Long PN Code Based Traceback in Wireless Networks

Cyber criminals may abuse open wireless networks or those with weak encryption for cyber crimes. Assume surveillance has identified suspect traffic such as child porn downloading traffic on the Internet. To locate such criminals, law enforcement has to first identify which mobile (MAC) is generating suspect traffic behind a wireless router. The challenge is how to correlate the private wireless traffic and the identified suspect public traffic on the Internet. Traffic correlation in unencrypted wireless networks is straightforward by packet ID and other traffic features. Traceback in encrypted wireless networks is complicated since encryption hides recognizable IP packet content. In this paper, we propose a new technique called long Pseudo-Noise (PN) code based Direct Sequence Spread Spectrum (DSSS) flow marking technique for invisibly tracing suspect anonymous wireless flows. In this technique, a long PN code is shared by two investigators, interferer and sniffer. The long PN code is used to spread a signal. One segment of the long PN code is used to spread one bit of the signal. Different bits of the signal will be encoded with different segments of the long PN code. By interfering with a sender's traffic and marginally varying its rate, interferer can embed a secret spread spectrum signal into the sender's traffic. By tracing where the embedded signal goes, sniffer can trace the sender and receiver of the suspect flow despite the use of anonymous encrypted wireless networks. Traffic embedded with long PN code modulated watermarks is much harder to detect. We have conducted extensive analysis and experiments to show the effectiveness of this new technique. We are able to prove that existing detection approaches cannot detect the long PN code modulated traffic. The technique is generic and has broad usage.