Long PN Code Based Traceback in Wireless Networks

Similar documents
Long PN Code Based Traceback in Wireless Networks

Computer Graphic with Matrices Math 308A Project

A Cooperative MIMO Mobile Multihop Relay for Cellular Networks

A Complexity Cost Function for the Signal Processing in a WCDMA. Basestation for dimensioning of a Software Defined Radio.

Bending Geometry Factor For Profile Corrected Involute Gear Tooth With Trochoidal Fillet

Wireless Channels Path Loss and Shadowing

Performance Comparison of Multihop Wireless ADHOC Routing Protocols AODV, OLSR & TORA

Performance Analysis of MIMO Satellite Communications Via Multiple Terrestrial Non-Regenerative Relay Nodes

Journal of Kerbala University, Vol. 7 No.2 Scientific. 2009

A Comparison of Modulation Schemes in Bandlimited AWGN Channels

ELG3175 Introduction to Communication Systems. VSB and Introduction to Angle Modulation

WIRELESS SENSOR POSITIONING WITH ULTRAWIDEBAND FINGERPRINTING

Development of On-Board Orbit Determination System for Low Earth Orbit (LEO) Satellite Using Global Navigation Satellite System (GNSS) Receiver

DESIGN A FSS USING JERUSALEM CROSS STRUCTURE AS A BSF FOR SATELLITE APPLICATIONS AT 10GHz

Low-Complexity Time-Domain SNR Estimation for OFDM Systems

White Rose Research Online URL for this paper: Version: Accepted Version

I. SUMMARY II. NETWORK LEVEL ANALYSIS

IEEE pc-00/44

Compatibility Analysis for Wireless Systems in VHF/UHF Bands with Geographic Information

Graphs fundamental to many problems. Web graphs. Biology. Other.

Signature-Based Protection from Code Reuse Attacks

where and are polynomials with real coefficients and of degrees m and n, respectively. Assume that and have no zero on axis.

Phase Locked Loop based Pulse Density Modulation Scheme for the Power Control of Induction Heating Applications

ECS455: Chapter 4 Multiple Access

100G and 200G single carrier transmission over 2880 and 320 km using an InP IQ modulator and Stokes vector receiver

Modulation exercises. Chapter 3

Multiagent Reinforcement Learning Dynamic Spectrum Access in Cognitive Radios

Design of FIR Filter using Filter Response Masking Technique

Communication Systems. Department of Electronics and Electrical Engineering

Received September 9, 2012; revised October 15, 2012; accepted October 26, 2012

Compensation Estimation Method for Fast Fading MIMO- OFDM Channels Based on Compressed Sensing

A Study on Interference Analysis based on Rec. ITU-R P.1546 with Geographic Information

N2-1. The Voltage Source. V = ε ri. The Current Source

Efficient Power Control for Broadcast in Wireless Communication Systems

Design of A Circularly Polarized E-shaped Patch Antenna with Enhanced Bandwidth for 2.4 GHz WLAN Applications

Segmentation of Fluorescence Microscopy Cell Images Using Unsupervised Mining

Spread Spectrum Codes Identification by Neural Networks

f t 2cos 2 Modulator Figure 21: DSB-SC modulation.

Chapter 14: Bandpass Digital Transmission. A. Bruce Carlson Paul B. Crilly 2010 The McGraw-Hill Companies

An Efficient Control Approach for DC-DC Buck-Boost Converter

ECE-517 Reinforcement Learning in Artificial Intelligence

VLSI Implementation of Low Complexity MIMO Detection Algorithms

TELE4652 Mobile and Satellite Communications

ALUMINUM ELECTROLYTIC CAPACITORS

Mobile Communications Chapter 2: Wireless Transmission

Wrap Up. Fourier Transform Sampling, Modulation, Filtering Noise and the Digital Abstraction Binary signaling model and Shannon Capacity

Discussion #7 Example Problem This problem illustrates how Fourier series are helpful tools for analyzing electronic circuits. Often in electronic

Installing remote sites using TCP/IP

UNIT IV DIGITAL MODULATION SCHEME

MATLAB/SIMULINK TECHNOLOGY OF THE SYGNAL MODULATION

Design and Implementation of 4 - QAM VLSI Architecture for OFDM Communication

On Reducing Blocking Probability in Cooperative Ad-hoc Networks

Design of an LLC Resonant Converter Using Genetic Algorithm

A New Buck-Boost DC/DC Converter of High Efficiency by Soft Switching Technique

A Novel Gain Tuning of Anti-Windup PID Controller using Ant Lion Optimization

OPTIMUM MEDIUM ACCESS TECHNIQUE FOR NEXT GENERATION WIRELESS SYSTEMS

Communications II Lecture 7: Performance of digital modulation

ECMA st Edition / June Near Field Communication Wired Interface (NFC-WI)

