21 PDF

Physical Layer
Identification
ECE 5930
motivation.
> tcpdump -e -n -i eth0

20:47:08.910066 46:4f:52:47:45:44 > 6D:65:74:6F:6F:21,...
> ifconfig eth0 ether 46:4f:52:47:45:44
1. august
2. reputable
(3. hiring/firing capabilities

[at least until tenure])
associate digital identifier/information with a/its physical

representation
*ring*
Hello.
(grok voice)
Hello <name>.
PLI koan:
What is the sound of an Ethernet card
speaking?
3
2
Voltage
1
0
-1
-2
-3
0
4000
8000
12000
16000
20000
Time (ns)
NOTE: 10 Mb Ethernet is actually a differential signal; this is reconstructed waveform
3
2
Voltage
1
0
-1
-2
-3
0
1000
2000
3000
4000
Time (ns) or Sample point
5000
6000
7000
8000
105
5 MHz
|FFT| (log10)
104
15 MHz
103
102
101
50
100
150
bin
200
250
repetitive && ubiquitous
authentication
(preventing unauthorized access to the physical network)
intrusion detection
(discovering node impersonation and network tampering)
forensic data collection

(tying a physical device to a specific network incident)
assurance monitoring
(determining whether a device will or is in the process of failing)
related work.
[military]
[RF engineers]
1990s:
Cellular
Avionics
COTS transmitters
[security researchers]
Modern era:
Bluetooth
Wired Ethernet
Sensor nodes
RFID
PLI of Wired Ethernet Devices:

1. use a single frame
2. worst case scenario
3. location of variation
4. secure methodology
5. medium term profiling
identity.
Signal profile:
1. matched filter
2. baseline, n-outputs
3. thresholds for future, m-outputs
Filter output (V2 )
26500
Device1
Device2
26400
26300
0
2000
4000
6000
Record
8000
10000
H() =
h(t) =
A ( )
P( )
(t0
0,
t),
exp
j t0
0 t T
elsewhere
(t0 ) = h(t0 ) (t0 )

t0
=
t0 T
( )( )d
Figures from Wikipedia
Notation:
j
fi (t), ri (t)
3
2
Voltage
1
0
-1
-2
-3
0
1000
2000
3000
4000
Time (ns) or Sample point
5000
6000
7000
8000
Filter output (V2 )
26500
26450
26400
26350
26300
2000
4000
6000
8000
Record
j
ci (ta )
= max(fi (t)
j
ri (t))
for j = 1 n
10000
Filter output (V2 )
26500
Device1
Device2
26400
26300
0
2000
4000
6000
8000
Record
j
si,k (ta )
= max(fi (t)
j
rk (t))
for j = 1 n
10000
matched filter (length n)
record (length m)
th
arg max
f [j]
i
r [j +
i
i
th+
j=1
thresholds (upper & lower)
= 0m
environmental:
1. noise
2. temperature
3. load
inherent:
1. fabrication
2. component tolerances
3. different: components, designs, and assembly
Filter output (V2 )
26500
Device1
Device2
26400
26300
0
2000
4000
6000
Record
8000
10000
Filter output (V2 )
26150
26100
26050
10
20
Frame
30
40
th+/ (c c
j
(c
j n
j 1
) r(1
;m,n)
n = 25, m = 20,
(c
j+m 1
j n
)=
j 1
= 0.05, r = 3.397
detect difference in signals

where none exists
False-positives:
125
ci
(ta )
F P = nc n nr
dont detect difference in signals

where it exists
False-negatives:
2645
ci
(ta )
1ns
si,k (ta )
FN =
m
nc
nc /m
l=1
l
na
results.
DAQPC
TESTPC
Oscilloscope
(8-bits resolution, 2.5 GS/s)
Table I
D ETAILS OF E THERNET CARDS USED FOR EXPERIMENTS .

