802.11 device fingerprinting is the action of characterizing a target device through its wireless traffic. This results in a signature that may be used for identification, network monitoring or intrusion detection. The fingerprinting method can be ac
tive by sending traffic to the target device, or passive by just observing the traffic sent by the target device. Many passive fingerprinting methods rely on the observation of one particular network feature, such as the rate switching behavior or the transmission pattern of probe requests. In this work, we evaluate a set of global wireless network parameters with respect to their ability to identify 802.11 devices. We restrict ourselves to parameters that can be observed passively using a standard wireless card. We evaluate these parameters for two different tests: i) the identification test that returns one single result being the closest match for the target device, and ii) the similarity test that returns a set of devices that are close to the target devices. We find that the network parameters transmission time and frame inter-arrival time perform best in comparison to the other network parameters considered. Finally, we focus on inter-arrival times, the most promising parameter for device identification, and show its dependency from several device characteristics such as the wireless card and driver but also running applications.
Trusted timestamping consists in proving that certain data existed at a particular point in time. Existing timestamping methods require either a centralized and dedicated trusted service or the collaboration of other participants using the timestampi
ng service. We propose a novel trusted timestamping scheme, called DNStamp, that does not require a dedicated service nor collaboration between participants. DNStamp produces shortlived timestamps with a validity period of several days. The generation and verification involves a large number of Domain Name System cache resolvers, thus removing any single point of failure and any single point of trust. Any host with Internet access may request or verify a timestamp, with no need to register to any timestamping service. We provide a full description and analysis of DNStamp. We analyze the security against various adversaries and show resistance to forward-dating, back-dating and erasure attacks. Experiments with our implementation of DNStamp show that one can set and then reliably verify timestamps even under continuous attack conditions.