ISSN: [Reddy & Rao* et al., 5(12): December, 2016] Impact Factor: 4.116

1 Performance and Cost

A 10 MHz GaNFET Based Isolated High Step-Down DC-DC Converter: Design and Magnetics Investigation

CSC 263 Lecture 3. October 4, 2006

Design of compact joint transform correlator

Competition between the Internet and Conventional Retailer: A Strategic Analysis of the Effect of Online Channel Efficiency

Assessing the Effect of Calibration on Nonresponse Bias in the 2005 ARMS Phase III Sample Using 2002 Census of Agriculture Data

Investigation and Simulation Model Results of High Density Wireless Power Harvesting and Transfer Method

Experimental Analysis of Parameter Limitations in High-Frequency Resonant Gate Driver

Spectrum Sharing between Public Safety and Commercial Users in 4G-LTE

Wireless Communication (Subject Code: 7EC3)

ECE3204 Microelectronics II Bitar / McNeill. ECE 3204 / Term D-2017 Problem Set 7

Analysis of a Fractal Microstrip Patch Antenna

MODEL: M6SXF1. POWER INPUT DC Power R: 24 V DC

Signal Characteristics

Lecture #7: Discrete-time Signals and Sampling

LABORATORY UWB GPR SYSTEM FOR LANDMINE DETECTION

ECE 6560 Multirate Signal Processing Chapter 7

Analysis of Occurrence of Digit 0 in Natural Numbers Less Than 10 n

FROM ANALOG TO DIGITAL

A New Method of VHF Antenna Gain Measurement Based on the Two-ray Interference Loss

Generating Polar Modulation with R&S SMU200A

Experimental Investigation of Influence on Non-destructive Testing by Form of Eddy Current Sensor Probe

Performance Evaluation of Maximum Ratio combining Scheme in WCDMA System for Different Modulations

QoE Enhancement of Audio Video IP Transmission with IEEE e EDCA in Mobile Ad Hoc Networks

EE201 Circuit Theory I Fall

Optimal Design of Smart Mobile Terminal Antennas for Wireless Communication and Computing Systems

Design of composite digital filter with least square method parameter identification

ONE-WAY RADAR EQUATION / RF PROPAGATION

Memorandum on Impulse Winding Tester

Interconnect Planning, Synthesis, and Layout for Performance, Signal Reliability and Cost Optimization. Project Overview

Closed Loop Controlled LLC Half Bridge Isolated Series Resonant Converter

Digital Communications - Overview

B-MAC Tunable MAC protocol for wireless networks

INVESTIGATION OF CLOSE-TO-WALL WIRELESS SENSOR DEPLOYMENT USING 2D FINITE-DIFFERENCE TIME-DOMAIN MODELLING. Y. Wu and I. J.

Key Laboratory of Earthquake Engineering and Engineering Vibration, China Earthquake Administration, China

Feasibility of a triple mode, low SAR material coated antenna for mobile handsets

A Distributed Wireless MAC Scheme for Service Differentiation in WLANs

EECE 301 Signals & Systems Prof. Mark Fowler

Realistic Simulation of a Wireless Signal Propagation in an Urban Environment

Noise Reduction/Mode Isolation with Adaptive Down Conversion (ADC)

Direct Analysis of Wave Digital Network of Microstrip Structure with Step Discontinuities

Transcription:

