A pump for rapid, reliable, secure communication
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
A note on the confinement problem
Communications of the ACM
Reed-Solomon Codes and Their Applications
Reed-Solomon Codes and Their Applications
A comment on the confinement problem
SOSP '75 Proceedings of the fifth ACM symposium on Operating systems principles
IP covert timing channels: design and detection
Proceedings of the 11th ACM conference on Computer and communications security
Low-Cost Traffic Analysis of Tor
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Estimation of internet file-access/modification rates from indirect data
ACM Transactions on Modeling and Computer Simulation (TOMACS)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Hot or not: revealing hidden services by their clock skew
Proceedings of the 13th ACM conference on Computer and communications security
Low-resource routing attacks against tor
Proceedings of the 2007 ACM workshop on Privacy in electronic society
Detecting covert timing channels: an entropy-based approach
Proceedings of the 14th ACM conference on Computer and communications security
Metrics for Security and Performance in Low-Latency Anonymity Systems
PETS '08 Proceedings of the 8th international symposium on Privacy Enhancing Technologies
Performance Measurements and Statistics of Tor Hidden Services
SAINT '08 Proceedings of the 2008 International Symposium on Applications and the Internet
Covert messaging through TCP timestamps
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
Sampled traffic analysis by internet-exchange-level adversaries
PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
The traffic analysis of continuous-time mixes
PET'04 Proceedings of the 4th international conference on Privacy Enhancing Technologies
Embedding covert channels into TCP/IP
IH'05 Proceedings of the 7th international conference on Information Hiding
Timing analysis in low-latency mix networks: attacks and defenses
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Traveling the silk road: a measurement analysis of a large anonymous online marketplace
Proceedings of the 22nd international conference on World Wide Web
Hi-index | 0.00 |
Hidden services are anonymously hosted services that can be accessed over an anonymity network, such as Tor. While most hidden services are legitimate, some host illegal content. There has been a fair amount of research on locating hidden services, but an open problem is to develop a general method to prove that a physical machine, once confiscated, was in fact the machine that had been hosting the illegal content. In this paper we assume that the hidden service logs requests with some timestamp, and give experimental results for leaving an identifiable fingerprint in this log file as a timing channel that can be recovered from the timestamps. In 60 min, we are able to leave a 36-bit fingerprint that can be reliably recovered. The main challenges are the packet delays caused by the anonymity network that requests are sent over and the existing traffic in the log from the actual clients accessing the service. We give data to characterize these noise sources and then describe an implementation of timing-channel fingerprinting for an Apache web server based hidden service on the Tor network, where the fingerprint is an additive channel that is superencoded with a Reed-Solomon code for reliable recovery. Finally, we discuss the inherent tradeoffs and possible approaches to making the fingerprint more stealthy.