Passive classification of Wi-Fi enabled devices

We propose a method for classifying Wi-Fi enabled mobile handheld devices (smartphones) and non-handheld devices (laptops) in a completely passive way, that is resorting neither to traffic probes on network edge devices nor to deep packet inspection techniques to read application layer information. Instead, classification is performed starting from probe requests Wi-Fi frames, which can be sniffed with inexpensive commercial hardware. We extract distinctive features from probe request frames (how many probe requests are transmitted by each device, how frequently, etc.) and take a machine learning approach, training four different classifiers to recognize the two types of devices. We compare the performance of the different classifiers and identify a solution based on a Random Decision Forest that correctly classify devices 95% of the times. The classification method is then used as a pre-processing stage to analyze network traffic traces from the wireless network of a university building, with interesting considerations on the way different types of devices uses the network (amount of data exchanged, duration of connections, etc.). The proposed methodology finds application in many scenarios related to Wi-Fi network management/optimization and Wi-Fi based services

Building up knowledge through passive WiFi probes

Inexpensive WiFi-capable hardware can be nowadays easily used to capture traffic from end users and extract knowledge. Such knowledge can be leveraged to support advanced services like user profiling, device classification. We review here the main building blocks to develop a system based on passive WiFi monitors, that is, cheap and viable sniffers which collect data from end devices even without an explicit association to any Wi-Fi network. We provide an overview of the services which can be enabled by such approach with three practical scenarios: user localization, user profiling and device classification. We evaluate the performance of each one of the three scenarios and highlight the challenges and threats for the aforementioned systems

UJI Probes: Dataset of Wi-Fi Probe Requests

This paper focuses on the creation of a new, publicly available Wi-Fi probe request dataset. Probe requests belong to the family of management frames used by the 802.11 (Wi-Fi) protocol. As the situation changes year by year, and technology improves probe request studies are necessary to be done on up-to-date data. We provide a month-long probe request capture in an office environment, including work days, weekends, and holidays consisting of over 1 400 000 probe requests. We provide a description of all the important aspects of the dataset. Apart from the raw packet capture we also provide a Radio Map (RM) of the office to ensure the users of the dataset have all the possible information about the environment. To protect privacy, user information in the dataset is anonymized. This anonymization is done in a way that protects the privacy of users while preserving the ability to analyze the dataset to almost the same level as raw data. Furthermore, we showcase several possible use cases for the dataset, like presence detection, temporal Received Signal Strength Indicator (RSSI) stability, and privacy protection evaluation.Comment: 6 pages, 8 figures, submitted and accepted to IPIN2023 conferenc

What your wearable devices revealed about you and possibilities of non-cooperative 802.11 presence detection during your last IPIN visit

The focus on privacy-related measures regarding wireless networks grew in last couple of years. This is especially important with technologies like Wi-Fi or Bluetooth, which are all around us and our smartphones use them not just for connection to the internet or other devices, but for localization purposes as well. In this paper, we analyze and evaluate probe request frames of 802.11 wireless protocol captured during the 11th international conference on Indoor Positioning and Indoor Navigation (IPIN) 2021. We explore the temporal occupancy of the conference space during four days of the conference as well as non-cooperatively track the presence of devices in the proximity of the session rooms using 802.11 management frames, with and without using MAC address randomization. We carried out this analysis without trying to identify/reveal the identity of the users or in any way reverse the MAC address randomization. As a result of the analysis, we detected that there are still many devices not adopting MAC randomization, because either it is not implemented, or users disabled it. In addition, many devices can be easily tracked despite employing MAC randomization.The authors gratefully acknowledge funding from European Union’s Horizon 2020 Research and Innovation programme under the Marie Skłodowska Curie grant agreement No. 813278 (A-WEAR: A network for dynamic wearable applications with privacy constraints, http://www.a-wear.eu/) and No. 101023072 (ORIENTATE: Low-cost Reliable Indoor Positioning in Smart Factories, http://orientate.dsi.uminho.pt/). This work does not represent the opinion of the European Union, and the European Union is not responsible for any use that might be made of its content

IoT Device Fingerprint using Deep Learning

Device Fingerprinting (DFP) is the identification of a device without using its network or other assigned identities including IP address, Medium Access Control (MAC) address, or International Mobile Equipment Identity (IMEI) number. DFP identifies a device using information from the packets which the device uses to communicate over the network. Packets are received at a router and processed to extract the information. In this paper, we worked on the DFP using Inter Arrival Time (IAT). IAT is the time interval between the two consecutive packets received. This has been observed that the IAT is unique for a device because of different hardware and the software used for the device. The existing work on the DFP uses the statistical techniques to analyze the IAT and to further generate the information using which a device can be identified uniquely. This work presents a novel idea of DFP by plotting graphs of IAT for packets with each graph plotting 100 IATs and subsequently processing the resulting graphs for the identification of the device. This approach improves the efficiency to identify a device DFP due to achieved benchmark of the deep learning libraries in the image processing. We configured Raspberry Pi to work as a router and installed our packet sniffer application on the Raspberry Pi . The packet sniffer application captured the packet information from the connected devices in a log file. We connected two Apple devices iPad4 and iPhone 7 Plus to the router and created IAT graphs for these two devices. We used Convolution Neural Network (CNN) to identify the devices and observed the accuracy of 86.7%