Inenaional Jounal of Pefomabiliy Engineeing, Vol. 8, No. 2, Mach 2012, pp.153-162. RAMS Consulans Pined in India Long PN Code Based Taceback in Wieless Newoks XIAN PAN 1, JUNWEI HUANG 1, ZHEN LING 2, BIN LU 3, and XINWEN FU 1 1 Univesiy of Massachuses Lowell, Lowell, MA 01854, U.S.A. 2 Souheas Univesiy, China 3 Wes Chese Univesiy, Wes Chese, PA 19383, U.S.A. (Received on Ocobe 1, 2010; Revised on Mach 25, 2011) Absac: Cybe ciminals may abuse open wieless newoks o hose wih weak encypion fo cybe cimes. Assume suveillance has idenified suspec affic such as child pon downloading affic on he Inene. To locae such ciminals, law enfocemen has o fis idenify which mobile (MAC) is geneaing suspec affic behind a wieless oue. The challenge is how o coelae he pivae wieless affic and he idenified suspec public affic on he Inene. Taffic coelaion in unencyped wieless newoks is saighfowad by packe ID and ohe affic feaues. Taceback in encyped wieless newoks is complicaed since encypion hides ecognizable IP packe conen. In his pape, we popose a new echnique called long Pseudo-Noise (PN) code based Diec Sequence Spead Specum (DSSS) flow making echnique fo invisibly acing suspec anonymous wieless flows. In his echnique, a long PN code is shaed by wo invesigaos, inefee and sniffe. The long PN code is used o spead a signal. One segmen of he long PN code is used o spead one bi of he signal. Diffeen bis of he signal will be encoded wih diffeen segmens of he long PN code. By inefeing wih a sende's affic and maginally vaying is ae, inefee can embed a sece spead specum signal ino he sende's affic. By acing whee he embedded signal goes, sniffe can ace he sende and eceive of he suspec flow despie he use of anonymous encyped wieless newoks. Taffic embedded wih long PN code modulaed waemaks is much hade o deec. We have conduced eensive analysis and epeimens o show he effeciveness of his new echnique. We ae able o pove ha eising deecion appoaches canno deec he long PN code modulaed affic. The echnique is geneic and has boad usage. Keywods: anonymous aceback, DSSS, Long PN code, wieless newok 1 Inoducion The numbe of cybe cimes has also been inceasing dasically wih he conveged wieless newoks and Inene. Cybe ciminals can uilize open wieless newoks, o easily hack he weak poeced WiFi oues, ge he Inene access and commi cimes. These cimes include seual eploiaion of childen, inellecual popey hef, ideniy hef, financial faud, espionage, and many ohes. The challenge of conducing cybe cime scene invesigaions in wieless newoks is how o coelae he pivae wieless affic and he idenified suspec public affic on he Inene because of he use of NAT (newok addess anslaion) in wieless oues. The suspec public affic can be newok aacking affic o child ponogaphy downloading affic ha has been idenified by inusion deecion sysems and Inene suveillance ools. Taffic coelaion in unencyped wieless newoks is saighfowad by packe ID and ohe affic feaues. Taceback in encyped wieless newoks is complicaed since encypion eases ecognizable IP packe conen. Once he pivae wieless affic and he * Coesponding auho s email: inwenfu@gmail.com 153

154 Xian Pan, Junwei Huang, Zhen Ling, Bin Liu and Xinwen Fu mobile MAC have been idenified, fuhe appoaches such as 3DLoc [13] can be applied o locae he suspec fo seach waan fom cous In his pape, we developed a new flow making echnique called long PN code based DSSS waemaking fo invisible aceback and apply his new echnique o wieless newoks. In his echnique, a long PN code is shaed by wo invesigaos (inefee and sniffe). The long PN code is used o spead a signal. One segmen of he long PN code is used o spead one bi of he signal. Diffeen bis of he signal will be encoded wih diffeen segmens of he long PN code. Basically, we ae using diffeen codes o spead diffeen signal bis. This defeas MSAC (he mean squae auocoelaion aack) based deecion in [3], which can only deec a spead signal wih he same sho PN code speading all he signal bis. We have conduced eensive analysis and epeimens o show he effeciveness of his new echnique. We ae able o pove ha MSAC based deecion canno deec he long PN code modulaed affic. We developed a suie of ools and pefomed eal-wold Inene epeimens ove encyped wieless newoks plus Anonymize [1], which is a popula commecial anonymous communicaion newok. Ou daa validae he heoy and demonsae ha ou long PN code based DSSS waemaking echnique can invisibly ace anonymous affic flow ove encyped wieless newoks. The es of he pape is oganized as follows. In Secion 2, we biefly eview he mos elaed wok. In Secion 3, we inoduce he long PN code based aceback. We analyze he benefis of he long PN code based aceback in Secion 3.4. The eal-wold epeimenal esuls ae pesened in Secion 4. We conclude his pape in Secion 5. 2 Relaed Wok Thee has been much eseach on degading anonymous communicaion hough mi newoks. Because of he space limi, we give bief eview of mos elaed wok. To deemine whehe Alice is communicaing wih Bob, hough a mi newok, similaiy beween Alice's oubound affic and Bob's inbound affic may be measued. Fo eample, Zhu e al. in [4] poposed he scheme of using muual infomaion fo he similaiy measuemen. Levine e al. in [5] uilized a coss coelaion echnique. Mudoch e al. in [6] also invesigaed he iming based heas on To [17] by using some compomised To nodes. Fu e al. [7] sudied a flow making scheme. Ovelie e al. [8] sudied a scheme using one compomised mi node o idenify he hidden seve anonymized by To. Yu e al. [2] poposed a diec sequence spead specum (DSSS) based aceback echnique, which could be maliciously used o ace uses of an anonymous communicaion newok. Howeve, his sho PN code based aceback appoach is subec o he mean squae auocoelaion aack in [3]. This pape addesses his issue via he long PN code, which is also able o well suppo paallel aceback because of abundan numbe of long PN codes and hei long lengh. Zhang e al. [15] poposed using muliple ohogonal PN codes o spead diffeen waemak bis and embed hem in andomly seleced inevals. In pacice, he numbe of ohogonal PN codes is limied. A long PN code poposed in his pape addesses his issue of scaceness of ohogonal PN codes. Random inevals can also be inseed ino long PN code modulaed affic o fuhe impove is effeciveness agains deecion, including he muli-flow aack in [9]. Zhang, Luo and Yang [16] used PN codes o modulae he packe ine-aival imes in ode o embed a sece signal ino he age affic. We modulae affic ae insead of packe ine-aival imes. Boh saegies have pos and cons. We leave he compaison as ou fuue wok.

