Abstract:

Cyber criminals may abuse open wireless networks or those with weak encryption for cyber crimes. To locate such criminals, law enforcement has to first identify which mobile (MAC) is generating suspect traffic behind a wireless router. The challenge is how to correlate the private wireless traffic and the identified suspect public traffic on the Internet. In this paper, we propose a new technique called long Pseudo-Noise (PN) code based Direct Sequence Spread Spectrum (DSSS) flow marking technique for invisibly tracing suspect anonymous wireless flows. In this technique, a long PN code is shared by two investigators, interferer and sniffer. Different bits of the signal will be encoded with different segments of the long PN code. By interfering with a sender's traffic and marginally varying its rate, interferer can embed a secret spread spectrum signal into the sender's traffic. By tracing where the embedded signal goes, sniffer can trace the sender and receiver of the suspect flow despite the use of anonymous encrypted wireless networks. Traffic embedded with long PN code modulated watermarks is much harder to detect. We have conducted extensive analysis and experiments to show the effectiveness of this new technique. We are able to prove that existing detection approaches cannot detect the long PN code modulated traffic. The technique is generic and has broad usage.