{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:16:42Z","timestamp":1750220202044,"version":"3.41.0"},"reference-count":38,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2022,12,8]],"date-time":"2022-12-08T00:00:00Z","timestamp":1670457600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100001809","name":"NSFC","doi-asserted-by":"crossref","award":["62072396, 61872437"],"award-info":[{"award-number":["62072396, 61872437"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"crossref"}]},{"name":"Zhejiang Provincial Natural Science Foundation for Distinguished Young Scholars","award":["LR19F020001"],"award-info":[{"award-number":["LR19F020001"]}]},{"name":"Fundamental Research Funds for the Central Universities, and Alibaba-Zhejiang University Joint Institute of Frontier Technologies"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Sen. Netw."],"published-print":{"date-parts":[[2023,2,28]]},"abstract":"\n The broadcast nature of wireless media makes WLANs easily attacked by\n rogue<\/jats:italic>\n Access Points (APs)<\/jats:bold>\n . Rogue AP attacks can potentially cause severe privacy leakage and financial loss. Hardware fingerprinting is the state-of-the-art technology to detect rogue APs since an attacker would find it difficult to set up a rogue AP with specific hardware fingerprints. However, existing hardware fingerprints not only depend on the AP but also depend on the client, significantly limiting their application scenarios. In this work, we investigate two novel\n client-agnostic<\/jats:bold>\n fingerprints, which can be extracted using commercial off-the-shelf WiFi devices, to detect rogue APs. One is the\n power amplifier non-linearity fingerprint<\/jats:italic>\n and the other is the\n frame interval distribution fingerprint<\/jats:italic>\n . These two fingerprints remain consistent over time and space for the same AP but vary across different APs even with the same brand, model, and firmware. We use the fingerprint similarity between the candidate AP and the authorized AP for device authentication in typical indoor environments. We have also proposed a threshold-improved authentication scheme to improve the robustness of our system in dynamic environments. Our schemes can be implemented without modifying the infrastructural APs and can work well with new clients without rebuilding the fingerprint database. We evaluate our scheme in both in-lab and field scenarios, by analyzing 18 million WiFi packets. Results show that our scheme achieves an overall 96.55% positive detection rate and a 4.31% false alarm rate. Moreover, the threshold-improved authentication scheme can further reduce the false alarm rate by 13.0%-44.8% for dynamic environments.\n <\/jats:p>","DOI":"10.1145\/3536423","type":"journal-article","created":{"date-parts":[[2022,5,16]],"date-time":"2022-05-16T12:50:55Z","timestamp":1652705455000},"page":"1-25","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["Detecting Rogue Access Points Using Client-agnostic Wireless Fingerprints"],"prefix":"10.1145","volume":"19","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5942-0999","authenticated-orcid":false,"given":"Yuxiang","family":"Lin","sequence":"first","affiliation":[{"name":"College of Computer Science, Zhejiang University, China & Alibaba Group, Hangzhou, Zhejiang, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7897-5965","authenticated-orcid":false,"given":"Yi","family":"Gao","sequence":"additional","affiliation":[{"name":"College of Computer Science, Zhejiang University, Hangzhou, Zhejiang, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3169-1727","authenticated-orcid":false,"given":"Bingji","family":"Li","sequence":"additional","affiliation":[{"name":"College of Computer Science, Zhejiang University, Hangzhou, Zhejiang, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0498-1494","authenticated-orcid":false,"given":"Wei","family":"Dong","sequence":"additional","affiliation":[{"name":"College of Computer Science, Zhejiang University, Hangzhou, Zhejiang, China"}]}],"member":"320","published-online":{"date-parts":[[2022,12,8]]},"reference":[{"key":"e_1_3_2_2_2","doi-asserted-by":"publisher","DOI":"10.1109\/TMC.2009.145"},{"key":"e_1_3_2_3_2","unstructured":"Philip N. Ballai. 2006. System and method for detection of a rogue wireless access point in a wireless communication network. (June 272006). US Patent 7 068 999."