Long PN Code Based Traceback in Wireless Networks

Cyber criminals may abuse open wireless networks or those with weak encryption for cyber crimes. Assume surveillance has identified suspect traffic such as child porn downloading traffic on the Internet. To locate such criminals, law enforcement has to first identify which mobile (MAC) is generating suspect traffic behind a wireless router. The challenge is how to correlate the private wireless traffic and the identified suspect public traffic on the Internet. Traffic correlation in unencrypted wireless networks is straightforward by packet ID and other traffic features. Traceback in encrypted wireless networks is complicated since encryption hides recognizable IP packet content. In this paper, we propose a new technique called long Pseudo-Noise (PN) code based Direct Sequence Spread Spectrum (DSSS) flow marking technique for invisibly tracing suspect anonymous wireless flows. In this technique, a long PN code is shared by two investigators, interferer and sniffer. The long PN code is used to spread a signal. One segment of the long PN code is used to spread one bit of the signal. Different bits of the signal will be encoded with different segments of the long PN code. By interfering with a sender's traffic and marginally varying its rate, interferer can embed a secret spread spectrum signal into the sender's traffic. By tracing where the embedded signal goes, sniffer can trace the sender and receiver of the suspect flow despite the use of anonymous encrypted wireless networks. Traffic embedded with long PN code modulated watermarks is much harder to detect. We have conducted extensive analysis and experiments to show the effectiveness of this new technique. We are able to prove that existing detection approaches cannot detect the long PN code modulated traffic. The technique is generic and has broad usage.

[1]  Sushil Jajodia,et al.  Network Flow Watermarking Attack on Low-Latency Anonymous Communication Systems , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[2]  T. Hughes,et al.  Signals and systems , 2006, Genome Biology.

[3]  George Danezis,et al.  Low-cost traffic analysis of Tor , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[4]  Weijia Jia,et al.  Blind Detection of Spread Spectrum Flow Watermarks , 2009, IEEE INFOCOM 2009.

[5]  Xinwen Fu,et al.  3DLoc: Three Dimensional Wireless Localization Toolkit , 2010, 2010 IEEE 30th International Conference on Distributed Computing Systems.

[6]  Nikita Borisov,et al.  Multi-flow Attacks Against Network Flow Watermarking Schemes , 2008, USENIX Security Symposium.

[7]  Riccardo Bettati,et al.  On Flow Marking Attacks in Wireless Anonymous Communication Networks , 2005, 25th IEEE International Conference on Distributed Computing Systems (ICDCS'05).

[8]  George Danezis,et al.  Mixminion: design of a type III anonymous remailer protocol , 2003, 2003 Symposium on Security and Privacy, 2003..

[9]  Peng Ning,et al.  On the secrecy of timing-based active watermarking trace-back techniques , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[10]  Ming Yang,et al.  An Improved DSSS-Based Flow Marking Technique for Anonymous Communication Traceback , 2009, 2009 Symposia and Workshops on Ubiquitous, Autonomic and Trusted Computing.

[11]  Junjie Zhang,et al.  On the Secrecy of Spread-Spectrum Flow Watermarks , 2010, ESORICS.

[12]  Douglas S. Reeves,et al.  Sleepy Watermark Tracing: An Active Network-Based Intrusion Response Framework , 2001, SEC.

[13]  Liancheng Zhang,et al.  MSAC and Multi-flow Attacks Resistant Spread Spectrum Watermarks for network flows , 2010, 2010 2nd IEEE International Conference on Information and Financial Engineering.

[14]  Paul F. Syverson,et al.  Locating hidden servers , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[15]  Riccardo Bettati,et al.  On Flow Correlation Attacks and Countermeasures in Mix Networks , 2004, Privacy Enhancing Technologies.

[16]  Xinwen Fu,et al.  DSSS-Based Flow Marking Technique for Invisible Traceback , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[17]  Peng Ning,et al.  Tracing Traffic through Intermediate Hosts that Repacketize Flows , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[18]  Sushil Jajodia,et al.  Tracking anonymous peer-to-peer VoIP calls on the internet , 2005, CCS '05.

[19]  F. Lemmermeyer Error-correcting Codes , 2005 .

[20]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[21]  Douglas S. Reeves,et al.  Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays , 2003, CCS '03.