IP Printers, IP Cameras, etc., from various applications and protocols such as Skype, ICMP, SCP, Iperf. Due to heterogeneity in devices (e.g., deterministic hardware and software configurations), time-variant behavior of network traffic stemming from different devices can be used to create unique, reproducible device and device type signatures as explained in in A. Selcuk Uluagac, Sakthi V. Radhakrishnan, Cherita Corbett, Antony Baca, and Raheem A. Beyah, A Passive Technique for Fingerprinting Wireless Devices with Wired-side Observations, Proceedings of the IEEE Conference on Communications and Network Security (CNS), October 2013. Further details are available at http://users.ece.gatech.edu/~selcuk/devFingerprinting.html

network configuration: Two automated testbeds were assembled to transmit and record traffic from the wireless devices to the wired segment and vice versa. In the isolated testbed, a control machine was used to send commands to the different devices in the testbed. The device under test was placed in an isolation box to reduce RF leakage and interference. For the campus network testbed, the Access Point and LAN destination were connected to a campus backbone switch. This helped us collect the data under MAC and physical layer interference from other wireless users in proximity (during peak hours).

data collection methodology: The data was collected by tcpdump. As traffic from devices are collected, we recorded the packet inter-arrival time (IAT), which measures the delay between successive packets. Furthermore, two generic applications were used to generate traffic in our testbeds. One was Iperf, which was used to generate both TCP and UDP traffic at controlled rates, and the other was Ping. In addition to these, we performed tests using other applications such as secure copy (SCP) and Skype. TCP, SCP, and Skype were allowed to flow at their natural rate, while Ping and UDP were controlled. In our experiments using Ping, we set the rate to 100 pings/second and tested payload sizes of 64 Bytes and 1400 Bytes. For UDP analysis we used two payload sizes, 64 Bytes and 1400 Bytes, and sending rates of 1Mpbs and 8Mbps. Also, note that we classify all the above traffic types as either Active or Passive. Active traffic types are generated from the target in response to a trigger. For ex., pinging a target device will result in ping responses (Active Traffic), which can then be fingerprinted (Active Fingerprinting). The passive traffic types are cases where the target system generates traffic without any trigger, e.g., a computer uploading data to a server. In these cases, the fingerprinting of such traffic is termed as passive fingerprinting. Note that for each protocol/application in our datasets, we only focused on one application/protocol without combining any protocols/applications. We captured more than 400 hours of traffic from 30 devices belonging to a diverse set of device classes including iPads, iPhones, Kindles, Google-Phones, Netbooks, Printers, Cameras, Game Consoles, TVs, etc. from various applications and protocols such as Skype, ICMP, SCP, Iperf.

sanitization: The collected traffic data only includes the inter-arrival time of packets. Hence, no sanitation is necessary. 

note: More information about our study is located at: http://users.ece.gatech.edu/~selcuk/devFingerprinting.html and the following publication: A. Selcuk Uluagac, Sakthi V. Radhakrishnan, Cherita Corbett, Antony Baca, and Raheem A. Beyah, A Passive Technique for Fingerprinting Wireless Devices with Wired-side Observations, in Proceedings of the IEEE Conference on Communications and Network Security (CNS), October 2013.

Traceset

gatech/fingerprinting/realtestbed

In this dataset, we present the the inter-arrival time information of successive packets collected actively and passively from different wireless devices using wire-side observations in a real local network environment. Hence, there are two traces in this traceset.

  • measurement purpose: Network Security
  • methodology: The Access Point and LAN destination were connected to a campus backbone switch. This helped us collect the data under MAC and physical layer interference from other wireless users in proximity (during peak hours).

