Long PN Code Based Traceback in Wireless Networks

Similar documents
Long PN Code Based Traceback in Wireless Networks

A Cooperative MIMO Mobile Multihop Relay for Cellular Networks

Computer Graphic with Matrices Math 308A Project

Bending Geometry Factor For Profile Corrected Involute Gear Tooth With Trochoidal Fillet

A Complexity Cost Function for the Signal Processing in a WCDMA. Basestation for dimensioning of a Software Defined Radio.

Performance Comparison of Multihop Wireless ADHOC Routing Protocols AODV, OLSR & TORA

Wireless Channels Path Loss and Shadowing

Performance Analysis of MIMO Satellite Communications Via Multiple Terrestrial Non-Regenerative Relay Nodes

Journal of Kerbala University, Vol. 7 No.2 Scientific. 2009

A Comparison of Modulation Schemes in Bandlimited AWGN Channels

DESIGN A FSS USING JERUSALEM CROSS STRUCTURE AS A BSF FOR SATELLITE APPLICATIONS AT 10GHz

ELG3175 Introduction to Communication Systems. VSB and Introduction to Angle Modulation

WIRELESS SENSOR POSITIONING WITH ULTRAWIDEBAND FINGERPRINTING

Compatibility Analysis for Wireless Systems in VHF/UHF Bands with Geographic Information

IEEE pc-00/44

White Rose Research Online URL for this paper: Version: Accepted Version

Signature-Based Protection from Code Reuse Attacks

Development of On-Board Orbit Determination System for Low Earth Orbit (LEO) Satellite Using Global Navigation Satellite System (GNSS) Receiver

Low-Complexity Time-Domain SNR Estimation for OFDM Systems

Design of FIR Filter using Filter Response Masking Technique

I. SUMMARY II. NETWORK LEVEL ANALYSIS

Phase Locked Loop based Pulse Density Modulation Scheme for the Power Control of Induction Heating Applications

100G and 200G single carrier transmission over 2880 and 320 km using an InP IQ modulator and Stokes vector receiver

where and are polynomials with real coefficients and of degrees m and n, respectively. Assume that and have no zero on axis.

Received September 9, 2012; revised October 15, 2012; accepted October 26, 2012

ECS455: Chapter 4 Multiple Access

Modulation exercises. Chapter 3

Graphs fundamental to many problems. Web graphs. Biology. Other.

Communication Systems. Department of Electronics and Electrical Engineering

A Study on Interference Analysis based on Rec. ITU-R P.1546 with Geographic Information

Design of A Circularly Polarized E-shaped Patch Antenna with Enhanced Bandwidth for 2.4 GHz WLAN Applications

Multiagent Reinforcement Learning Dynamic Spectrum Access in Cognitive Radios

Compensation Estimation Method for Fast Fading MIMO- OFDM Channels Based on Compressed Sensing

Chapter 14: Bandpass Digital Transmission. A. Bruce Carlson Paul B. Crilly 2010 The McGraw-Hill Companies

Segmentation of Fluorescence Microscopy Cell Images Using Unsupervised Mining

MATLAB/SIMULINK TECHNOLOGY OF THE SYGNAL MODULATION

TELE4652 Mobile and Satellite Communications

Efficient Power Control for Broadcast in Wireless Communication Systems

Mobile Communications Chapter 2: Wireless Transmission

ECE-517 Reinforcement Learning in Artificial Intelligence

Wrap Up. Fourier Transform Sampling, Modulation, Filtering Noise and the Digital Abstraction Binary signaling model and Shannon Capacity

N2-1. The Voltage Source. V = ε ri. The Current Source

UNIT IV DIGITAL MODULATION SCHEME

ALUMINUM ELECTROLYTIC CAPACITORS

Experimental Analysis of Parameter Limitations in High-Frequency Resonant Gate Driver

1 Performance and Cost

Spread Spectrum Codes Identification by Neural Networks

An Efficient Control Approach for DC-DC Buck-Boost Converter

Design and Implementation of 4 - QAM VLSI Architecture for OFDM Communication

Generating Polar Modulation with R&S SMU200A

VLSI Implementation of Low Complexity MIMO Detection Algorithms

A 10 MHz GaNFET Based Isolated High Step-Down DC-DC Converter: Design and Magnetics Investigation

f t 2cos 2 Modulator Figure 21: DSB-SC modulation.