155 Long PN Code Based Taceback in Wieless Newoks 3 Long PN Code Based DSSS Based Taceback In his secion, we will fis define he poblem, and inoduce ou basic idea. We hen discuss he long PN code. A las, we inoduce he flow making pocess of embedding a long PN code spead signal ino suspec affic and ecoveing i. 3.1 Poblem Definiion and Basic Idea Figue 1 illusaes he foensic case we ae sudying. A suspec sende is communicaing anonymously wih a suspec eceive hough an encyped wieless newok and Anonymize [1], which is a popula commecial anonymous communicaion newok. The use of Anonymize will make he aceback via wieless newoks moe challenging. Fo eample, he suspec eceive could be a ciminal downloading pohibied conen fom an illegal seve, i.e., suspec sende. The suspec affic is idenified. The poblem is: how can he law enfocemen manipulae he suspec affic in ode o confim i is he suspec sende who is communicaing wih he suspec eceive. T s (symbol) Sym i Suspec Receive Secue VPN Tunnel Encyped Wieless Roue Anonymize Seve Suspec Taffic Sniffe Inefee Figue 1: Encyped Wieless Newoks plus Anonymize WEB CHAT VIDEO Suspec Sende d c d c T c (chip) 1 1 1 1 1 1-1 1 1 1-1 -1 1 1 N T c c Seg i Figue 2: Long PN Code Ou basic idea o solve he poblem is ha if law enfocemen inefee embeds a signal ino he suspec affic and law enfocemen sniffe can ecove he signal fom he inbound affic ino suspec eceive, law enfocemen confims suspec sende communicaes wih suspec eceive. Techniques developed fo his poblem can be easily eended o a moe geneal case: law enfocemen can follow he affic embedded wih he signal and econsuc he full communicaion pah. 3.2 Long PN Code In Diec Sequence Spead Specum (DSSS), we use Pseudo-Noise (PN) code o spead a signal ove a bandwidh geae han he oiginal signal bandwidh. Based on he lengh, hee ae sho PN code and long PN code. In speading and despeading pocesses, he wo ypes of PN codes ae vey diffeen. In sho PN code based DSSS, he same sho PN code is used o spead (encode) each bi of a signal. Figue 2 shows he long PN code based DSSS echnique, in which we use diffeen segmens of he long PN code o spead diffeen signal bis. The oiginal signal d is a seies of binay symbols Sym (+1 o -1). The symbol duaion fo boh symbol +1 and -1 is T s seconds, so he symbol ae is Rs Ts. A long PN code c is a long sequence of chips of +1 and -1 and is geneaed a he inefee and shaed wih he sniffe. Each chip lass fo T c seconds, denoed as chip duaion. The chip ae is Rc Tc. N c is he numbe of chips pe symbol and is also he lengh of one segmen fom he long PN code. chips consuc one segmen Seg fom he long PN code. A long PN code can be vey long (e.g. 1 2 42 chips). Theefoe, we can use diffeen segmens of he code o spead diffeen signal bis. Fo eample, in Figue 2 we use {1,1,1,1,1,1,-1} o spead signal bi N c

