基于自适应滤波算法的有线网卡指纹提取方法  

作　　者：胡园园 胡爱群 李晟 刘佳琪 李冰 HU Yuanyuan;HU Aiqun;LI Sheng;LIU Jiaqi;LI Bing(School of Information Science and Engineering,Southeast University,Nanjing 211189,China;School of Cyber Science and Engineering,Southeast University,Nanjing 211111,China;School of Computing,Nanjing University of Science and Technology Zijin College,Nanjing 210023,China;不详)

机构地区：[1]东南大学网络空间安全学院,中国南京211189 [2]东南大学信息科学与工程学院,中国南京211111 [3]南京理工大学紫金学院计算机学院,中国南京210023 [4]不详

出　　处：《信息安全学报》2022年第4期124-136,共13页Journal of Cyber Security

基　　金：江苏省重点研发计划“电力物联网边缘接入安全技术研究与应用”项目(No.BE2019109)资助。

摘　　要：有线设备接入认证是保障有线以太网安全的重要组成部分,其中MAC地址认证和设备数字证书认证是目前的主流身份认证方式,然而前者存在MAC地址易被篡改和伪造,后者存在系统复杂、使用不便等问题。基于设备指纹的物理层安全技术是解决这一问题的有效途径,并已在无线网络中得到广泛应用,但有线网络目前研究颇少。设备指纹的提取是物理层安全技术的一个重要环节,有线网络已有研究主要从10M有线网卡信号中提取指纹。本文提出了一种基于最小均方误差自适应滤波算法(LMS算法)从100M有线网卡信号中提取指纹的方法,该方法提取的网卡指纹产生自网卡及所在设备本身的物理特性,不可克隆,无法被篡改,而且指纹可直接通过分析网卡输出信号而得,简单方便。本文设计了一套基于LMS算法的网卡指纹提取系统,通过大量实验估算了合适的诸如收敛因子、滤波器阶数、数据长度等算法参数,并对提取的指纹进行了有效性验证。经过实验验证,使用本文方法提取的网卡指纹可有效识别出不同品牌和相同品牌不同类型的以太网网卡,在使用线性判别和集成子空间判别分类算法时,针对50块网卡的识别率可分别达到97.3%、98.5以上。The identity authentication of access wired devices is an important part of the security of wired Ethernet,among which MAC address authentication and digital certificate authentication of the device are the mainstream authenti-cation methods at present.However,the MAC address in the former authentication is easy to be tampered and forged,while the latter has problems such as complex system and inconvenient to use.Physical layer security technology based on device fingerprint is an effective way to solve these problems,and has been widely used in wireless networks,but there is little research on wired networks.Device fingerprint extraction is an important part of physical layer security technology.Present studies of physical layer security technology in wired network mainly extract fingerprint from 10M wired Ethernet card signal.This paper proposes a method to extract fingerprint from 100M wired Ethernet card signal based on the least mean square error adaptive filtering algorithm(LMS algorithm).The fingerprint extracted by this method is generated from the physical characteristics of the Ethernet card and the device where the Ethernet card resides,and cannot be cloned or tampered with.Moreover,the fingerprint can be obtained directly by analyzing the output signal of the Ethernet card,which is simple and convenient.This paper designs a wired network card fingerprint extraction system based on LMS al-gorithm,estimates the appropriate algorithm parameters(such as convergence factor,filter order,data length and so on)through a lot of experiments,and verifies the validity of the extracted fingerprint.Experimental results show that the net-work card fingerprint extracted by this method can effectively identify wired Ethernet cards of different brands and differ-ent types of wired Ethernet cards of the same brand.When linear discrimination classification algorithm and integrated subspace discrimination classification algorithm are used,the recognition rates of 50 wired Ethernet card can reach 97.3%and 98.5 respectively

关 键 词：有线以太网网卡 指纹提取 LMS 算法 身份认证 

分 类 号：TP309.1[自动化与计算机技术—计算机系统结构]