Communications II Lecture 7: Performance of digital modulation

Installing remote sites using TCP/IP

ECE 6560 Multirate Signal Processing Chapter 7

Signal Characteristics

ECMA st Edition / June Near Field Communication Wired Interface (NFC-WI)

Design of compact joint transform correlator

FROM ANALOG TO DIGITAL

Design of an LLC Resonant Converter Using Genetic Algorithm

A Novel Gain Tuning of Anti-Windup PID Controller using Ant Lion Optimization

MODEL: M6SXF1. POWER INPUT DC Power R: 24 V DC

CSC 263 Lecture 3. October 4, 2006

Spectrum Sharing between Public Safety and Commercial Users in 4G-LTE

Competition between the Internet and Conventional Retailer: A Strategic Analysis of the Effect of Online Channel Efficiency

ISSN: [Reddy & Rao* et al., 5(12): December, 2016] Impact Factor: 4.116

On Reducing Blocking Probability in Cooperative Ad-hoc Networks

Assessing the Effect of Calibration on Nonresponse Bias in the 2005 ARMS Phase III Sample Using 2002 Census of Agriculture Data

OPTIMUM MEDIUM ACCESS TECHNIQUE FOR NEXT GENERATION WIRELESS SYSTEMS

An off-line multiprocessor real-time scheduling algorithm to reduce static energy consumption

Memorandum on Impulse Winding Tester

Chapter 2 Introduction: From Phase-Locked Loop to Costas Loop

Blind Detection of Spread Spectrum Flow Watermarks

ECE3204 Microelectronics II Bitar / McNeill. ECE 3204 / Term D-2017 Problem Set 7

Analysis of Occurrence of Digit 0 in Natural Numbers Less Than 10 n

A New Buck-Boost DC/DC Converter of High Efficiency by Soft Switching Technique

Noise Reduction/Mode Isolation with Adaptive Down Conversion (ADC)

Lecture #7: Discrete-time Signals and Sampling

Investigation and Simulation Model Results of High Density Wireless Power Harvesting and Transfer Method

Experimental Investigation of Influence on Non-destructive Testing by Form of Eddy Current Sensor Probe

Digital Communications - Overview

Analysis of a Fractal Microstrip Patch Antenna

Lecture 11. Digital Transmission Fundamentals

Closed Loop Controlled LLC Half Bridge Isolated Series Resonant Converter

Direct Analysis of Wave Digital Network of Microstrip Structure with Step Discontinuities

Negative frequency communication

Variation Aware Cross-Talk Aggressor Alignment by Mixed Integer Linear Programming

Passband Data Transmission I References Phase-shift keying Chapter , S. Haykin, Communication Systems, Wiley. G.1

Social-aware Dynamic Router Node Placement in Wireless Mesh Networks

B-MAC Tunable MAC protocol for wireless networks

MODEL: M6NXF1. POWER INPUT DC Power R: 24 V DC

Interconnect Planning, Synthesis, and Layout for Performance, Signal Reliability and Cost Optimization. Project Overview

Lecture 4. EITN Chapter 12, 13 Modulation and diversity. Antenna noise is usually given as a noise temperature!

Wireless Communication (Subject Code: 7EC3)

Chapter 4: Angle Modulation

Discussion #7 Example Problem This problem illustrates how Fourier series are helpful tools for analyzing electronic circuits. Often in electronic

Chapter 4: Angle Modulation

Design of composite digital filter with least square method parameter identification

DS CDMA Scheme for WATM with Errors and Erasures Decoding

Transcription:

