The gatech/fingerprinting dataset (v. 2014-06-09)
Fingerprinting of wireless devices exploiting information leaked due to different device hardware compositions: Inter-Arrival-Time (IAT) of packets from wireless devices
Contributed by A. Selcuk Uluagac.
In these datasets, we present the the inter-arrival time information collected actively and passively from different wireless devices using wire-side observations in a local network. The captures were collected from 30 wireless devices including iPads, iPhones, Kindles, Google-Phones, Netbooks, IP Printers, IP Cameras, etc., from various applications and protocols such as Skype, ICMP, SCP, Iperf. Due to heterogeneity in devices (e.g., deterministic hardware and software configurations), time-variant behavior of network traffic stemming from different devices can be used to create unique, reproducible device and device type signatures and to fingerprint devices and their types as explained in A. Selcuk Uluagac, Sakthi V. Radhakrishnan, Cherita Corbett, Antony Baca, and Raheem A. Beyah, A Passive Technique for Fingerprinting Wireless Devices with Wired-side Observations, Proceedings of the IEEE Conference on Communications and Network Security (CNS), October 2013. Further details are available at http://users.ece.gatech.edu/~selcuk/devFingerprinting.html
This dataset has been downloaded 28 times, and cited 3 times.
 details of the gatech/fingerprinting dataset (v. 2014-06-09)
- last modified
-
2014-06-09
- nickname
-
fingerprinting
- institution
-
gatech
- reason for most recent change
-
the initial version
- release date
-
2014-06-09
- date/time of measurement start
-
2012-12-01
- date/time of measurement end
-
2013-05-31
- website
-
www.crawdad.org/gatech/fingerprinting
- network type
-
802.11 infrastructure
- collection environment
-
In these datasets, we present the inter-arrival time information, which is the delay between successive packets stemming from the same wireless device as observed on the first hop at a wired segment between the access point (AP) and the final destination in a local network environment. The captures were collected from 30 wireless devices including iPads, iPhones, Kindles, Google-Phones, Netbooks, IP Printers, IP Cameras, etc., from various applications and protocols such as Skype, ICMP, SCP, Iperf. Due to heterogeneity in devices (e.g., deterministic hardware and software configurations), time-variant behavior of network traffic stemming from different devices can be used to create unique, reproducible device and device type signatures as explained in in A. Selcuk Uluagac, Sakthi V. Radhakrishnan, Cherita Corbett, Antony Baca, and Raheem A. Beyah, A Passive Technique for Fingerprinting Wireless Devices with Wired-side Observations, Proceedings of the IEEE Conference on Communications and Network Security (CNS), October 2013. Further details are available at http://users.ece.gatech.edu/~selcuk/devFingerprinting.html
- network configuration
-
Two automated testbeds were assembled to transmit and record traffic from the wireless devices to the wired segment and vice versa. In the isolated testbed, a control machine was used to send commands to the different devices in the testbed. The device under test was placed in an isolation box to reduce RF leakage and interference. For the campus network testbed, the Access Point and LAN destination were connected to a campus backbone switch. This helped us collect the data under MAC and physical layer interference from other wireless users in proximity (during peak hours).
- data collection methodology
-
The data was collected by tcpdump. As traffic from devices are collected, we recorded the packet inter-arrival time (IAT), which measures the delay between successive packets. Furthermore, two generic applications were used to generate traffic in our testbeds. One was Iperf, which was used to generate both TCP and UDP traffic at controlled rates, and the other was Ping. In addition to these, we performed tests using other applications such as secure copy (SCP) and Skype. TCP, SCP, and Skype were allowed to flow at their natural rate, while Ping and UDP were controlled. In our experiments using Ping, we set the rate to 100 pings/second and tested payload sizes of 64 Bytes and 1400 Bytes. For UDP analysis we used two payload sizes, 64 Bytes and 1400 Bytes, and sending rates of 1Mpbs and 8Mbps. Also, note that we classify all the above traffic types as either Active or Passive. Active traffic types are generated from the target in response to a trigger. For ex., pinging a target device will result in ping responses (Active Traffic), which can then be fingerprinted (Active Fingerprinting). The passive traffic types are cases where the target system generates traffic without any trigger, e.g., a computer uploading data to a server. In these cases, the fingerprinting of such traffic is termed as passive fingerprinting. Note that for each protocol/application in our datasets, we only focused on one application/protocol without combining any protocols/applications. We captured more than 400 hours of traffic from 30 devices belonging to a diverse set of device classes including iPads, iPhones, Kindles, Google-Phones, Netbooks, Printers, Cameras, Game Consoles, TVs, etc. from various applications and protocols such as Skype, ICMP, SCP, Iperf.
