报告简介:
In this talk, we introduce wireless network forensics. We are going to discuss two crime scene investigations involving anonymous crimes. One case is a suspect uses wireless routers hiding their identities, and the other case is anonymous communication networks such as Anonymizer are used for crimes.
Case 1: The network address translation technique (NAT) is widely used in wireless routers. It is a low cost solution to IPv4 address space limitations. However, cyber criminals may abuse NAT and hide behind wireless routers to use mobile devices and conduct crimes. To identify a suspect mobile device, we should be able to map the suspect public traffic on the Internet to the private traffic behind the wireless router in WLAN. In this talk, we propose a suite of novel packet size based traffic marking techniques to identify suspect mobiles in encrypted wireless networks as well as open wireless networks. To cope with
severe packet loss during wireless sniffing, we proposed to use error correcting codes to improve detection rate. We conducted extensive analysis and experiments to demonstrate the efficiency and accuracy of our schemes, which achieve high detection rate and very small false positive rate. The proposed strategies can be used for law enforcement for combatting cyber crimes in wireless network crime scene investigations.
Case 2: Cyber crimes often involve complicated scenes. In this talk, we investigate anonymous crimes committed through anonymous communication networks. We developed a long
Pseudo-Noise (PN) code based Direct Sequence Spread Spectrum (DSSS) flow marking technique for invisibly tracing suspect anonymous flows. By interfering with a sender's traffic and
marginally varying its rate, an investigator can embed a secret spread spectrum signal into the sender's traffic. Each signal bit is modulated with a small segment of a long PN code. By tracing where the embedded signal goes, the investigator can trace the sender and receiver of the suspect flow despite the use of anonymous networks. Benefits of the Long PN code include its resistance to previous discovered detection approaches. We may also use the vast number of long PN code at different phases to conduct parallel tracback without worrying about the interference between codes. Using a combination of analytical modeling and experiments on Anonymizer, we demonstrate the effectiveness of the long PN code based DSSS watermarking technique.
报告人简介:
付新文博士是马萨诸塞大学洛厄尔分校计算机系助理教授。他于1995年在中国西安交通大学获得电子工程学士学位,1998年在中国科技大学获得电子工程硕士学位,2005年在美国德克萨斯A&M大学获得计算机工程博士学位。
付新文博士于2002年获得美国计算机协会(ACM)国际研究生科研竞赛第二名,2004年获得美国德克萨斯A&M大学计算机科学系研究生杰出科研奖,2008年由于他在北达科他州立大学杰出的科研工作获得了Merrill Hunter Award,同年获得ICC2008的最佳论文奖。
近3年来,付新文博士在IEEE S&P (Oakland),ACM CCS,Mobihoc,INFOCOM以及ICDCS等国际顶级会议以及IEEE Transactions on Parallel and Distributed Systems (TPDS), IEEE Transactions on Computers (TC), IEEE Transaction on Mobile Computing (TMC), IEEE Transactions on Vehicular Technology (TVT)等国际期刊上发表论文数十篇。付博士在各种国际安全技术会议包括Black Hat发表过计算机安全相关的演讲。目前,他的主要研究方向是网络安全与隐私、计算机刑侦学、信息保障、系统可靠性与网络QoS。他的研究工作得到了美国NSF项目的资助。