156 Xian Pan, Junwei Huang, Zhen Ling, Bin Liu and Xinwen Fu 1 and {1,1,1,-1,-1,1,1} o spead signal bi -1. Thee ae maue ways o geneae a long PN code by using he Linea Feedback Regise (LRFS). Thee ae wo configuaions fo he LRFS. One is called Simple Shif Regise Geneao (SSRG) and he ohe is called Modula Shif Regise Geneao (MSRG). We use MSRG o geneae a long PN code. The configuaion of a MSRG is deemined by he pimiive polynomial coefficiens [10]. In Figue 3 he pimiive polynomial is 2 i n n f ( ) c c c c (1) 1 2 i whee c i is he coefficien, i [ 1, n]. c i is eihe 0 o 1. R i is he sage of he shif egise. efes o XOR. Diffeen pimiive polynomials geneae diffeen long PN n Figue 3: MSRG Figue 4: Long PN Code Speading and Despeading in DSSS codes. If he degee of he pimiive polynomial is n, he numbe of diffeen pimiive polynomials of degee n is equal o he numbe of diffeen long PN codes. The oal numbe of diffeen PN codes poduced by pimiive polynomials of degee n can be calculaed as follows [10], n Numbe of diffeen long PN codes whee ( 2 ) is he Eule's funcion. 3.3 Flow Making Figue 4 illusaes he famewok of flow making. We spead a signal b d c n ( 2 ) / n (2) d as follows, (3) whee c is a segmen of a paial long PN code and is he elemen-wise muliplicaion of wo vecos. b is hen used o modulae a age affic flow by inefee. We use weak inefeence agains he flow when a chip is +1, so ha he flow has a high ae fo T c seconds. We use song inefeence agains he flow when a chip is -1, so ha he flow has a low ae fo T c seconds. We assume ha he flow has an aveage affic ae of D, hen he high ae is D A and he low ae is D A, whee A is denoed as mak ampliude. The age affic flow ae should be lage enough fo invesigaos o inoduce he maks by inefeence. Theefoe, he ansmied signal can be epesened by, Ad. c D (4) The modulaed flow avels hough he Inene (including local WLAN and Anonymize), whee hee eiss noise ceaed by coss affic and ohe inefeence. We

157 Long PN Code Based Taceback in Wieless Newoks ea all noise n as an aggegaed faco. So he eceived signal is Ad. c D n (5) A he sniffe side (suspec eceive in Figue 1), in ode o emove he diec cuen componen D fom he eceived signal, a high-pass file is applied. Theefoe, he fileed eceived signal ' can be epesened by, ' (6) Ad. c n We hen use he same segmen c of he shaed paial long PN code o despead he fileed eceived signal ' o deive he eceived baseband signal d, d Ad. c c n c (7) A low-pass file is hen used o file he high fequency noise. Thus, d Ad. c c (8) Since boh inefee and sniffe have he same paial long PN code and c c, we can ecove he oiginal signal. c c, 3.4 Benefis of Long PN Code Based DSSS Based Taceback In his pape, long PN code is applied in DSSS-based echnique fo acing affic flows in an anonymous newok. By using long PN code, we can defea mean-squae auocoelaion (MSAC) based deecion echnique poposed in [3] and make he aceback had o deec. In his secion, we will fis pesen he paial coelaion of he long PN code, hen analyze he invisibiliy of he long PN code based-dsss waemaking. 3.4.1 Paial Coelaion of Long PN Code Assume a long PN code is C { c0, c1,, cp}, whee c i {, }. The code peiod is P. A paial long PN code of lengh M fom he whole long PN code is given by C c, c,, c }, whee s { 0, P M} and s is he saing posiion o ge a s { s s s M segmen of M chips fom he long PN code. We calculae he coelaion on he paial PN code C as follows, s M 1 ( ci s i 0 ( ) s c ) (9) C i s whee M P and is he lag. The mean value of he paial coelaion fo he PN code is pesened in Lemma 1. The deailed poof of Lemma 1 is available in Appendi A of ou echnical epo [14]. Lemma 1: E { ( )} shows he mean value of he paial coelaion, and is lag. Ca M, 0 E{ C a ( )} M (10), 0 P 3.4.2 Invisibiliy of Long PN Code Based DSSS Based Taceback The long PN code based DSSS waemaking echnique makes i difficul o deec he fac of aceback by a suspec (eceive) being aced. A long PN code modulaed affic flow shows whie noise-like paen in boh fequency and ime domain. Suspecs canno deec hose waemaks in fequency and ime domains. The mean-squae