},{"key":"e_1_3_2_4_2","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOM.2013.6567061"},{"key":"e_1_3_2_5_2","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.75"},{"key":"e_1_3_2_6_2","doi-asserted-by":"publisher","DOI":"10.1109\/MWC.2002.1160080"},{"key":"e_1_3_2_7_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCSW.2012.8"},{"key":"e_1_3_2_8_2","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978298"},{"key":"e_1_3_2_9_2","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOM.2009.5061974"},{"key":"e_1_3_2_10_2","doi-asserted-by":"publisher","DOI":"10.1145\/1999995.2000016"},{"key":"e_1_3_2_11_2","doi-asserted-by":"publisher","DOI":"10.1145\/2590296.2590321"},{"key":"e_1_3_2_12_2","doi-asserted-by":"publisher","DOI":"10.1145\/2500423.2500444"},{"key":"e_1_3_2_13_2","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2018.8485917"},{"key":"e_1_3_2_14_2","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2019.8737455"},{"key":"e_1_3_2_15_2","doi-asserted-by":"publisher","DOI":"10.1023\/A:1026543900054"},{"key":"e_1_3_2_16_2","volume-title":"Real 802.11 Security: Wi-Fi Protected Access and 802.11 i","author":"Arbaugh William A.","year":"2003","unstructured":"William A. Arbaugh et\u00a0al. 2003. Real 802.11 Security: Wi-Fi Protected Access and 802.11 i. Addison-Wesley Longman Publishing Co., Inc."},{"key":"e_1_3_2_17_2","doi-asserted-by":"publisher","DOI":"10.1109\/WOWMOM.2006.27"},{"key":"e_1_3_2_18_2","doi-asserted-by":"publisher","DOI":"10.1145\/1161289.1161297"},{"key":"e_1_3_2_19_2","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818028"},{"key":"e_1_3_2_20_2","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2011.110812"},{"key":"e_1_3_2_21_2","first-page":"211","volume-title":"Proc. of IEEE Symposium on Security and Privacy","author":"Kohno T.","year":"2005","unstructured":"T. Kohno, A. Broido, and K. Claffy. 2005. Remote physical device fingerprinting. In Proc. of IEEE Symposium on Security and Privacy. 211\u2013225."},{"key":"e_1_3_2_22_2","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOM.2011.5934926"},{"key":"e_1_3_2_23_2","doi-asserted-by":"publisher","DOI":"10.1145\/1409944.1409959"},{"key":"e_1_3_2_24_2","doi-asserted-by":"publisher","DOI":"10.5555\/2513630"},{"key":"e_1_3_2_25_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.phycom.2015.08.010"},{"key":"e_1_3_2_26_2","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9780511541032"},{"key":"e_1_3_2_27_2","doi-asserted-by":"publisher","DOI":"10.1145\/1925861.1925870"},{"key":"e_1_3_2_28_2","first-page":"53","volume-title":"Proc. of ACM MobiCom","author":"Xie Yaxiong","year":"2015","unstructured":"Yaxiong Xie, Zhenjiang Li, and Mo Li. 2015. Precise power delay profiling with commodity WiFi. In Proc. of ACM MobiCom. 53\u201364."},{"key":"e_1_3_2_29_2","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOM.2012.6195606"},{"key":"e_1_3_2_30_2","doi-asserted-by":"publisher","DOI":"10.1109\/MMM.2017.2691423"},{"key":"e_1_3_2_31_2","doi-asserted-by":"publisher","DOI":"10.1002\/dac.3102"},{"key":"e_1_3_2_32_2","first-page":"179","article-title":"Effects of HPA-nonlinearity on a 4-DPSK\/OFDM-signal for a digital sound broadcasting signal","volume":"332","author":"Rapp Christoph","year":"1991","unstructured":"Christoph Rapp. 1991. Effects of HPA-nonlinearity on a 4-DPSK\/OFDM-signal for a digital sound broadcasting signal. ESASP 332 (1991), 179\u2013184.","journal-title":"ESASP"},{"key":"e_1_3_2_33_2","doi-asserted-by":"publisher","DOI":"10.1109\/TCOMM.2013.020413.120384"},{"key":"e_1_3_2_34_2","unstructured":"Ettus Inc. USRP N210. https:\/\/www.ettus.com\/all-products\/un210-kit\/. ([n. d.])."},{"key":"e_1_3_2_35_2","doi-asserted-by":"publisher","DOI":"10.1109\/TMC.2018.2812746"},{"key":"e_1_3_2_36_2","doi-asserted-by":"publisher","DOI":"10.1145\/2789168.2790093"},{"volume-title":"IEEE 802.11n-2009-Amendment 5: Enhancements for Higher Throughput","year":"2009","key":"e_1_3_2_37_2","unstructured":"2009. IEEE 802.11n-2009-Amendment 5: Enhancements for Higher Throughput. IEEE-SA."},{"key":"e_1_3_2_38_2","unstructured":"SolidRun. 2014. HummingBoard Pro. http:\/\/wiki.solid-run.com\/doku.php?id=products:imx6:hummingboard."},{"key":"e_1_3_2_39_2","doi-asserted-by":"publisher","DOI":"10.1109\/PerCom45495.2020.9127375"}],"container-title":["ACM Transactions on Sensor Networks"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3536423","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3536423","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:02:50Z","timestamp":1750186970000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3536423"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,12,8]]},"references-count":38,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2023,2,28]]}},"alternative-id":["10.1145\/3536423"],"URL":"https:\/\/doi.org\/10.1145\/3536423","relation":{},"ISSN":["1550-4859","1550-4867"],"issn-type":[{"type":"print","value":"1550-4859"},{"type":"electronic","value":"1550-4867"}],"subject":[],"published":{"date-parts":[[2022,12,8]]},"assertion":[{"value":"2020-12-22","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-05-02","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-12-08","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}