引用本文: |
-
胡园园,胡爱群,李晟,刘佳琪,李冰.基于自适应滤波算法的有线网卡指纹提取方法[J].信息安全学报,2022,7(4):124-136 [点击复制]
- HU Yuanyuan,HU Aiqun,LI Sheng,LIU Jiaqi,LI Bing.Fingerprint extraction of Ethernet card based on adaptive filtering algorithm[J].Journal of Cyber Security,2022,7(4):124-136 [点击复制]
|
|
摘要: |
有线设备接入认证是保障有线以太网安全的重要组成部分,其中MAC地址认证和设备数字证书认证是目前的主流身份认证方式,然而前者存在MAC地址易被篡改和伪造,后者存在系统复杂、使用不便等问题。基于设备指纹的物理层安全技术是解决这一问题的有效途径,并已在无线网络中得到广泛应用,但有线网络目前研究颇少。设备指纹的提取是物理层安全技术的一个重要环节,有线网络已有研究主要从10M有线网卡信号中提取指纹。本文提出了一种基于最小均方误差自适应滤波算法(LMS算法)从100M有线网卡信号中提取指纹的方法,该方法提取的网卡指纹产生自网卡及所在设备本身的物理特性,不可克隆,无法被篡改,而且指纹可直接通过分析网卡输出信号而得,简单方便。本文设计了一套基于LMS算法的网卡指纹提取系统,通过大量实验估算了合适的诸如收敛因子、滤波器阶数、数据长度等算法参数,并对提取的指纹进行了有效性验证。经过实验验证,使用本文方法提取的网卡指纹可有效识别出不同品牌和相同品牌不同类型的以太网网卡,在使用线性判别和集成子空间判别分类算法时,针对50块网卡的识别率可分别达到97.3%、98.5以上。 |
关键词: 有线以太网网卡 指纹提取 LMS算法 身份认证 |
DOI:10.19363/J.cnki.cn10-1380/tn.2022.07.10 |
投稿时间:2021-08-14修订日期:2022-01-20 |
基金项目:本课题得到江苏省重点研发计划“电力物联网边缘接入安全技术研究与应用”项目(No.BE2019109)资助。 |
|
Fingerprint extraction of Ethernet card based on adaptive filtering algorithm |
HU Yuanyuan1, HU Aiqun1, LI Sheng2, LIU Jiaqi3, LI Bing1
|
(1.School of Information Science and Engineering, Southeast University, Nanjing 211189, China;2.School of Cyber Science and Engineering, Southeast University, Nanjing 211111, China;3.School of Computing, Nanjing University of Science and Technology Zijin College, Nanjing 210023, China) |
Abstract: |
The identity authentication of access wired devices is an important part of the security of wired Ethernet, among which MAC address authentication and digital certificate authentication of the device are the mainstream authentication methods at present. However, the MAC address in the former authentication is easy to be tampered and forged, while the latter has problems such as complex system and inconvenient to use. Physical layer security technology based on device fingerprint is an effective way to solve these problems, and has been widely used in wireless networks, but there is little research on wired networks. Device fingerprint extraction is an important part of physical layer security technology. Present studies of physical layer security technology in wired network mainly extract fingerprint from 10M wired Ethernet card signal. This paper proposes a method to extract fingerprint from 100M wired Ethernet card signal based on the least mean square error adaptive filtering algorithm (LMS algorithm). The fingerprint extracted by this method is generated from the physical characteristics of the Ethernet card and the device where the Ethernet card resides, and cannot be cloned or tampered with. Moreover, the fingerprint can be obtained directly by analyzing the output signal of the Ethernet card, which is simple and convenient. This paper designs a wired network card fingerprint extraction system based on LMS algorithm, estimates the appropriate algorithm parameters (such as convergence factor, filter order, data length and so on) through a lot of experiments, and verifies the validity of the extracted fingerprint. Experimental results show that the network card fingerprint extracted by this method can effectively identify wired Ethernet cards of different brands and different types of wired Ethernet cards of the same brand. When linear discrimination classification algorithm and integrated subspace discrimination classification algorithm are used, the recognition rates of 50 wired Ethernet card can reach 97.3% and 98.5 respectively. |
Key words: wired Ethernet card fingerprint extraction LMS algorithm identity authentication |