- sanitization
-
The collected traffic data only includes the inter-arrival time of packets. Hence, no sanitation is necessary.
- disruptions to data collection
-
N/A
- error
-
N/A
- limitation
-
N/A
- note
-
More information about our study is located at: http://users.ece.gatech.edu/~selcuk/devFingerprinting.html and the following publication: A. Selcuk Uluagac, Sakthi V. Radhakrishnan, Cherita Corbett, Antony Baca, and Raheem A. Beyah, A Passive Technique for Fingerprinting Wireless Devices with Wired-side Observations, in Proceedings of the IEEE Conference on Communications and Network Security (CNS), October 2013.
This dataset contains the following 2 tracesets:
realtestbed
realtestbed
quick access to download the traceset
- download the ActiveRealTestbedData.zip (from the gatech/fingerprinting/realtestbed/active trace) file
- from a CRAWDAD mirror: US
 UK AU
size="88MB" md5="5c9c788446d44dd64c5669242b9fff3c" type="zip"
- download the PassiveRealTestbedData.zip (from the gatech/fingerprinting/realtestbed/passive trace) file
- from a CRAWDAD mirror: US UK AU
size="1.4GB" md5="050361c15e34c92b48eb60b26981e204" type="zip"
isolatedtestbed
Traces from an isolated testbed
quick access to download the traceset
- download the isolatedTestbedData.zip (from the gatech/fingerprinting/isolatedtestbed trace) file
- from a CRAWDAD mirror: US UK AU
size="317MB" md5="772d207d02ab8f2af9158b0adc95a768" type="zip"
1 contributor
- A. Selcuk Uluagac
selcuk@gatech.edu
2 related publications
The following papers are written by the providers of this dataset who may be able to provide more information:
3 papers using this dataset can be found in our CiteULike library.
how to cite this dataset
When writing a paper that uses CRAWDAD datasets, we would appreciate it if you could cite both the authors of the dataset and CRAWDAD itself, and identify the exact dataset using the appropriate version number. For this dataset, this citation would look like:
A. Selcuk Uluagac, CRAWDAD dataset gatech/fingerprinting (v. 2014‑06‑09), downloaded from http://crawdad.org/gatech/fingerprinting/20140609, https://doi.org/10.15783/C78G67, Jun 2014.
We also provide bibliographic information in common citation formats below:
@misc{gatech-fingerprinting-20140609,
author = {A. Selcuk Uluagac},
title = {{CRAWDAD} dataset gatech/fingerprinting (v. 2014-06-09)},
howpublished = {Downloaded from \url{http://crawdad.org/gatech/fingerprinting/20140609}},
doi = {10.15783/C78G67},
month = jun,
year = 2014
}
Copy to clipboard
Download
TY - DATA
TI - CRAWDAD dataset gatech/fingerprinting (v. 2014-06-09)
UR - http://crawdad.org/gatech/fingerprinting/20140609
PY - 2014/06/09/
AU - A. Selcuk Uluagac
DO - 10.15783/C78G67
ER -
Copy to clipboard
Download
If you do not use the provided citation formats, please include a reference with the same information, as described in the CRAWDAD FAQ.
When your paper has been published, please add it to our CiteULike group using the tags uses_crawdad_data and gatech_fingerprinting. Thanks!
|
A Community Resource for Archiving Wireless Data At Dartmouth