Inenaional Jounal of Pefomabiliy Engineeing, Vol. 8, No. 2, Mach 212, pp.173-182. RAMS Consulans Pined in India Long PN Code Based Taceback in Wieless Newoks XIAN PAN 1, JUNWEI HUANG 1, ZHEN LING 2, BIN LU 3, and XINWEN FU 1 1 Univesiy of Massachuses Lowell, Lowell, MA 1854, U.S.A. 2 Souheas Univesiy, China 3 Wes Chese Univesiy, Wes Chese, PA 19383, U.S.A. (Received on Ocobe 1, 21, evised on Mach 25, 211) Absac: Cybe ciminals may abuse open wieless newoks o hose wih weak encypion fo cybe cimes. To locae such ciminals, law enfocemen has o fis idenify which mobile (MAC) is geneaing suspec affic behind a wieless oue. The challenge is how o coelae he pivae wieless affic and he idenified suspec public affic on he Inene. In his pape, we popose a new echnique called long Pseudo-Noise (PN) code based Diec Sequence Spead Specum (DSSS) flow making echnique fo invisibly acing suspec anonymous wieless flows. In his echnique, a long PN code is shaed by wo invesigaos, inefee and sniffe. Diffeen bis of he signal will be encoded wih diffeen segmens of he long PN code. By inefeing wih a sende's affic and maginally vaying is ae, inefee can embed a sece spead specum signal ino he sende's affic. By acing whee he embedded signal goes, sniffe can ace he sende and eceive of he suspec flow despie he use of anonymous encyped wieless newoks. Taffic embedded wih long PN code modulaed waemaks is much hade o deec. We have conduced exensive analysis and expeimens o show he effeciveness of his new echnique. We ae able o pove ha exising deecion appoaches canno deec he long PN code modulaed affic. The echnique is geneic and has boad usage. Keywods: Anonymous aceback, DSSS, long PN code, wieless newok 1 Inoducion The numbe of cybe cimes has also been inceasing dasically wih he conveged wieless newoks and Inene. Cybe ciminals can uilize open wieless newoks, o easily hack he weak poeced WiFi oues, ge he Inene access and commi cimes. These cimes include sexual exploiaion of childen, inellecual popey hef, ideniy hef, financial faud, espionage, and many ohes. The challenge of conducing cybe cime scene invesigaions in wieless newoks is how o coelae he pivae wieless affic and he idenified suspec public affic on he Inene because of he use of NAT (newok addess anslaion) in wieless oues. The suspec public affic can be newok aacking affic o child ponogaphy downloading affic ha has been idenified by inusion deecion sysems and Inene suveillance ools. Taffic coelaion in unencyped wieless newoks is saighfowad by packe ID and ohe affic feaues. Taceback in encyped wieless newoks is complicaed since encypion eases ecognizable IP packe conen. Once he pivae wieless affic and he mobile MAC have been idenified, fuhe appoaches such as 3DLoc [13] can be applied o locae he suspec fo seach waan fom cous In his pape, we developed a new flow making echnique called long PN code based DSSS waemaking fo invisible aceback and apply his new echnique o wieless newoks. In his echnique, a long PN code is shaed by wo invesigaos (inefee and sniffe). The long PN code is used o spead a signal. One segmen of he long PN code is * Coesponding auho s email: xinwenfu@gmail.com 173

174 Xian Pan, Junwei Huang, Zhen Ling, Bin Liu and Xinwen Fu used o spead one bi of he signal. Diffeen bis of he signal will be encoded wih diffeen segmens of he long PN code. Basically, we ae using diffeen codes o spead diffeen signal bis. This defeas MSAC (he mean squae auocoelaion aack) based deecion in [3], which can only deec a spead signal wih he same sho PN code speading all he signal bis. We have conduced exensive analysis and expeimens o show he effeciveness of his new echnique. We ae able o pove ha MSAC based deecion canno deec he long PN code modulaed affic. We developed a suie of ools and pefomed eal-wold Inene expeimens ove encyped wieless newoks plus Anonymize [1], which is a popula commecial anonymous communicaion newok. Ou daa validae he heoy and demonsae ha ou long PN code based DSSS waemaking echnique can invisibly ace anonymous affic flow ove encyped wieless newoks. The es of he pape is oganized as follows. In Secion 2, we biefly eview he mos elaed wok. In Secion 3, we inoduce he long PN code based aceback. We analyze he benefis of he long PN code based aceback in Secion 3.4. The eal-wold expeimenal esuls ae pesened in Secion 4. We conclude his pape in Secion 5. 2 Relaed Wok Thee has been much eseach on degading anonymous communicaion hough mix newoks. Because of he space limi, we give bief eview of mos elaed wok. To deemine whehe Alice is communicaing wih Bob, hough a mix newok, similaiy beween Alice's oubound affic and Bob's inbound affic may be measued. Fo example, Zhu e al. in [4] poposed he scheme of using muual infomaion fo he similaiy measuemen. Levine e al. in [5] uilized a coss coelaion echnique. Mudoch e al. in [6] also invesigaed he iming based heas on To [17] by using some compomised To nodes. Fu e al. [7] sudied a flow making scheme. Ovelie e al. [8] sudied a scheme using one compomised mix node o idenify he hidden seve anonymized by To. Yu e al. [2] poposed a diec sequence spead specum (DSSS) based aceback echnique, which could be maliciously used o ace uses of an anonymous communicaion newok. Howeve, his sho PN code based aceback appoach is subjec o he mean squae auocoelaion aack in [3]. This pape addesses his issue via he long PN code, which is also able o well suppo paallel aceback because of abundan numbe of long PN codes and hei long lengh. Zhang e al. [15] poposed using muliple ohogonal PN codes o spead diffeen waemak bis and embed hem in andomly seleced inevals. In pacice, he numbe of ohogonal PN codes is limied. A long PN code poposed in his pape addesses his issue of scaceness of ohogonal PN codes. Random inevals can also be inseed ino long PN code modulaed affic o fuhe impove is effeciveness agains deecion, including he muli-flow aack in [9]. Zhang, Luo and Yang [16] used PN codes o modulae he packe ine-aival imes in ode o embed a sece signal ino he age affic. We modulae affic ae insead of packe ine-aival imes. Boh saegies have pos and cons. We leave he compaison as ou fuue wok. 3 Long PN Code Based DSSS Based Taceback In his secion, we will fis define he poblem, and inoduce ou basic idea. We hen discuss he long PN code. A las, we inoduce he flow making pocess of embedding a long PN code spead signal ino suspec affic and ecoveing i.