Manufacturer/Model
D-Link/DFE-530TX+ (Rev. E1)
Genica/GN-788
Netronix/37NB-12290-311 (Rev. 1.1)
Table II
LTERS USED IN
Hz)
Identifier
m4c1
m4c2
m4c3
m5c1
m5c2
m5c3
m5c4
m5c5
m5c6
m5c7
m5c8
m5c9
m5c10
m6c1
m6c2
m6c3
MAC Address
00:40:05:34:a0:31
00:40:05:36:01:15
00:40:05:36:01:19
00:00:e8:12:65:36
00:00:e8:12:17:db
00:00:e8:12:2c:85
00:00:e8:12:61:53
00:00:e8:12:6d:77
00:00:e8:12:61:47
00:00:e8:12:65:2e
00:00:e8:12:c4:a0
00:00:e8:12:61:09
00:00:e8:12:32:4a
00:08:54:0c:37:5f
00:08:54:0c:37:13
00:08:54:0c:37:4c
BPF PRE - PROCESSING .
Low-pass freq. (MHz)
Serial
B229237077076
B229237077139
B229237077140
DB0211105319
DB0211105339
DB0211105358
DB0211105396
DB0211105389
DB0211105364
DB0211105349
DB0211105317
DB0211105326
DB0211105404
122901133CF05938
122901133CF05997
122901133CF05948
Chipset Markings
DL10038D, 33098Q1, 315F
DL10038D, 33246Q1, 316F
DL10038D, 33246Q1, 316F
0206TABEDC2736.00
VT6105, 0325cd, 23B4002200

VT6105, 0325cd, 23B4001100
VT6105, 0326cd, 23B4401200
while for upper-trimming

x(t) =
0,
|x(t)| l
for l
perfect: identity matrix
other metrics
recall
accuracy
(missing change)
(overall)
TP
TP
TN
TP + TN
A=
,P =
,R =
,S =
TP + TN + FP + FN
TP + FP
TP + FN
TN + FP
precision
(detecting change)
specificity
(detecting no-change)
Test
Parameters
ensemble of filters
transient; transient+sync;
sync+mac transition; entire
ANDWIDTHS OF FILTERS USED IN
bandpass filter
normalisation
trimming
High-pass freq. (MHz)

19
18
20
19
20
.
.
.
1
0
.
.
.
2
1
.
.
.
3
2
BPF PRE - PROCESSING
Low-pass freq. (MHz)
20
20
all tests (ref+signal)

x(t) =
0, |x(t)| l
x(t), otherwise
x(t) =
0, |x(t)| l
x(t), otherwise
l = 0.25, 0.50, . . . , 3.0 volts
3
2
Voltage
1
0
-1
-2
-3
0
4000
8000
12000
Time (ns)
16000
20000

21 PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

21 PDF

Uploaded by

Copyright:

Available Formats

Physical Layer

> tcpdump -e -n -i eth0

> ifconfig eth0 ether 46:4f:52:47:45:44

(3. hiring/firing capabilities

associate digital identifier/information with a/its physical

NOTE: 10 Mb Ethernet is actually a differential signal; this is reconstructed waveform

repetitive && ubiquitous

forensic data collection

PLI of Wired Ethernet Devices:

Filter output (V2 )

(t0 ) = h(t0 ) (t0 )

Figures from Wikipedia

Filter output (V2 )

Filter output (V2 )

matched filter (length n)

thresholds (upper & lower)

Filter output (V2 )

Filter output (V2 )

detect difference in signals

dont detect difference in signals

D ETAILS OF E THERNET CARDS USED FOR EXPERIMENTS .

Netronix/37NB-12290-311 (Rev. 1.1)

BPF PRE - PROCESSING .

Low-pass freq. (MHz)

VT6105, 0325cd, 23B4002200

while for upper-trimming

perfect: identity matrix

High-pass freq. (MHz)

BPF PRE - PROCESSING

Low-pass freq. (MHz)

all tests (ref+signal)

l = 0.25, 0.50, . . . , 3.0 volts

You might also like