gatech/fingerprinting/realtestbed Traces 

  • gatech/fingerprinting/realtestbed/activeActive traffic types are generated from the target in response to a trigger. For ex., pinging a target device will result in ping responses (Active Traffic), which can then be collected as Active traffic dataset.
    • file: ActiveRealTestbedData.zip
    • configuration: The Access Point and LAN destination were connected to a campus backbone switch. This helped us collect the data under MAC and physical layer interference from other wireless users in proximity (during peak hours). More information is at: http://users.ece.gatech.edu/~selcuk/devFingerprinting.html
    • format: Matlab files containing the Inter-arrival time (IAT) information.
  • gatech/fingerprinting/realtestbed/passive: Active traffic types are generated from the target in response to a trigger. For ex., pinging a target device will result in ping responses (Active Traffic), which can then be collected as Active traffic dataset.
    • file: PassiveRealTestbedData.zip
    • configuration: The Access Point and LAN destination were connected to a campus backbone switch. This helped us collect the data under MAC and physical layer interference from other wireless users in proximity (during peak hours). More information is at: http://users.ece.gatech.edu/~selcuk/devFingerprinting.html
    • format: Matlab files containing the Inter-arrival time (IAT) information.

gatech/fingerprinting/isolatedtestbed

In the isolated testbed, a control machine was used to send commands to the different devices in the testbed. The device under test was placed in an isolation box to reduce RF leakage and interference.

  • measurement purpose: Network Security
  • methodology: In these datasets, we present the inter-arrival time information, which is the delay between successive packets stemming from the same wireless device as observed in an isolation box to reduce RF leakage and interference. The captures were collected from wireless devices including iPhones, Netbooks, Nokia-Phones, etc., from various applications and protocols such as Skype, ICMP, SCP, Iperf. 

gatech/fingerprinting/isolatedtestbed Trace 

  • gatech/fingerprinting/isolatedtestbed/isolatedActive traffic types are generated from the target in response to a trigger. For ex., pinging a target device will result in ping responses (Active Traffic), which can then be collected as Active traffic dataset.
    • file: isolatedTestbedData.zip
    • configuration: In the isolated testbed, a control machine was used to send commands to the different devices in the testbed. The device under test was placed in an isolation box to reduce RF leakage and interference. More information is at: http://users.ece.gatech.edu/~selcuk/devFingerprinting.html
    • format: Matlab files containing inter-arrival time (IAT) information stemming from wireless devices.
Instructions: 

The files in this directory are a CRAWDAD dataset hosted by IEEE DataPort. 

About CRAWDAD: the Community Resource for Archiving Wireless Data At Dartmouth is a data resource for the research community interested in wireless networks and mobile computing. 

CRAWDAD was founded at Dartmouth College in 2004, led by Tristan Henderson, David Kotz, and Chris McDonald. CRAWDAD datasets are hosted by IEEE DataPort as of November 2022. 

Note: Please use the Data in an ethical and responsible way with the aim of doing no harm to any person or entity for the benefit of society at large. Please respect the privacy of any human subjects whose wireless-network activity is captured by the Data and comply with all applicable laws, including without limitation such applicable laws pertaining to the protection of personal information, security of data, and data breaches. Please do not apply, adapt or develop algorithms for the extraction of the true identity of users and other information of a personal nature, which might constitute personally identifiable information or protected health information under any such applicable laws. Do not publish or otherwise disclose to any other person or entity any information that constitutes personally identifiable information or protected health information under any such applicable laws derived from the Data through manual or automated techniques. 

Please acknowledge the source of the Data in any publications or presentations reporting use of this Data. 

Citation:

A. Selcuk Uluagac, gatech/fingerprinting, https://doi.org/10.15783/C78G67 , Date: 20140609

Dataset Files

LOGIN TO ACCESS DATASET FILES
Open Access dataset files are accessible to all logged in  users. Don't have a login?  Create a free IEEE account.  IEEE Membership is not required.

Documentation

AttachmentSize
File gatech-fingerprinting-readme.txt1.66 KB

These datasets are part of Community Resource for Archiving Wireless Data (CRAWDAD). CRAWDAD began in 2004 at Dartmouth College as a place to share wireless network data with the research community. Its purpose was to enable access to data from real networks and real mobile users at a time when collecting such data was challenging and expensive. The archive has continued to grow since its inception, and starting in summer 2022 is being housed on IEEE DataPort.

Questions about CRAWDAD? See our CRAWDAD FAQ. Interested in submitting your dataset to the CRAWDAD collection? Get started, by submitting an Open Access Dataset.