NIC Fingerprint-Based Switch Access Control Technology

Abstract

Almost all existing access control systems authenticate end users based on their digital characteristics, such as MAC addresses. Since digital features are easily forged, these access control systems cannot secure the network well. In this paper, we propose an access control technology based on Ethernet network interface controller (NIC) fingerprint, a physical characteristic, to achieve identity authentication. At the switch side, the physical layer signals from the terminal NIC are collected, and the fingerprint of the NIC is extracted from the physical layer signals using the least mean square error (LMS) adaptive filter. On the basis of MAC address authentication, the proxy mechanism of Remote Authentication Dial In User Service (RADIUS) protocol is adopted to add the NIC fingerprint in the password field of the RADIUS request message, which enables the authentication server to perform two-factor authentication based on the NIC fingerprint and MAC address. The experimental results showed that the recognition accuracy for 75 NICs is 96.6%. In this paper, an access control system was built using a switch, a signal collector, a proxy server and an authentication server to realize that the terminal user was allowed to access the network only when both the NIC fingerprint and the MAC address were legal, which verified the feasibility of the scheme.