DID YOU KNOW? DTIC has over 3.5 million final reports on DoD funded research, development, test, and evaluation activities available to our registered users. Click
HERE to register or log in.
Accession Number:
AD1029838
Title:
Detecting a Multi-Homed Device Using Clock Skew
Corporate Author:
Naval Postgraduate School Monterey United States
Report Date:
2016-09-01
Abstract:
The aim of this thesis was to determine the feasibility of identifying a device connected to the Internet through multiple interfaces i.e., multi-homed using only the information provided by passively observing network traffic. Since multi-homed hosts allow an alternate means for outside entities to circumvent the security of a firewall and gain access to a network, it is important for a networks security to be able to detect and remove such devices. In this work, the idea of using clock skewwhich is the difference in perceived time between two system clocksas a unique signature is utilized to identify hosts on a network that are potentially multi-homed. Testing was done on a software-defined network that contained a multihomed host. After traffic between hosts was collected and analyzed, analysis of the confidence intervals of the devices clock skew was conducted to determine if IP addresses originating from the same host could be successfully detected solely from network traffic. Testing confirmed that the proposed scheme provided a valid means of detecting a multi-homed device on a network. This scheme was repeated on multiple hosts and on a device with multiple connections to the network.
Descriptive Note:
Technical Report
Pages:
0061
Distribution Statement:
Approved For Public Release;
File Size:
1.73MB
