Empirical and theoretical evaluation of active probing attacks and their countermeasures

Authors:
Xinwen Fu;Bryan Graham;Dong Xuan;Riccardo Bettati;Wei Zhao
Affiliations:
Department of Computer Science, Texas A&M University;Department of Computer Science, Texas A&M University;Department of Computer and Information Science, Ohio State University;Department of Computer Science, Texas A&M University;Department of Computer Science, Texas A&M University
Venue:
IH'04 Proceedings of the 6th international conference on Information Hiding
Year:
2004

Citing 14
Cited 1

A security model for dynamic adaptive traffic masking

NSPW '97 Proceedings of the 1997 workshop on New security paradigms
Timing attacks on Web privacy

Proceedings of the 7th ACM conference on Computer and communications security
Security Mechanisms in High-Level Network Protocols

ACM Computing Surveys (CSUR)
Untraceable electronic mail, return addresses, and digital pseudonyms

Communications of the ACM
Traffic analysis: protocols, attacks, design issues, and open problems

International workshop on Designing privacy enhancing technologies: design issues in anonymity and unobservability
Tarzan: a peer-to-peer anonymizing network layer

Proceedings of the 9th ACM conference on Computer and communications security
Traffic Analysis Attacks and Trade-Offs in Anonymity Providing Systems

IHW '01 Proceedings of the 4th International Workshop on Information Hiding
Statistical Identification of Encrypted Web Browsing Traffic

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Mixminion: Design of a Type III Anonymous Remailer Protocol

SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
On Effectiveness of Link Padding for Statistical Traffic Analysis Attacks

ICDCS '03 Proceedings of the 23rd International Conference on Distributed Computing Systems
Anonymous Connections and Onion Routing

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Pattern Classification (2nd Edition)

Pattern Classification (2nd Edition)
Timing analysis of keystrokes and timing attacks on SSH

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
NetCamo: camouflaging network traffic for QoS-guaranteed mission critical applications

IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans

SAS: a scalar anonymous communication system

ICCNMC'05 Proceedings of the Third international conference on Networking and Mobile Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

A variety of remote sensing attacks allow adversaries to break flow confidentiality and gather mission-critical information in distributed systems. Such attacks are easily supplemented by active probing attacks, where additional workload (e.g., ping packets) is injected into the victim system. This paper presents statistical pattern recognition as a fundamental technology to evaluate the effectiveness of active probing attacks. Our theoretical analysis and empirical results show that even if sophisticated approaches of link padding are used, sample entropy of probing packets’ round trip time is an effective and robust feature statistic to discover the user payload traffic rate, which is important for maintaining anonymous communication. Extensive experiments on local network, campus network, and the Internet were carried out to validate the system security predicted by the theoretical analysis. We give some guidelines to reduce the effectiveness of such active probing attacks.