Inter-Packet Delay Based Correlation for Tracing Encrypted Connections through Stepping Stones
ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
Watermarking schemes provably secure against copy and ambiguity attacks
Proceedings of the 3rd ACM workshop on Digital rights management
Proceedings of the 10th ACM conference on Computer and communications security
PlanetLab: an overlay testbed for broad-coverage services
ACM SIGCOMM Computer Communication Review
Tracking anonymous peer-to-peer VoIP calls on the internet
Proceedings of the 12th ACM conference on Computer and communications security
On the Secrecy of Timing-Based Active Watermarking Trace-Back Techniques
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
DSSS-Based Flow Marking Technique for Invisible Traceback
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Network Flow Watermarking Attack on Low-Latency Anonymous Communication Systems
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Multi-flow attacks against network flow watermarking schemes
SS'08 Proceedings of the 17th conference on Security symposium
As-awareness in Tor path selection
Proceedings of the 16th ACM conference on Computer and communications security
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Exposing invisible timing-based traffic watermarks with BACKLIT
Proceedings of the 27th Annual Computer Security Applications Conference
Detecting Encrypted Stepping-Stone Connections
IEEE Transactions on Signal Processing
| Hi-index | 0.00 |
A network flow watermarking scheme attempts to manipulate the statistical properties of a flow of packets to insert a "mark" making it easier to detect the flow after passing through one or more relay hosts. Because an attacker that is willing to tolerate delay can (nearly) always eliminate such marks, recent schemes have concentrated on making the marks "invisible" so that a passive attacker cannot detect the presence of the mark. In this work, we argue that from a system's perspective, security against passive detection is insufficient for successful traffic analysis. We introduce a stronger, but feasible attack model (a known/chosen flow attacker) and a second security goal (security against copy attacks) and argue that security against both of these attacks is required for successful traffic analysis. We also demonstrate successful attacks against two recent watermarking schemes, RAINBOW and SWIRL, and show how considering these stronger attacks can aid in the design of passive detection attacks against each as well.