Detecting covert timing channels: an entropy-based approach
Proceedings of the 14th ACM conference on Computer and communications security
Model-Based Covert Timing Channels: Automated Modeling and Evasion
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
A new cell counter based attack against tor
Proceedings of the 16th ACM conference on Computer and communications security
A performance analysis of authentication using covert timing channels
NETWORKING'08 Proceedings of the 7th international IFIP-TC6 networking conference on AdHoc and sensor networks, wireless networks, next generation internet
Hide and seek in time: robust covert timing channels
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Evading stepping-stone detection under the cloak of streaming media with SNEAK
Computer Networks: The International Journal of Computer and Telecommunications Networking
A potential HTTP-based application-level attack against Tor
Future Generation Computer Systems
On the secrecy of spread-spectrum flow watermarks
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Exposing invisible timing-based traffic watermarks with BACKLIT
Proceedings of the 27th Annual Computer Security Applications Conference
An interval centroid based spread spectrum watermarking scheme for multi-flow traceback
Journal of Network and Computer Applications
Interval-based flow watermarking for tracing interactive traffic
Computer Networks: The International Journal of Computer and Telecommunications Networking
New attacks on timing-based network flow watermarks
Security'12 Proceedings of the 21st USENIX conference on Security symposium
A new cell-counting-based attack against Tor
IEEE/ACM Transactions on Networking (TON)
Detecting co-residency with active traffic analysis techniques
Proceedings of the 2012 ACM Workshop on Cloud computing security workshop
Protocol-level attacks against Tor
Computer Networks: The International Journal of Computer and Telecommunications Networking
A novel sequential watermark detection model for efficient traceback of secret network attack flows
Journal of Network and Computer Applications
PHY covert channels: can you see the idles?
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
| Hi-index | 0.00 |
Timing-based active watermarking schemes are developed to trace back attackers through stepping stone connections or anonymizing networks. By slightly changing packet timing, these schemes achieve robust correlation for encrypted network connections under timing perturbation. However, the manipulation on packet timing makes the schemes themselves a potential target of intelligent attackers. In this paper, we analyze the secrecy of the timingbased active watermarking techniques for tracing through stepping stones, and propose an attack scheme based on analyzing the packet delays between adjacent stepping stones. We develop attack techniques to infer important watermark parameters, and to recover and duplicate embedded watermarks. The resulting techniques enable an attacker to defeat the tracing systems in certain cases by removing watermarks from the stepping stone connections, or replicating watermarks in non-stepping stone connections. We also develop techniques to determine in real-time whether a stepping stone connection is being watermarked for trace-back purposes. We have performed substantial experiments using real-world data to evaluate these techniques. The experimental results demonstrate that for the watermark scheme being attacked (1) embedded watermarks can be successfully recovered and duplicated when the watermark parameters are not chosen carefully, and (2) the existence of watermarks in a network flow can always be quickly detected.