End-to-end packet delay and loss behavior in the internet
SIGCOMM '93 Conference proceedings on Communications architectures, protocols and applications
Untraceable electronic mail, return addresses, and digital pseudonyms
Communications of the ACM
Tarzan: a peer-to-peer anonymizing network layer
Proceedings of the 9th ACM conference on Computer and communications security
Finding a Connection Chain for Tracing Intruders
ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
Inter-Packet Delay Based Correlation for Tracing Encrypted Connections through Stepping Stones
ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
On Effectiveness of Link Padding for Statistical Traffic Analysis Attacks
ICDCS '03 Proceedings of the 23rd International Conference on Distributed Computing Systems
Holding intruders accountable on the Internet
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
Proceedings of the 10th ACM conference on Computer and communications security
Information Theory, Inference & Learning Algorithms
Information Theory, Inference & Learning Algorithms
Tracking anonymous peer-to-peer VoIP calls on the internet
Proceedings of the 12th ACM conference on Computer and communications security
A multi-threshold online smoothing technique for variable rate multimedia streams
Multimedia Tools and Applications
On the Secrecy of Timing-Based Active Watermarking Trace-Back Techniques
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Tor: the second-generation onion router
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
DSSS-Based Flow Marking Technique for Invisible Traceback
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Network Flow Watermarking Attack on Low-Latency Anonymous Communication Systems
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Detecting covert timing channels: an entropy-based approach
Proceedings of the 14th ACM conference on Computer and communications security
Response time in man-computer conversational transactions
AFIPS '68 (Fall, part I) Proceedings of the December 9-11, 1968, fall joint computer conference, part I
Multi-flow attacks against network flow watermarking schemes
SS'08 Proceedings of the 17th conference on Security symposium
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
The traffic analysis of continuous-time mixes
PET'04 Proceedings of the 4th international conference on Privacy Enhancing Technologies
On flow correlation attacks and countermeasures in mix networks
PET'04 Proceedings of the 4th international conference on Privacy Enhancing Technologies
Timing analysis in low-latency mix networks: attacks and defenses
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Hi-index | 0.00 |
Network-based intrusions have become a serious threat to the users of the Internet. To help cover their tracks, attackers launch attacks from a series of previously compromised systems called stepping stones. Timing correlations on incoming and outgoing packets can lead to detection of the stepping stone and can be used to trace the attacker through each link. Prior work has sought to counter the possibility of the attacker employing chaff packets and randomized delays. To date, however, researchers have not accounted for the full range of techniques that a sophisticated attacker could apply. In this work, we show that such an attacker could avoid detection by the best known stepping-stone detection methods. We propose a simple buffering technique that could be used by an attacker on a stepping stone to evade detection. This technique makes the timing of packets in the output flow of the stepping stone entirely independent of the timing of packets from the input flow, thereby eliminating the timing link that makes existing stepping-stone detection methods possible. To accomplish this, we only require buffering at the stepping stone and enough chaff packets to generate a constant-rate flow. This traffic has the characteristics of a multimedia stream, such as Voice over IP (VoIP), which is quite common on the Internet today. To test the effectiveness of our technique, we implemented it in a prototype stepping-stone application and tested its performance on the DETER testbed and the PlanetLab testbed. Our prototype successfully evades watermark-based detection and provides reasonable performance for shell commands over at least three stepping stones.