When a network packet is formed by a computer's protocol stack, there are many components (e.g., Memory, CPU, etc.) of the computer that are involved in the process. The objective of this research is to identify, characterize and analyze the effects of the various components of a device (e.g., Memory, CPU, etc.) on the device's network traffic by measuring the changes in its network traffic with changes in its components. We also show how this characterization can be used to effectively perform counterfeit detection of devices which have counterfeit components (e.g., Memory, CPU, etc.).
To obtain this characterization, we measure and apply statistical analyses like probability distribution fucntions (PDFs) on the interarrival
times (IATs) of the device's network packets (e.g., ICMP, UDP, TCP, etc.). The device is then modified by changing just one component (e.g., Memory, CPU, etc.) at a time while holding the rest constant and acquiring the IATs again. This, over many such iterations provides an understanding of the effect of each component on the overall device IAT statistics. Such statistics are captured for devices (e.g., field-programmable gate arrays (FPGAs) and personal computers (PCs)) of different types. Some of these statistics remain stable across different IAT captures for the same device and differ for different devices (completely different devices or even the same device with its components changed). Hence, these statistical variations can be used to detect changes in a device's composition, which lends itself well to counterfeit detection.
Counterfeit devices are abundant in today's world and cause billions of dollars of loss in revenue. Device components are substituted with inferior quality components or are replaced by lower capacity components. Armed with our understanding of the effects of various device components on the device's network traffic, we show how such substitutions or alterations of legitimate device components can be detected and hence perform effective counterfeit detection by statistically analyzing the deviation of the device's IATs from that of the original legitimate device. We perform such counterfeit detection experiments on various types of device configurations (e.g., PC with changed CPU, RAM, etc.) to prove the technique's efficacy. Since this technique is a fully network-based solution, it is also a non-destructive technique which can quickly, inexpensively and easily verify the device's legitimacy. This research also discusses the limitations of network-based counterfeit detection.
Identifer | oai:union.ndltd.org:GATECH/oai:smartech.gatech.edu:1853/47640 |
Date | 03 April 2013 |
Creators | Sathyanarayana, Supreeth |
Publisher | Georgia Institute of Technology |
Source Sets | Georgia Tech Electronic Thesis and Dissertation Archive |
Detected Language | English |
Type | Thesis |
Page generated in 0.0017 seconds