158 Xian Pan, Junwei Huang, Zhen Ling, Bin Liu and Xinwen Fu auocoelaion (MSAC) mehod also fails o deec he waemaks. The MSAC mehod is based on he fac ha he same sho PN code is epeaedly used o spead each signal bi. In ou new echnique, each bi is spead by successive diffeen segmens fom a long PN code. Basically, diffeen signal bis ae spead by diffeen codes. We now pove he invisibiliy of he long PN code based DSSS waemaking echnique ha can defea he MSAC deecion mehod. Denoe X 0,, N as he signal, whee N is he numbe of signal bis. i is eihe A o A, whee A is he waemak ampliude. Denoe C c0, c1,, cp as a long PN code, whee P is he peiod of he long PN code. We ake a segmen fom he long PN code o spead one signal bi. Assume he lengh of each PN segmen is 1, ha is, we use 1 chip o spead one signal bi. c epesens one chip and c is eihe 1 o -1. We assume ha bis and ( i ) ae independen. The modulaed signal X can be wien as follows, Since X ( 0 ( c i 0 C, C, 0 0 1,, c 0 l 1, N C N ) (11), c,, c 1 l 1 2l,, c N ( N ) l,, c i ) N Nl (12) is independenly and idenically disibued, P( i c A) / 2 and P( i c A) / 2, hus E ( i c ) 0 and he sandad deviaion A. The following fomula can be used o esimae he auocoelaion of a ime seies epesened by X, whee is he lag, ai N 1 i 0 ( ) /( N ) ( a i * a ) (13) i il h i c is he i iem of X, and i [ 9, N ], [0, l ]. The MSAC mehod eveals he pesence of sho PN code based DSSS waemaks by 2 calculaing E ( 2 ( )). ( ) is he squae auocoelaion of spead signal X and a imeshifed X wih lag. By calculaing E ( 2 ( )), peiodic peaks wih a peiod of l will show up. Theoem 1 shows hee ae no peiodic peaks in ou long PN code based waemaking echnique unde his MSAC deecion mehod. The long PN code based DSSS waemaking echnique is invisible fo suspec sende and eceive. The deailed poof of Theoem 1 is in Appendi B of ou echnical epo [14]. Theoem 1: The mean value of E ( 2 ( )) is 4 2 A, 0 E ( ( )) (14) 0, 0 Accoding o Theoem 1, i is sece o use long PN code based DSSS waemaking echnique o ace affic flows since hee is only one peak shown in he MSAC deecion mehod a he lag 0. Unlike using he sho PN code based DSSS waemaking echnique in [2], which eveals he self-similaiy of embedded DSSS waemaks occuing a egula inevals, no peiodic peaks show up fo he long PN code based aceback. The aceback invisibiliy is peseved agains MSAC analysis.

159 Long PN Code Based Taceback in Wieless Newoks 4 Evaluaion We conduced eal-wold epeimens on Anonymize o evaluae he pefomance of he long PN code based DSSS waemaking echnique. In his secion, we will fis inoduce he epeimen seup. We will hen pesen epeimenal esuls of deecion ae and false posiive ae and he capabiliy of he new aceback appoach on acing muliple flows. Finally, we demonsae he long PN code based echnique can defea he MSAC based waemak deecion. 4.1 Epeimen Seup Figue 5 illusaes he epeimen seup. A web seve sende unning Windows 7 is locaed a a univesiy campus. An off-campus compue eceive uns an Anonymize clien, which connecs hough an encyped wieless newok o he Anonymize seve. By seing up an encyped VPN unnel beween he off-campus compue and Anonymize seve on he Inene, he off-campus compue can suf he web wihou eposing is eal IP addess. In ode o deemine if he off-campus compue is downloading a file fom he web seve, we use a compue as inefee o inefee wih he oubound wieless affic fom he web seve, and use anohe compue as sniffe o sniff he inbound wieless affic o he eceive. The inefee and he sende ae conneced by a oue, as ae he sniffe and he eceive. The inefee and he sende shae a link, so ha inefee can inefee wih he sende's affic and modulae he oubound affic wih he long PN code based appoach. This seup is a ypical communicaion scene in an ad-hoc wieless newok. In case of conducing newok foensics on household wieless newoks whee he web seve is wied ino he Inene, law enfocemen can inefee he affic along he pah fom he web seve o he clien, fo eample, a an inemediae oue. Roue Inene Roue Anonymize Clien Web Seve Sende Inefee 1Mbps Anonymize Seve Sniffe Clien Receive Figue 5: Epeimen Seup In ou epeimens, he inefee uses UDP consan bi ae (CBR) affic o modulae he age flow. The CBR affic packe size is fied a 100 byes. The CBR affic is uned off when a chip wihin a signal modulaed by he long PN code is +1. The CBR affic is uned on when a chip is -1. The on-ineval and off-ineval ae equal o he chip duaion. Based on he TCP's loop conol mechanism, when he CBR affic ae inceases, he TCP affic ae deceases. When he CBR affic ae deceases (e.g., no CBR affic), he TCP affic ae inceases. To use he long PN code based DSSS waemaking echnique and ecove he oiginal signal, we need o obain a ime seies of he TCP flow ae. In ode o ecove he spead signal, he sampling peiod should be less han half of he chip duaion based on he Nyquis sampling heoy [12]. We use a sampling ineval of 0.1s. Because of dynamics of Inene affic, in ou epeimens, we used a ough esimaion of he delay o synchonize he ineceped affic a he sniffe wih he age affic a he inefee in ode o ecove he PN code. We hen used he mached file based appoach o seach fo he bes mach wihin a ceain seach ange. We se he ange as [-1s, 1s] in