Long PN Code Based Taceback in Wieless Newoks 175 3.1 Poblem Definiion and Basic Idea Figue 1 illusaes he foensic case we ae sudying. A suspec sende is communicaing anonymously wih a suspec eceive hough an encyped wieless newok and Anonymize [1], which is a popula commecial anonymous communicaion newok. The use of Anonymize will make he aceback via wieless newoks moe challenging. Fo example, he suspec eceive could be a ciminal downloading pohibied conen fom an illegal seve, i.e., suspec sende. The suspec affic is idenified. The poblem is: how can he law enfocemen manipulae he suspec affic in ode o confim i is he suspec sende who is communicaing wih he suspec eceive. Suspec Receive Secue VPN Tunnel Encyped Wieless Roue Anonymize Seve Suspec Taffic Sniffe Inefee Figue 1: Encyped Wieless Newoks plus Anonymize WEB CHAT VIDEO Suspec Sende d c d c +1 1 T s (symbol) T c (chip) +1 1 1 1 1 1 1 1-1 1 1 1-1 -11 1 +1 1 N c T c Sym i Seg i Figue 2: Long PN Code Ou basic idea o solve he poblem is ha if law enfocemen inefee embeds a signal ino he suspec affic and law enfocemen sniffe can ecove he signal fom he inbound affic ino suspec eceive, law enfocemen confims suspec sende communicaes wih suspec eceive. Techniques developed fo his poblem can be easily exended o a moe geneal case: law enfocemen can follow he affic embedded wih he signal and econsuc he full communicaion pah. 3.2 Long PN Code In Diec Sequence Spead Specum (DSSS), we use Pseudo-Noise (PN) code o spead a signal ove a bandwidh geae han he oiginal signal bandwidh. Based on he lengh, hee ae sho PN code and long PN code. In speading and despeading pocesses, he wo ypes of PN codes ae vey diffeen. In sho PN code based DSSS, he same sho PN code is used o spead (encode) each bi of a signal. Figue 2 shows he long PN code based DSSS echnique, in which we use diffeen segmens of he long PN code o spead diffeen signal bis. The oiginal signal d is a seies of binay symbols Sym (+1 o -1). The symbol duaion fo boh symbol +1 and -1 is T s seconds, so he symbol ae is R s = Ts. A long PN code c is a long sequence of chips of +1 and -1 and is geneaed a he inefee and shaed wih he sniffe. Each chip lass fo T c seconds, denoed as chip duaion. The chip ae is R c = Tc. N c is he numbe of chips pe symbol and is also he lengh of one segmen fom he long PN code. chips consuc one segmen Seg fom he long PN code. A long PN code can be vey long (e.g., 1 2 42 chips). Theefoe, we can use diffeen segmens of he code o spead diffeen signal bis. Fo example, in Figue 2 we use {1,1,1,1,1,1,-1} o spead signal bi 1 and {1,1,1,-1,-1,1,1} o spead signal bi -1. Thee ae maue ways o geneae a long PN code by using he Linea Feedback Regise (LRFS). Thee ae wo configuaions fo he LRFS. One is called Simple Shif Regise Geneao (SSRG) and he ohe is called Modula Shif Regise Geneao N c

176 Xian Pan, Junwei Huang, Zhen Ling, Bin Liu and Xinwen Fu (MSRG). We use MSRG o geneae a long PN code. The configuaion of a MSRG is deemined by he pimiive polynomial coefficiens [1]. In Figue 3 he pimiive polynomial is 2 i n 1 n f ( x) = 1+ c x + c x + + c x + + c x + x (1) 1 2 i whee c i is he coefficien, i [ 1, n]. c i is eihe o 1. R i is he sage of he shif egise. efes o XOR. Diffeen pimiive polynomials geneae diffeen long PN n 1 Figue 3: MSRG Figue 4: Long PN Code Speading and Despeading in DSSS codes. If he degee of he pimiive polynomial is n, he numbe of diffeen pimiive polynomials of degee n is equal o he numbe of diffeen long PN codes. The oal numbe of diffeen PN codes poduced by pimiive polynomials of degee n can be calculaed as follows [1], n Numbe of diffeen long PN codes = φ ( 2 1) / n (2) whee φ ( 2 1) is he Eule's φ funcion. 3.3 Flow Making Figue 4 illusaes he famewok of flow making. We spead a signal d as follows, = d c (3) b whee c is a segmen of a paial long PN code and is he elemen-wise muliplicaion of wo vecos. b is hen used o modulae a age affic flow by inefee. We use weak inefeence agains he flow when a chip is +1, so ha he flow has a high ae fo T c seconds. We use song inefeence agains he flow when a chip is -1, so ha he flow has a low ae fo T c seconds. We assume ha he flow has an aveage affic ae of D, hen he high ae is D+ A and he low ae is D A, whee A is denoed as mak ampliude. The age affic flow ae should be lage enough fo invesigaos o inoduce he maks by inefeence. Theefoe, he ansmied signal x can be epesened by, n = Ad. c D (4) x + The modulaed flow avels hough he Inene (including local WLAN and Anonymize), whee hee exiss noise ceaed by coss affic and ohe inefeence. We ea all noise n as an aggegaed faco. So he eceived signal x is = Ad. c + D n (5) x + A he sniffe side (suspec eceive in Figue 1), in ode o emove he diec cuen

