Model-Based Covert Timing Channels: Automated Modeling and Evasion
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
An HMM Approach to Anonymity Analysis of Continuous Mixes
Advanced Web and NetworkTechnologies, and Applications
Multi-flow attacks against network flow watermarking schemes
SS'08 Proceedings of the 17th conference on Security symposium
A new cell counter based attack against tor
Proceedings of the 16th ACM conference on Computer and communications security
Evading stepping-stone detection under the cloak of streaming media with SNEAK
Computer Networks: The International Journal of Computer and Telecommunications Networking
Covert channels through external interference
WOOT'09 Proceedings of the 3rd USENIX conference on Offensive technologies
A potential HTTP-based application-level attack against Tor
Future Generation Computer Systems
Preventing active timing attacks in low-latency anonymous communication
PETS'10 Proceedings of the 10th international conference on Privacy enhancing technologies
On the secrecy of spread-spectrum flow watermarks
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
gPath: a game-theoretic path selection algorithm to protect Tor's anonymity
GameSec'10 Proceedings of the First international conference on Decision and game theory for security
Effective digital forensics research is investigator-centric
HotSec'11 Proceedings of the 6th USENIX conference on Hot topics in security
Exposing invisible timing-based traffic watermarks with BACKLIT
Proceedings of the 27th Annual Computer Security Applications Conference
An interval centroid based spread spectrum watermarking scheme for multi-flow traceback
Journal of Network and Computer Applications
Efficient web browsing with perfect anonymity using page prefetching
ICA3PP'10 Proceedings of the 10th international conference on Algorithms and Architectures for Parallel Processing - Volume Part I
Interval-based flow watermarking for tracing interactive traffic
Computer Networks: The International Journal of Computer and Telecommunications Networking
Rate-Based watermark traceback: a new approach
ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience
Breaking Tor anonymity with game theory and data mining
Concurrency and Computation: Practice & Experience
New attacks on timing-based network flow watermarks
Security'12 Proceedings of the 21st USENIX conference on Security symposium
A new cell-counting-based attack against Tor
IEEE/ACM Transactions on Networking (TON)
Detecting co-residency with active traffic analysis techniques
Proceedings of the 2012 ACM Workshop on Cloud computing security workshop
BotMosaic: Collaborative network watermark for the detection of IRC-based botnets
Journal of Systems and Software
Protocol-level attacks against Tor
Computer Networks: The International Journal of Computer and Telecommunications Networking
VoIP steganography and its Detection—A survey
ACM Computing Surveys (CSUR)
A novel sequential watermark detection model for efficient traceback of secret network attack flows
Journal of Network and Computer Applications
How to block Tor's hidden bridges: detecting methods and countermeasures
The Journal of Supercomputing
| Hi-index | 0.00 |
Law enforcement agencies need the ability to conduct electronic surveillance to combat crime, terrorism, or other malicious activities exploiting the Internet. However, the proliferation of anonymous communication systems on the Internet has posed significant challenges to providing such traceback capability. In this paper, we develop a new class of flow marking technique for invisible traceback based on Direct Sequence Spread Spectrum (DSSS), utilizing a Pseudo-Noise (PN) code. By interfering with a sender's traffic and marginally varying its rate, an investigator can embed a secret spread spectrum signal into the sender's traffic. The embedded signal is carried along with the traffic from the sender to the receiver, so the investigator can recognize the corresponding communication relationship, tracing the messages despite the use of anonymous networks. The secret PN code makes it difficult for others to detect the presence of such embedded signals, so the traceback, while available to investigators is, effectively invisible. We demonstrate a practical flow marking system which requires no training, and can achieve both high detection and low false positive rates. Using a combination of analytical modeling, simulations, and experiments on Tor (a popular Internet anonymous communication system), we demonstrate the effectiveness of the DSSS-based flow marking technique.