160 Xian Pan, Junwei Huang, Zhen Ling, Bin Liu and Xinwen Fu ou epeimens. 4.2 Deecion Rae of Long PN Code Based Flow Making Fo epeimens in his secion, deecion ae efes o he pobabiliy ha a n-bis signal is coecly and fully ecognized. We can vay he paamees such as he long PN code lengh, waemak ampliude and chip duaion o obain high deecion ae. This is an advanage of he long PN code based aceback. In he epeimens, we fis geneae a long PN code of 2 15 chips, and use he mask, {0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 1, 0, 0, 0}, o geneae a long PN code wih shif 20473. We hen use segmens of he shifed long PN code o spead he signal {1-1 1 1-1 1-1}, as discussed in Secion 3. The chip duaion is fied a 1 second. We fis eamine he impac of he inefeing CBR affic ae (waemak ampliude) on deecion ae. We change he CBR packe sending fequency fom 1 packe / 5ms o 1 packe / 100ms. In Figue 6, we can see ha when he CBR affic ae deceases (packe sending ineval inceases), he deecion ae deceases. This is because slow inefeing affic incus small waemak ampliude A in (5). We hen eamine he impac of diffeen long PN code lenghs on deecion ae. We used diffeen long PN code segmen lenghs fom 1 o 7 o spead a signal bi. Figue 7 shows ha in geneal longe segmen lengh achieves highe deecion ae. This is he benefi of using spead specum speading: we can use a long code o figh a noisy envionmen fo bee pefomance. Figue 6: Deecion Rae vs. Pk. Sending Ineval Figue 7: Deecion Rae vs. Segmen Lengh We also eamine he impac of chip duaions on deecion ae. We vaied he chip duaion fom 0.3s o 1.5s. Fom Eo! Refeence souce no found., we can see ha unde diffeen chip duaions, he deecion ae has flucuaion bu is consisenly high oveall. 4.3 False Posiive Rae Recall ha he false posiive ae P 2 P, fo ecognizing a n-bis oiginal signal is F n n F, n 1/ [2]. In ou epeimens, we vaied he signal lengh fom 1 o 7. Fo each signal lengh we measued he false posiive aes fo he long PN code segmens of diffeen lenghs fom 2 o 7. The false posiive ae fo each signal lengh is calculaed as he aveage of he pobabiliies of deecing he signal wih diffeen long PN code segmen lenghs. Fom Eo! Refeence souce no found., we can see ha he false posiive ae deceases wih he inceasing long PN code segmen lengh. The heoeical cuve maches he empiical cuve vey well.

161 Long PN Code Based Taceback in Wieless Newoks 4.4 Defeaing MSAC Deecion In [2], he auhos invesigaed he deecion of waemaks geneaed by a sho PN code, which is used o spead each signal bi. Though he mean-squae auocoelaion (MSAC) analysis, peiodic peaks show up due o self-similaiy in he modulaed affic caused by homogeneous PN codes ha ae used in modulaing a muliple-bi signal. Ou saegy can defea he MSAC analysis since we use diffeen long PN code segmens o spead diffeen signal bis. Figue 10 shows he MSAC of a modulaed flow. We can see hee is no peiodical peak any moe. The auhos also used deecion ae P D and false posiive ae P F as evaluaion meics fo evaluaing MSAC's capabiliy o deec sho PN code geneaed DSSS waemaks. When hey y o deec affic conaining DSSS waemaks, hey need a high deecion ae and a low false posiive ae. Figue 11 shows Receive Opeaing Chaaceisic (ROC) cuve fo ou long PN code geneaed waemaks, which is a plo of P D vesus P F. I can be obseved ha he false posiive ae is as high (o low) as he deecion ae. Theefoe, i is had o deec long PN code geneaed waemaks by he MSAC analysis. Figue 8: Deecion Rae vs. Chip Duaion Figue 9: False Posiive Rae Figue 10: Esimaion of MSAC Figue 11: ROC 5 Conclusions In his pape, we popose a long PN code based DSSS waemaking echnique o ace suspec communicaion ove encyped (and open) wieless newoks and anonymous communicaion newoks on he Inene. This aceback echnique has good invisibiliy. Since diffeen segmens of a long PN code ae used o modulae diffeen signal bis, his echnique emoves egula paens and self similaiy fom he geneaed waemaks. Theefoe, i can defea mean-squae auocoelaion (MSAC) based deecion of waemaks geneaed by a sho PN code, which is used o epeaedly modulae each