Long PN Code Based Taceback in Wieless Newoks 177 componen D fom he eceived signal, a high-pass file is applied. Theefoe, he fileed eceived signal ' x can be epesened by, ' Ad. c n (6) x + We hen use he same segmen c of he shaed paial long PN code o despead he fileed eceived signal ' x o deive he eceived baseband signal d, c d = Ad. c c + n c (7) A low-pass file is hen used o file he high fequency noise. Thus, d Ad. c c (8) Since boh inefee and sniffe have he same paial long PN code and c = c, c =1, we can ecove he oiginal signal. 3.4 Benefis of Long PN Code Based DSSS Based Taceback In his pape, long PN code is applied in DSSS-based echnique fo acing affic flows in an anonymous newok. By using long PN code, we can defea mean-squae auocoelaion (MSAC) based deecion echnique poposed in [3] and make he aceback had o deec. In his secion, we will fis pesen he paial coelaion of he long PN code, hen analyze he invisibiliy of he long PN code based-dsss waemaking. 3.4.1 Paial Coelaion of Long PN Code Assume a long PN code is C = { c, c1,, cp 1}, whee c i { + 1, 1}. The code peiod is P. A paial long PN code of lengh M fom he whole long PN code is given by C s = { cs, cs+ 1,, cs+ M 1}, whee s {, P M} and s is he saing posiion o ge a segmen of M chips fom he long PN code. We calculae he coelaion on he paial PN code C as follows, s M γ 1 = ( ci + s i= s ( γ ) c ) (9) C i+ s+ γ whee M < P and γ is he lag. The mean value of he paial coelaion fo he PN code is pesened in Lemma 1. The deailed poof of Lemma 1 is available in Appendix A of ou echnical epo [14]. Lemma 1: E { ( γ )} shows he mean value of he paial coelaion, and γ is lag. Ca M, γ = E{ C a ( γ )} = M γ (1), γ P 3.4.2 Invisibiliy of Long PN Code Based DSSS Based Taceback The long PN code based DSSS waemaking echnique makes i difficul o deec he fac of aceback by a suspec (eceive) being aced. A long PN code modulaed affic flow shows whie noise-like paen in boh fequency and ime domain. Suspecs canno deec hose waemaks in fequency and ime domains. The mean-squae auocoelaion (MSAC) mehod also fails o deec he waemaks. The MSAC mehod is based on he fac ha he same sho PN code is epeaedly used o spead each signal bi. In ou new echnique, each bi is spead by successive diffeen segmens fom a long PN

178 Xian Pan, Junwei Huang, Zhen Ling, Bin Liu and Xinwen Fu code. Basically, diffeen signal bis ae spead by diffeen codes. We now pove he invisibiliy of he long PN code based DSSS waemaking echnique ha can defea he MSAC deecion mehod. Denoe X = x,, xn 1 as he signal, whee N is he numbe of signal bis. x i is eihe A o A, whee A is he waemak ampliude. Denoe C = c, c1,, cp 1 as a long PN code, whee P is he peiod of he long PN code. We ake a segmen fom he long PN code o spead one signal bi. Assume he lengh of each PN segmen is 1, ha is, we use 1 chip o spead one signal bi. c epesens one chip and c is eihe 1 o -1. We assume ha bis x and x j ( i j ) ae independen. The modulaed signal X can be wien as follows, = ( x c,, x c, x c,, x c j X = ( x C, x C,, x C N 1) (11) 1 1 l 1 N 1 1 l 1 2l 1,, x c N 1 ( N 1) l,, x c ) N 1 Nl 1 Since x i is independenly and idenically disibued, P( xi c j = A) = 1/ 2 and P( xi c j = A) = 1/ 2, hus E ( x i c j ) = and he sandad deviaion δ = A. The following fomula can be used o esimae he auocoelaion of a ime seies epesened by X, whee γ is he lag, i j (12) N 1 γ ( γ ) = 1/( N γ ) ( a i * a + γ ) (13) ai j xicil + j h i= j i j = is he i iem of X, and i [ 9, N 1], j [, l 1]. The MSAC mehod eveals he pesence of sho PN code based DSSS waemaks by 2 γ calculaing E ( 2 ( γ )). ( ) is he squae auocoelaion of spead signal X and a imeshifed X wih lag γ. By calculaing E ( 2 ( γ )), peiodic peaks wih a peiod of l will show up. Theoem 1 shows hee ae no peiodic peaks in ou long PN code based waemaking echnique unde his MSAC deecion mehod. The long PN code based DSSS waemaking echnique is invisible fo suspec sende and eceive. The deailed poof of Theoem 1 is in Appendix B of ou echnical epo [14]. Theoem 1: The mean value of E ( 2 ( γ )) is 4 2 A, γ = E ( ( γ )) (14), γ Accoding o Theoem 1, i is sece o use long PN code based DSSS waemaking echnique o ace affic flows since hee is only one peak shown in he MSAC deecion mehod a he lag γ =. Unlike using he sho PN code based DSSS waemaking echnique in [2], which eveals he self-similaiy of embedded DSSS waemaks occuing a egula inevals, no peiodic peaks show up fo he long PN code based aceback. The aceback invisibiliy is peseved agains MSAC analysis. 4 Evaluaion We conduced eal-wold expeimens on Anonymize o evaluae he pefomance of he long PN code based DSSS waemaking echnique. In his secion, we will fis inoduce he expeimen seup. We will hen pesen expeimenal esuls of deecion ae and false posiive ae and he capabiliy of he new aceback appoach on acing

Long PN Code Based Taceback in Wieless Newoks 179 muliple flows. Finally, we demonsae he long PN code based echnique can defea he MSAC based waemak deecion. 4.1 Expeimen Seup Figue 5 illusaes he expeimen seup. A web seve sende unning Windows 7 is locaed a a univesiy campus. An off-campus compue eceive uns an Anonymize clien, which connecs hough an encyped wieless newok o he Anonymize seve. By seing up an encyped VPN unnel beween he off-campus compue and Anonymize seve on he Inene, he off-campus compue can suf he web wihou exposing is eal IP addess. In ode o deemine if he off-campus compue is downloading a file fom he web seve, we use a compue as inefee o inefee wih he oubound wieless affic fom he web seve, and use anohe compue as sniffe o sniff he inbound wieless affic o he eceive. The inefee and he sende ae conneced by a oue, as ae he sniffe and he eceive. The inefee and he sende shae a link, so ha inefee can inefee wih he sende's affic and modulae he oubound affic wih he long PN code based appoach. This seup is a ypical communicaion scene in an ad-hoc wieless newok. In case of conducing newok foensics on household wieless newoks whee he web seve is wied ino he Inene, law enfocemen can inefee he affic along he pah fom he web seve o he clien, fo example, a an inemediae oue. Roue Inene Roue Anonymize Clien Web Seve Sende Inefee 1Mbps Anonymize Seve Sniffe Clien Receive Figue 5: Expeimen Seup In ou expeimens, he inefee uses UDP consan bi ae (CBR) affic o modulae he age flow. The CBR affic packe size is fixed a 1 byes. The CBR affic is uned off when a chip wihin a signal modulaed by he long PN code is +1. The CBR affic is uned on when a chip is -1. The on-ineval and off-ineval ae equal o he chip duaion. Based on he TCP's loop conol mechanism, when he CBR affic ae inceases, he TCP affic ae deceases. When he CBR affic ae deceases (e.g., no CBR affic), he TCP affic ae inceases. To use he long PN code based DSSS waemaking echnique and ecove he oiginal signal, we need o obain a ime seies of he TCP flow ae. In ode o ecove he spead signal, he sampling peiod should be less han half of he chip duaion based on he Nyquis sampling heoy [12]. We use a sampling ineval of.1s. Because of dynamics of Inene affic, in ou expeimens, we used a ough esimaion of he delay o synchonize he ineceped affic a he sniffe wih he age affic a he inefee in ode o ecove he PN code. We hen used he mached file based appoach o seach fo he bes mach wihin a ceain seach ange. We se he ange as [-1s, 1s] in ou expeimens. 4.2 Deecion Rae of Long PN Code Based Flow Making Fo expeimens in his secion, deecion ae efes o he pobabiliy ha a n-bis signal is coecly and fully ecognized. We can vay he paamees such as he long PN code lengh, waemak ampliude and chip duaion o obain high deecion ae. This is

18 Xian Pan, Junwei Huang, Zhen Ling, Bin Liu and Xinwen Fu an advanage of he long PN code based aceback. In he expeimens, we fis geneae a long PN code of 2 15 1chips, and use he mask, {,,,,,, 1,,,, 1, 1,,, }, o geneae a long PN code wih shif 2473. We hen use segmens of he shifed long PN code o spead he signal {1-1 1 1-1 1-1}, as discussed in Secion 3. The chip duaion is fixed a 1 second. We fis examine he impac of he inefeing CBR affic ae (waemak ampliude) on deecion ae. We change he CBR packe sending fequency fom 1 packe / 5ms o 1 packe/ 1ms. In Figue 6, we can see ha when he CBR affic ae deceases (packe sending ineval inceases), he deecion ae deceases. This is because slow inefeing affic incus small waemak ampliude A in (5). We hen examine he impac of diffeen long PN code lenghs on deecion ae. We used diffeen long PN code segmen lenghs fom 1 o 7 o spead a signal bi. Figue 7 shows ha in geneal longe segmen lengh achieves highe deecion ae. This is he benefi of using spead specum speading: we can use a long code o figh a noisy envionmen fo bee pefomance. Figue 6: Deecion Rae vs. Pk. Sending Ineval Figue 7: Deecion Rae vs. Segmen Lengh We also examine he impac of chip duaions on deecion ae. We vaied he chip duaion fom.3s o 1.5s. Fom Fig.8, we can see ha unde diffeen chip duaions, he deecion ae has flucuaion bu is consisenly high oveall. 4.3 False Posiive Rae Recall ha he false posiive ae P 2 P, fo ecognizing a n-bis oiginal signal is F n n F, n = 1/ [2]. In ou expeimens, we vaied he signal lengh fom 1 o 7. Fo each signal lengh we measued he false posiive aes fo he long PN code segmens of diffeen lenghs fom 2 o 7. The false posiive ae fo each signal lengh is calculaed as he aveage of he pobabiliies of deecing he signal wih diffeen long PN code segmen lenghs. Fom Fig. 9, we can see ha he false posiive ae deceases wih he inceasing long PN code segmen lengh. The heoeical cuve maches he empiical cuve vey well. 4.4 Defeaing MSAC Deecion In [2], he auhos invesigaed he deecion of waemaks geneaed by a sho PN code, which is used o spead each signal bi. Though he mean-squae auocoelaion (MSAC) analysis, peiodic peaks show up due o self-similaiy in he modulaed affic caused by homogeneous PN codes ha ae used in modulaing a muliple-bi signal. Ou saegy can defea he MSAC analysis since we use diffeen long PN code segmens o spead diffeen signal bis. Figue 1 shows he MSAC of a modulaed flow. We can see hee is no peiodical peak any moe. The auhos also used deecion ae P D and false posiive ae P F as evaluaion meics fo evaluaing MSAC's capabiliy o deec sho PN code geneaed DSSS waemaks. When hey y o deec affic conaining DSSS

Long PN Code Based Taceback in Wieless Newoks 181 waemaks, hey need a high deecion ae and a low false posiive ae. Figue 11 shows Receive Opeaing Chaaceisic (ROC) cuve fo ou long PN code geneaed waemaks, which is a plo of P D vesus P F. I can be obseved ha he false posiive ae is as high (o low) as he deecion ae. Theefoe, i is had o deec long PN code geneaed waemaks by he MSAC analysis. Figue 8: Deecion Rae vs. Chip Duaion Figue 9: False Posiive Rae Figue 1: Esimaion of MSAC Figue 11: ROC 5 Conclusions In his pape, we popose a long PN code based DSSS waemaking echnique o ace suspec communicaion ove encyped (and open) wieless newoks and anonymous communicaion newoks on he Inene. This aceback echnique has good invisibiliy. Since diffeen segmens of a long PN code ae used o modulae diffeen signal bis, his echnique emoves egula paens and self similaiy fom he geneaed waemaks. Theefoe, i can defea mean-squae auocoelaion (MSAC) based deecion of waemaks geneaed by a sho PN code, which is used o epeaedly modulae each signal bi. Though a combinaion of analyical modeling and an exensive se of expeimens ove WLAN and Anonymize, we demonsaed he effeciveness of he long PN code based DSSS waemaking echnique. The long PN code based DSSS waemaking echnique is a geneal one and can be used in ohe cybe cime scene invesigaions. Refeences [1] Anonymize, Inc., hp://www.anonymize.com/, 21. [2] Yu, W., X. Fu, S. Gaham, D. Xuan, and W. Zhao. Dsss-based flow making echnique fo invisible aceback. In Poceedings of he 27 IEEE Symposium on Secuiy and Pivacy (S&P), pages 18-32, May 27. [3] Jia, W., F. Tso, Z. Ling, X. Fu, D. Xuan, and W. Yu. Blind deecion of spead specum flow waemaks. In Poceedings of he 28 h IEEE Inenaional Confeence on Compue Communicaions (INFOCOM), Rio de Janeio, Bazil, pages 2195-223, Apil 29. [4] Zhu, Y., X. Fu, B. Gaham, R. Beai, and W. Zhao. On flow coelaion aacks and counemeasues in mix newoks. In Poceedings of Wokshop on Pivacy Enhancing Technologies (PET), pages 27-225, May 24.

