The Markov-modulated Poisson process (MMPP) cookbook
Performance Evaluation
Wide area traffic: the failure of Poisson modeling
IEEE/ACM Transactions on Networking (TON)
IBM Systems Journal
Untraceable electronic mail, return addresses, and digital pseudonyms
Communications of the ACM
Inter-Packet Delay Based Correlation for Tracing Encrypted Connections through Stepping Stones
ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
Traffic Analysis Attacks and Trade-Offs in Anonymity Providing Systems
IHW '01 Proceedings of the 4th International Workshop on Information Hiding
Proceedings of the 10th ACM conference on Computer and communications security
Tracking anonymous peer-to-peer VoIP calls on the internet
Proceedings of the 12th ACM conference on Computer and communications security
Operating system support for planetary-scale network services
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Tor: the second-generation onion router
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
DSSS-Based Flow Marking Technique for Invisible Traceback
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Network Flow Watermarking Attack on Low-Latency Anonymous Communication Systems
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Secure spread spectrum watermarking for multimedia
IEEE Transactions on Image Processing
A new cell counter based attack against tor
Proceedings of the 16th ACM conference on Computer and communications security
Evading stepping-stone detection under the cloak of streaming media with SNEAK
Computer Networks: The International Journal of Computer and Telecommunications Networking
Slotted packet counting attacks on anonymity protocols
AISC '09 Proceedings of the Seventh Australasian Conference on Information Security - Volume 98
PinDr0p: using single-ended audio features to determine call provenance
Proceedings of the 17th ACM conference on Computer and communications security
On the secrecy of spread-spectrum flow watermarks
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Exposing invisible timing-based traffic watermarks with BACKLIT
Proceedings of the 27th Annual Computer Security Applications Conference
An interval centroid based spread spectrum watermarking scheme for multi-flow traceback
Journal of Network and Computer Applications
Interval-based flow watermarking for tracing interactive traffic
Computer Networks: The International Journal of Computer and Telecommunications Networking
New attacks on timing-based network flow watermarks
Security'12 Proceedings of the 21st USENIX conference on Security symposium
A new cell-counting-based attack against Tor
IEEE/ACM Transactions on Networking (TON)
Detecting co-residency with active traffic analysis techniques
Proceedings of the 2012 ACM Workshop on Cloud computing security workshop
BotMosaic: Collaborative network watermark for the detection of IRC-based botnets
Journal of Systems and Software
Hi-index | 0.00 |
We analyze several recent schemes for watermarking network flows based on splitting the flow into intervals. We show that this approach creates time dependent correlations that enable an attack that combines multiple watermarked flows. Such an attack can easily be mounted in nearly all applications of network flow watermarking, both in anonymous communication and stepping stone detection. The attack can be used to detect the presence of a watermark, recover the secret parameters, and remove the watermark from a flow. The attack can be effective even if different the watermarks in different flows carry different messages. We analyze the efficacy of our attack using a probabilistic model and a Markov-modulated Poisson process (MMPP) model of interactive traffic. We also implement our attack and test it using both synthetic and real-world traces, showing that our attack is effective with as few as 10 watermarked flows. Finally, we propose a countermeasure that defeats the attack by using multiple watermark positions.