162 Xian Pan, Junwei Huang, Zhen Ling, Bin Liu and Xinwen Fu signal bi. Though a combinaion of analyical modeling and an eensive se of epeimens ove WLAN and Anonymize, we demonsaed he effeciveness of he long PN code based DSSS waemaking echnique. The long PN code based DSSS waemaking echnique is a geneal one and can be used in ohe cybe cime scene invesigaions. Refeences [1] Anonymize, Inc., hp://www.anonymize.com/, 2010. [2] Yu. W., X. Fu, S. Gaham, D. Xuan, And W. Zhao. Dsss-based flow making echnique fo invisible aceback. in Poceedings of he 2007 IEEE Symposium on Secuiy and Pivacy (S&P), May 2007. [3] Jia. W., F. TSO, Z. Ling, X. Fu, D. Xuan, and W. Yu. Blind deecion of spead specum flow waemaks. in Poceedings of he 28 h IEEE Inenaional Confeence on Compue Communicaions (INFOCOM), Rio de Janeio, Bazil, Apil 2009. [4] Zhu. Y., X. Fu, B. Gaham, R. Beai, and W. Zhao. On flow coelaion aacks and counemeasues in mi newoks. in Poceedings of Wokshop on Pivacy Enhancing Technologies (PET), May 2004. [5] Levine. B. N., M. K. Reie, C. Wang, and M. Wigh. Timing aacks in low-laency mibased sysems. in Poceedings of Financial Cypogaphy (FC), Febuay 2004. [6] Mudoch. S. J. and G. Danezis. Low-cos affic analysis of o. in Poceedings of IEEE Secuiy and Pivacy Symposium (S&P), May 2006. [7] Fu. X., Y. Zhu, B. Gaham, R. Beai, and W. Zhao. On flow making aacks in wieless anonymous communicaion newoks. in Poceedings of he IEEE Inenaional Confeence on Disibued Compuing Sysems (ICDCS), Apil 2005. [8] Ovelie. L. and P. Syveson. Locaing hidden seves. in Poceedings of he IEEE Secuiy and Pivacy Symposium (S&P), May 2006. [9] Kiyavash. N., A. Houmansad, and N. Boisov. Muli-flow aacks agains newok flow waemaking schemes. in Poceedings of he 17 h USENIX Secuiy Symposium, July/Augus 2008. [10] Peeson. W. W. and E. J. Weldon. Eo-Coecing Codes, 2nd Ediion. Cambidge, MA: The MIT Pess, 1972. [11] Lee. S., Spead Specum CDMA: IS-95 and IS-2000 fo RF Communicaions. Chicago, IL: McGaw-Hill Pofessional, Augus 2002. [12] Oppenheim. A. V., A. S. Willsky, and S. H. Nawab. Signals and Sysems, 2nd ed. Uppe Saddle Rive, NJ 07458, USA: Penice-Hall, 1997. [13] Wang. J, Y. Chen, X. Fu, J. Wang, W. Yu and N. Zhang. 3DLoc: Thee Dimensional Wieless Localizaion Toolki. In Poceedings of he 30h IEEE Inenaional Confeence on Disibued Compuing Sysems (ICDCS), 2010 [14] Pan. X, J. Huang, Z. Ling, and X. Fu, Long PN Code Based Taceback in Wieless Newoks, Depamen of Compue Science, UMass Lowell, Sep. 2010, Link: hp://www.cs.uml.edu/~huang/fulllongpnwieless.pdf. [15] Zhang. L, Z. Wang, Q. Wang, and F. Miao. MSAC and Muli-flow Aacks Resisan Spead Specum Waemaks fo newok flows. in Poceedings of he 2nd IEEE Inenaional Confeence on Infomaion and Financial Engineeing (ICIFE), 2010 [16] Zhang. L, J. Luo, M. Yang. An Impoved DSSS-Based Flow Making Technique fo Anonymous Communicaion Taceback. in Poceedings of IEEE Symposia and Wokshops on Ubiquious, Auonomic and Tused Compuing (UIC-ATC), 2009 [17] Dingledine. R, N. Mkahewson, and P. Syveson. To: The second-geneaion onion oue. in Poceedings of he 13 h USENIX Secuiy Symposium, Augus 2004.

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback