Detecting a multi-homed device using clock skew
Martin, Bryan J.
McEachen, John C.
MetadataShow full item record
The aim of this thesis was to determine the feasibility of identifying a device connected to the Internet through multiple interfaces (i.e., multi-homed) using only the information provided by passively observing network traffic. Since multi-homed hosts allow an alternate means for outside entities to circumvent the security of a firewall and gain access to a network, it is important for a network's security to be able to detect and remove such devices. In this work, the idea of using clock skew—which is the difference in perceived time between two system clocks—as a unique signature is utilized to identify hosts on a network that are potentially multi-homed. Testing was done on a software-defined network that contained a multi-homed host. After traffic between hosts was collected and analyzed, analysis of the confidence intervals of the device's clock skew was conducted to determine if IP addresses originating from the same host could be successfully detected solely from network traffic. Testing confirmed that the proposed scheme provided a valid means of detecting a multi-homed device on a network. This scheme was repeated on multiple hosts and on a device with multiple connections to the network.
Approved for public release; distribution is unlimited
Showing items related by title, author, creator and subject.
Martin, Bryan; Tummala, Murali; McEachen, John (IEEE, 2018-01-29);The aim of this paper was to determine the feasibility of identifying a device connected to the Internet through multiple interfaces (i.e., multi-homed) using the information provided by passively observing network traffic. ...
Giles-Summers, Brandon. (Monterey, California. Naval Postgraduate School, 2011-06);The purpose of this research is to provide insights to Commanders in the field for attack-the-network (AtN) operations in the fight against Improved Explosive Devices (IED). Established in 2006, the Improved Explosive ...
Cyber security vulnerabilities during long term evolution power-saving discontinuous reception protocol Jaffer, Navin (Monterey, California: Naval Postgraduate School, 2014-06);Long Term Evolution (LTE) is a wireless access communications network that consists of base stations called eNodeBs (eNBs), which allow connectivity between the mobile device or user equipment (UE) and the core network. ...