I know who you will meet this evening! Linking wireless devices using Wi-Fi probe requests

International audienceActive service discovery in Wi-Fi involves wireless stations broadcasting their Wi-Fi fingerprint, i.e. the SSIDs of their preferred wireless networks. The content of those Wi-Fi fingerprints can reveal different types of information about the owner. We focus on the relation between the fingerprints and the links between the owners. Our hypothesis is that social links between devices owners can be identified by exploiting the information contained in the fingerprint. More specifically we propose to consider the similarity between fingerprints as a metric, with the underlying idea: similar fingerprints are likely to be linked. We first study the performances of several similarity metrics on a controlled dataset and then apply the designed classifier to a dataset collected in the wild. Finally we discuss how Wi-Fi fingerprint can reveal informations on the nature of the links between users. This study is based on a dataset collected in Sydney, Australia, composed of fingerprints corresponding to more than 8000 devices

Advancements in Wi-Fi-Based Passenger Counting and Crowd Monitoring: Techniques and Applications

The widespread use of personal mobile devices, including tablets and smartphones, created new opportunities for collecting comprehensive data on individual movements within cities while preserving their anonymity. Extensive research focused on turning personal mobile devices into tools for measuring human presence. To protect privacy, the data collected must be anonymous or pseudo-anonymous, leading to the preference for management data. A common approach involves analysing probe requests, which are Wi-Fi protocol messages transmitted by mobile devices while searching for access points. These messages contain media access control (MAC) addresses, which used to be unique identifiers. To safeguard the privacy of smartphone users, the major manufacturers (Google, Apple, and Microsoft) have implemented algorithms that generate random MAC addresses, which change often and unpredictably. This thesis focuses on the problem of fingerprinting Wi-Fi devices based on analysing management messages to overcome previous methods that relied on the MAC address and became obsolete. Detecting messages from the same source allows counting the devices in an area, calculating their permanence, and approximating these metrics with the ones of the humans carrying them. An open dataset of probe requests with labelled data has been designed, built, and used to validate the experiments. The dataset is also provided with guidelines for collecting new data and extending it. Since the dataset contains records of individual devices, the first step of this study was simulating the presence of multiple devices by aggregating multiple records in sets. Many experiments have been conducted to enhance the accuracy of the clustering. The proposed techniques exploit features extracted from individual management messages and from groups of messages called bursts. Moreover, other experiments show what happens when one or more features are split into their components or when the logarithm of their value is used. Before running the algorithm, a feature selection was performed and exploited to improve the accuracy. The clustering methods considered are DBSCAN and OPTICS

A tourism overcrowding sensor using multiple radio techniques detection

The motivation for this dissertation came from the touristic pressure felt in the historic neighborhoods of Lisbon. This pressure is the result of the rise in the number of touristic arrivals and the proliferation of local accommodation. To mitigate this problem the research project in which this dissertation is inserted aims to disperse the pressure felt by routing the tourists to more sustainable locations and locations that are not crowded. The goal of this dissertation is then to develop a crowding sensor to detect, in real-time, the number of persons in its vicinity by detecting how many smartphones it observes in its readings. The proposed solution aims to detect the wireless trace elements generated by the normal usage of smartphones. The technologies in which the sensor will detect devices are Wi-Fi, Bluetooth and the mobile network. For testing the results gathered by the sensor we developed a prototype that was deployed on our campus and in a museum, during an event with strong attendance. The data gathered was stored in a time-series database and a data visualization tool was used to interpret the results. The overall conclusions of this dissertation are that it is possible to build a sensor that detects nearby devices thereby allowing to detect overcrowding situations. The prototype built allows to detect crowd mobility patterns. The composition of technologies and identity unification are topics deserving future research.A motivação para a presente dissertação surgiu da pressão turística sentida nos bairros históricos de Lisboa. Esta pressão é a consequência de um crescimento do número de turistas e de uma cada vez maior utilização e proliferação do alojamento local. Para mitigar este problema o projeto de investigação em que esta dissertação está inserida pretende dispersar os turistas por locais sustentáveis e que não estejam sobrelotados. O objetivo desta dissertação é o de desenvolver um sensor que consiga detetar, em tempo real, detetar quantas pessoas estão na sua proximidade com base nos smartphones que consegue detetar. A solução proposta tem como objetivo detetar os traços gerados pela normal utilização de um smartphone. As tecnologias nas quais o sensor deteta traços de utilização são Wi-Fi, Bluetooth e a rede móvel. Para realizar os testes ao sensor, foi desenvolvido um protótipo que foi instalado no campus e num museu durante um evento de grande afluência. Os dados provenientes destes testes foram guardados numa base de dados de séries temporais e analisados usando uma ferramenta de visualização de dados. As conclusões obtidas nesta dissertação são que é possível criar um sensor capaz de detetar dispositivos na sua proximidade e detetar situações de sobrelotação/apinhamento. O protótipo contruído permite detectar padrões de mobilidade de multidões. A composição de tecnologias e a unificação de identidade são problemas que requerem investigação futura

Movements in Cities: Footfall and its Spatio-Temporal Distribution

The contributors to this book, all from the Consumer Data Research Centre, provide a first consolidated statement of the enormous potential of consumer data research in the academic, commercial and government sectors - and a timely ..