Communications of the ACM
Estimation and Removal of Clock Skew from Network Delay Measurements
Estimation and Removal of Clock Skew from Network Delay Measurements
PlanetLab: an overlay testbed for broad-coverage services
ACM SIGCOMM Computer Communication Review
Low-Cost Traffic Analysis of Tor
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Remote Physical Device Fingerprinting
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Hot or not: revealing hidden services by their clock skew
Proceedings of the 13th ACM conference on Computer and communications security
Tor: the second-generation onion router
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Physical Layer Attacks on Unlinkability in Wireless LANs
PETS '09 Proceedings of the 9th International Symposium on Privacy Enhancing Technologies
Multimedia Forensics Is Not Computer Forensics
IWCF '09 Proceedings of the 3rd International Workshop on Computational Forensics
Traffic analysis against low-latency anonymity networks using available bandwidth estimation
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Towards clock skew based services in wireless sensor networks
International Journal of Sensor Networks
Proceedings of the 27th Annual Computer Security Applications Conference
Spying in the dark: TCP and tor traffic analysis
PETS'12 Proceedings of the 12th international conference on Privacy Enhancing Technologies
A defense against clock skew replication attacks in wireless sensor networks
Journal of Network and Computer Applications
How to block Tor's hidden bridges: detecting methods and countermeasures
The Journal of Supercomputing
Hi-index | 0.00 |
The Tor anonymisation network allows services, such as web servers, to be operated under a pseudonym. In previous work Murdoch described a novel attack to reveal such hidden services by correlating clock skew changes with times of increased load, and hence temperature. Clock skew measurement suffers from two main sources of noise: network jitter and timestamp quantisation error. Depending on the target's clock frequency the quantisation noise can be orders of magnitude larger than the noise caused by typical network jitter. Quantisation noise limits the previous attacks to situations where a high frequency clock is available. It has been hypothesised that by synchronising measurements to the clock ticks, quantisation noise can be reduced. We show how such synchronisation can be achieved and maintained, despite network jitter. Our experiments show that synchronised sampling significantly reduces the quantisation error and the remaining noise only depends on the network jitter (but not clock frequency). Our improved skew estimates are up to two magnitudes more accurate for low-resolution timestamps and up to one magnitude more accurate for high-resolution timestamps, when compared to previous random sampling techniques. The improved accuracy not only allows previous attacks to be executed faster and with less network traffic but also opens the door to previously infeasible attacks on low-resolution clocks, including measuring skew of a HTTP server over the anonymous channel.