Research On Fingerprint Extraction And Access Control Technology Of Wired Network Interface Card

With the development of Ethernet technology,more and more information and digital property communication is carried out on Ethernet.Its security issues have received extensive attention.Access control through device identity authentication is an important technology to ensure Ethernet security.The current access control schemes for Ethernet are mainly MAC address authentication and digital certificate authentication,both of which have the security problem of being easily counterfeited by attackers.Aiming at the security threats existing in traditional solutions,this paper studies the wired network interface card fingerprint(NIC-FP)in physical layer security.Wired network interface card fingerprint is based on the characteristic information of the physical hardware of the network card,which has the characteristics of uniqueness,non-tampering and non-replicability.It is very suitable for identity authentication of access devices and can make up for the deficiency of current access control schemes.At present,the research on NIC-FP focuses on 10 M Ethernet or optical fiber networks.The practical applicability of the scheme is not strong,and there is a lack of research results on the fingerprints of 100 M or Gigabit Ethernet network cards with higher transmission rates and wider applications.In view of the limitations of the current study,this paper proposes three effective NIC-FP extraction methods,and designs and implements an access control system based on NIC-FP,which is a reliable solution for the access control security of 100 M Ethernet.The main work of this paper is as follows:1.This paper proposes a NIC-FP extraction method based on statistical features.Using the characteristics of cable network card signal encoding and transmission,the periodic signal in the collected signal is found,and the statistical distribution of amplitude is extracted as the fingerprint feature of the NIC.By comprehensively considering the statistical feature information in the time domain and frequency domain,the integrity of the NIC-FP is improved.The fingerprint classification and recognition experiment was carried out on 25 NIC by using support vector machine,and the recognition accuracy reached 91.4%.2.To solve the problem of low recognition accuracy of the above statistical feature extraction methods,this paper proposes a NIC-FP extraction method based on amplitude spectrum.Based on the periodicity of data,the difference of amplitude spectrum between different cards after being transformed to the frequency domain is used as the fingerprint feature.According to the characteristics and requirements of access control system,the data quantity of fingerprint feature set is reduced while maintaining certain recognition accuracy.The fingerprint classification and recognition experiment was carried out on 25 NIC by using linear discriminant analysis and support vector machine,and the recognition accuracy reached 92.7%.3.This paper proposes a NIC-FP extraction method based on adaptive filter in order to further improve the recognition accuracy of the NIC.A data preprocessing algorithm is proposed to recover the reference signal as the input of the filter from the collected signal,so as to avoid the influence of the sampling fluctuation on the stability of the fingerprint of the network card.In order to get better filter convergence effect,a method combining RLS algorithm and LMS algorithm is explored.Appropriate parameters and fingerprint feature set expressions for applications in the 100 M Ethernet environment are studied to optimize the recognition effect of the method.The fingerprint classification and recognition experiment was carried out on 25 NIC by using linear discriminant analysis,and the recognition accuracy reached 98.7%.4.Aiming at the access security of 100 M Ethernet,this paper designs and implements a secure access control system based on NIC-FP.The combination of NIC-FP authentication and MAC address authentication enables the two authentication methods to be completed in the same authentication request.Verifying the legitimacy of NIC-FP after the MAC address is valid,improving the security of access authentication,and achieving the purpose of preventing MAC address counterfeiting.The system verifies the feasibility of the proposed NIC-FP extraction method for wired network access control.At the same time,the system time-consuming experiments of different fingerprint extraction methods are carried out,and the applicable scenarios of each method are analyzed.