Browse Prior Art Database

DETECT WI-FI TETHERING OF SMART DEVICES

IP.com Disclosure Number: IPCOM000236946D
Publication Date: 2014-May-22
Document File: 3 page(s) / 81K

Publishing Venue

The IP.com Prior Art Database

Related People

Mubeesh V. M.: AUTHOR [+3]

Abstract

A solution is presented herein that provides intelligence to detect tethered devices, allowing serious threats of tethering within a Wi-Fi® backhaul to be detected and contained.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 3

DETECT WI-FI TETHERING OF SMART DEVICES

AUTHOR:

    Mubeesh V. M. Karthikeyan Balasubramanian Vinodh Kumar

CISCO SYSTEMS, INC.

ABSTRACT

    A solution is presented herein that provides intelligence to detect tethered devices, allowing serious threats of tethering within a Wi-Fi® backhaul to be detected and contained.

DETAILED DESCRIPTION

Wi-Fi tethering is a serious threat to wireless Local Area Network (LAN)

security. The tethering itself can be classified based on backhauls: e.g., a 3G back haul or a Wi-Fi back haul. A device with a Wi-Fi backhaul connecting to the enterprise Service Set Identifier (SSID) is a serious threat that needs to be addressed. Tethered devices can authenticate with corporate/enterprise Wi-Fi networks and also act as a hotspot, with the hotspot being able to provide a private Internet Protocol (IP) address to its clients and send traffic through the corporate Wi-Fi network.

    The solution provides for a way to identify the tethering devices in a wireless LAN controller (WLC) infrastructure environment. A mechanism is proposed to detect tethering specifically.

    Based on the analysis of Wi-Fi captures of various tethered devices the following correlations are observed:

    The Wi-Fi device is using its own MAC address or is using +/-1,+/-2,+/-3,+/-4 or the same MAC address of the wireless card to beacon hotspot SSID. This logic is common for all devices including devices produced by vendors such as Apple®, Samsung®, Nokia® and Connectify applications on Windows® 7 OS. Apple and Samsung use the same MAC address as the Wi-Fi interface and Nokia uses a +2 MAC address; +1 MAC address is the MAC address specified in a Peer-To-Peer Information

Copyright 2014 Cisco Systems, Inc.
1


Page 02 of 3

Element (P2P IE). The client is deemed to be tethering using a corporate SSID as a back haul. If a system detects a beacon with +/-1,+/-2,+/-3,+/-4 or the same MAC as an authenticated client present in the system, it can be classified as a tethered client with Wi- Fi backhaul and can be blacklisted.

    The Wi-Fi devices use various vendor...