IP Traceback Using Digital Watermark and Honeypot
UIC '08 Proceedings of the 5th international conference on Ubiquitous Intelligence and Computing
Studying Timing Analysis on the Internet with SubRosa
PETS '08 Proceedings of the 8th international symposium on Privacy Enhancing Technologies
A First Step towards Live Botmaster Traceback
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Dependent link padding algorithms for low latency anonymity systems
Proceedings of the 15th ACM conference on Computer and communications security
Multi-flow attacks against network flow watermarking schemes
SS'08 Proceedings of the 17th conference on Security symposium
A novel image hash algorithm resistant to print-scan
Signal Processing
A new cell counter based attack against tor
Proceedings of the 16th ACM conference on Computer and communications security
Low-latency Mix Using Split and Merge Operations
Journal of Network and Systems Management
Evading stepping-stone detection under the cloak of streaming media with SNEAK
Computer Networks: The International Journal of Computer and Telecommunications Networking
Covert channels through external interference
WOOT'09 Proceedings of the 3rd USENIX conference on Offensive technologies
A potential HTTP-based application-level attack against Tor
Future Generation Computer Systems
Slotted packet counting attacks on anonymity protocols
AISC '09 Proceedings of the Seventh Australasian Conference on Information Security - Volume 98
Preventing active timing attacks in low-latency anonymous communication
PETS'10 Proceedings of the 10th international conference on Privacy enhancing technologies
Impact of network topology on anonymity and overhead in low-latency anonymity networks
PETS'10 Proceedings of the 10th international conference on Privacy enhancing technologies
On the secrecy of spread-spectrum flow watermarks
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Traffic analysis against low-latency anonymity networks using available bandwidth estimation
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Traffic analysis attacks on Skype VoIP calls
Computer Communications
"Mix-in-Place" anonymous networking using secure function evaluation
Proceedings of the 27th Annual Computer Security Applications Conference
Exposing invisible timing-based traffic watermarks with BACKLIT
Proceedings of the 27th Annual Computer Security Applications Conference
An interval centroid based spread spectrum watermarking scheme for multi-flow traceback
Journal of Network and Computer Applications
Interval-based flow watermarking for tracing interactive traffic
Computer Networks: The International Journal of Computer and Telecommunications Networking
ARDEN: Anonymous networking in delay tolerant networks
Ad Hoc Networks
Breaking Tor anonymity with game theory and data mining
Concurrency and Computation: Practice & Experience
New attacks on timing-based network flow watermarks
Security'12 Proceedings of the 21st USENIX conference on Security symposium
A new cell-counting-based attack against Tor
IEEE/ACM Transactions on Networking (TON)
Detecting co-residency with active traffic analysis techniques
Proceedings of the 2012 ACM Workshop on Cloud computing security workshop
CensorSpoofer: asymmetric communication using IP spoofing for censorship-resistant web browsing
Proceedings of the 2012 ACM conference on Computer and communications security
BotMosaic: Collaborative network watermark for the detection of IRC-based botnets
Journal of Systems and Software
Protocol-level attacks against Tor
Computer Networks: The International Journal of Computer and Telecommunications Networking
A novel sequential watermark detection model for efficient traceback of secret network attack flows
Journal of Network and Computer Applications
How to block Tor's hidden bridges: detecting methods and countermeasures
The Journal of Supercomputing
Hi-index | 0.00 |
Many proposed low-latency anonymous communication systems have used various flow transformations such as traffic padding, adding cover traffic (or bogus packets), packet dropping, flow mixing, flow splitting, and flow merging to achieve anonymity. It has long been believed that these flow transformations would effectively disguise network flows, thus achieve good anonymity. In this paper, we investigate the fundamental limitations of flow transformations in achieving anonymity, and we show that flow transformations do not necessarily provide the level of anonymity people have expected or believed. By injecting unique watermark into the inter-packet timing domain of a packet flow, we are able to make any sufficiently long flow uniquely identifiable even if 1) it is disguised by substantial amount of cover traffic, 2) it is mixed or merged with a number of other flows, 3) it is split into a number subflows, 4) there is a substantial portion of packets dropped, and 5) it is perturbed in timing due to either natural network delay jitter or deliberate timing perturbation. In addition to demonstrating the theoretical limitations of low-latency anonymous communications systems, we develop the first practical attack on the leading commercial low-latency anonymous communication system. Our real-time experiments show that our flow watermarking attack only needs about 10 minutes activeWeb browsing traffic to "penetrate" the Total Net Shield service provided by www.anonymizer.com. Our analytical and empirical results demonstrate that achieving anonymity in low-latency communication systems is much harder than we have realized, and current flow transformation based low-latency anonymous communication systems need to be revisited.