182 Xian Pan, Junwei Huang, Zhen Ling, Bin Liu and Xinwen Fu [5] Levine, B. N., M. K. Reie, C. Wang, and M. Wigh. Timing aacks in low-laency mixbased sysems. In Poceedings of Financial Cypogaphy (FC), pages 251-265, Febuay 24. [6] Mudoch, S. J., and G. Danezis. Low-cos affic analysis of o. In Poceedings of IEEE Secuiy and Pivacy Symposium (S&P), pages 183-195, May 26. [7] Fu, X., Y. Zhu, B. Gaham, R. Beai, and W. Zhao. On flow making aacks in wieless anonymous communicaion newoks. In Poceedings of he IEEE Inenaional Confeence on Disibued Compuing Sysems (ICDCS), pages 493-53, Apil 25. [8] Ovelie, L., and P. Syveson. Locaing hidden seves. In Poceedings of he IEEE Secuiy and Pivacy Symposium (S&P), pages 1-114, May 26. [9] Kiyavash, N., A. Houmansad, and N. Boisov. Muli-flow aacks agains newok flow waemaking schemes. In Poceedings of he 17 h USENIX Secuiy Symposium, pages 37-32, July/Augus 28. [1] Peeson, W. W., and E. J. Weldon. Eo-Coecing Codes. 2nd Ediion. Cambidge, MA: The MIT Pess, 1972. [11] Lee, S. Spead Specum CDMA: IS-95 and IS-2 fo RF Communicaions. Chicago, IL: McGaw-Hill Pofessional, Augus 22. [12] Oppenheim, A. V., A. S. Willsky, and S. H. Nawab. Signals and Sysems. 2nd ed. Uppe Saddle Rive, NJ 7458, USA: Penice-Hall, 1997. [13] Wang, J., Y. Chen, X. Fu, J. Wang, W. Yu and N. Zhang. 3DLoc: Thee Dimensional Wieless Localizaion Toolki. In Poceedings of he 3h IEEE Inenaional Confeence on Disibued Compuing Sysems (ICDCS), pages 3-39, 21 [14] Pan, X., J. Huang, Z. Ling, and X. Fu. Long PN Code Based Taceback in Wieless Newoks. Depamen of Compue Science, UMass Lowell, Sep. 21, Link: hp://www.cs.uml.edu/~jhuang/fulllongpnwieless.pdf. [15] Zhang, L., Z. Wang, Q. Wang, and F. Miao. MSAC and Muli-flow Aacks Resisan Spead Specum Waemaks fo newok flows. In Poceedings of he 2nd IEEE Inenaional Confeence on Infomaion and Financial Engineeing (ICIFE), pages 438-441, 21 [16] Zhang, L., J. Luo, M. Yang. An Impoved DSSS-Based Flow Making Technique fo Anonymous Communicaion Taceback. In Poceedings of IEEE Symposia and Wokshops on Ubiquious, Auonomic and Tused Compuing (UIC-ATC), pages 563-567, 29 [17] Dingledine, R., N. Mkahewson, and P. Syveson. To: The second-geneaion onion oue. In Poceedings of he 13 h USENIX Secuiy Symposium, pages 21-21, Augus 24. Xian Pan is a Ph.D. suden in he Depamen of Compue Science a Univesiy of Massachuses Lowell. He eseach focuses on newok secuiy and pivacy. Junwei Huang is a Ph.D. suden in he Depamen of Compue Science a Univesiy of Massachuses Lowell. His eseach focuses on digial foensics. Zhen Ling is a Ph.D. candidae in School of Compue Science and Engineeing a he Souheas Univesiy, China. His eseach focuses on newok secuiy and pivacy. Bin Lu, Ph.D. is an associae pofesso in Depamen of Compue Science, Wes Chese Univesiy. He eseach focuses on disibued sysems. Xinwen Fu is an assisan pofesso in Depamen Compue Science, Univesiy of Massachuses Lowell. He obained Ph.D. in Compue Engineeing fom Texas A&M Univesiy in 25. His eseach focuses on newok secuiy and pivacy, and digial foensics. D. Fu has been publishing papes in confeences including IEEE S&P, ACM CCS and ACM MobiHoc. His eseach is suppoed by NSF.

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback