Multi-flow attacks against network flow watermarking schemes

Authors:
Negar Kiyavash;Amir Houmansadr;Nikita Borisov
Affiliations:
Dept. of Computer Science, Dept. of Electrical and Computer Engineering, University of Illinois at Urbana-Champaign;Dept. of Computer Science, Dept. of Electrical and Computer Engineering, University of Illinois at Urbana-Champaign;Dept. of Computer Science, Dept. of Electrical and Computer Engineering, University of Illinois at Urbana-Champaign
Venue:
SS'08 Proceedings of the 17th conference on Security symposium
Year:
2008

Citing 16
Cited 12

The Markov-modulated Poisson process (MMPP) cookbook

Performance Evaluation
Wide area traffic: the failure of Poisson modeling

IEEE/ACM Transactions on Networking (TON)
Techniques for data hiding

IBM Systems Journal
Untraceable electronic mail, return addresses, and digital pseudonyms

Communications of the ACM
Inter-Packet Delay Based Correlation for Tracing Encrypted Connections through Stepping Stones

ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
Traffic Analysis Attacks and Trade-Offs in Anonymity Providing Systems

IHW '01 Proceedings of the 4th International Workshop on Information Hiding
The time-rescaling theorem and its application to neural spike train data analysis

Neural Computation
Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays

Proceedings of the 10th ACM conference on Computer and communications security
Tracking anonymous peer-to-peer VoIP calls on the internet

Proceedings of the 12th ACM conference on Computer and communications security
Operating system support for planetary-scale network services

NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
Detecting stepping stones

SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Tor: the second-generation onion router

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
DSSS-Based Flow Marking Technique for Invisible Traceback

SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Network Flow Watermarking Attack on Low-Latency Anonymous Communication Systems

SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Multiscale stepping-stone detection: detecting pairs of jittered interactive streams by exploiting maximum tolerable delay

RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Secure spread spectrum watermarking for multimedia

IEEE Transactions on Image Processing

A new cell counter based attack against tor

Proceedings of the 16th ACM conference on Computer and communications security
Evading stepping-stone detection under the cloak of streaming media with SNEAK

Computer Networks: The International Journal of Computer and Telecommunications Networking
Slotted packet counting attacks on anonymity protocols

AISC '09 Proceedings of the Seventh Australasian Conference on Information Security - Volume 98
PinDr0p: using single-ended audio features to determine call provenance

Proceedings of the 17th ACM conference on Computer and communications security
On the secrecy of spread-spectrum flow watermarks

ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Exposing invisible timing-based traffic watermarks with BACKLIT

Proceedings of the 27th Annual Computer Security Applications Conference
An interval centroid based spread spectrum watermarking scheme for multi-flow traceback

Journal of Network and Computer Applications
Interval-based flow watermarking for tracing interactive traffic

Computer Networks: The International Journal of Computer and Telecommunications Networking
New attacks on timing-based network flow watermarks

Security'12 Proceedings of the 21st USENIX conference on Security symposium
A new cell-counting-based attack against Tor

IEEE/ACM Transactions on Networking (TON)
Detecting co-residency with active traffic analysis techniques

Proceedings of the 2012 ACM Workshop on Cloud computing security workshop
BotMosaic: Collaborative network watermark for the detection of IRC-based botnets

Journal of Systems and Software

Quantified Score

Hi-index	0.00

Visualization

Abstract

We analyze several recent schemes for watermarking network flows based on splitting the flow into intervals. We show that this approach creates time dependent correlations that enable an attack that combines multiple watermarked flows. Such an attack can easily be mounted in nearly all applications of network flow watermarking, both in anonymous communication and stepping stone detection. The attack can be used to detect the presence of a watermark, recover the secret parameters, and remove the watermark from a flow. The attack can be effective even if different the watermarks in different flows carry different messages. We analyze the efficacy of our attack using a probabilistic model and a Markov-modulated Poisson process (MMPP) model of interactive traffic. We also implement our attack and test it using both synthetic and real-world traces, showing that our attack is effective with as few as 10 watermarked flows. Finally, we propose a countermeasure that defeats the attack by using multiple watermark positions.