MAT A Sek-13-5-a.pdf, Blatt 2 Outline TOR and the need for deanonymisation Data transformation Scoring Results Current status Software GCHQI
|
|
- Leon Nash
- 6 years ago
- Views:
Transcription
1 MAT A Sek-13-5-a.pdf, Blatt 1 A potential technique todeanonymise users ofthe TORnetwork OPC-MCR, GCHQ GCHQI
2 MAT A Sek-13-5-a.pdf, Blatt 2 Outline TOR and the need for deanonymisation Data transformation Scoring Results Current status Software GCHQI
3 "The Onion Router" What is TOR? Hides source of traffic by passing encrypted versions of your internet traffic between multiple TOR routers Notation: MAT A Sek-13-5-a.pdf, Blatt 3 - "Client" - the initiator of communication - "Guard node" - the TOR router the client contacts - "Exit node" - the TOR router that relays your traffic to the final destination (with no extra encryption so this link can be exploited by SIGINT system)
4 UK SECRET STRAP1 COMINT MAT A Sek-13-5-a.pdf, Blatt 4 What is TOR?
5 Who uses TOR? TOR was created by the US government and is now maintained by the Electronic Frontier Foundation (EFF) EFF will tell you there are many pseudo-legitimate uses for TOR We're interested as bad people use TOR, in particular: - Terrorists - Paedophiles MAT A Sek-13-5-a.pdf, Blatt 5
6 MAT A Sek-13-5-a.pdf, Blatt 6 Aim Find client IPaddress associated with TOR exit node traffic Attack based on externals - specifically packet timings - Strong crypt is being used This information is exempt from disclosure under the Freedom of lnformatioi^\c^000ajtdmaw3esu other UK information legislation. Refer disclosure requests to GCHQ onj
7 MAT A Sek-13-5-a.pdf, Blatt 7 Aim We'll make our task easier by assuming we own the exit node being used - Allows us to see all the traffic associated with at circuit - Demultiplex traffic by (unknown) user This information is exempt from disclosure under the Freedom ofinformation Act 2000 and may besubject other UK information legislation. Refer disclosure requests togchq on^^^^^^^^^^^^^^^^^^^^^
8 Sidenote: Circuit tracing One suggestion was to track packets through each hop in the TOR network We experimented with spotting all links in circuits created by GCHQ Visibility was too low to be a sensible approach - 13 out of 8294 potential inter-tor-router links were seen We will directly correlate: - exit node traffic, and MAT A Sek-13-5-a.pdf, Blatt 8 - traffic between client and guard node
9 UK SECRET STRAP1 COMINT MAT A Sek-13-5-a.pdf, Blatt 9 Own
10 MAT A Sek-13-5-a.pdf, Blatt 10 Test datacollection Used the standard "TOR button" web-browser package to access TOR Made minor changes to ensure we could collect exit node traffic 1. "News": Search for news, visit news websites 2. "TOR": Browse the TOR website and then use a privacy checking website Split into 2a and 2b as TOR changed circuit mid-way through 1. "Download": visit to SlashDot followed by downloading a large PDF file. 2. "Forum": Search on Google followed by browsing a PC technical help forum. other UK information legislation. Refer disclosure requests to GCHQ on(
11 MAT A Sek-13-5-a.pdf, Blatt 11 Flattening oftimingpatterns (ICTR-NE) observed that TOR can flatten out timing patterns TOR uses a rate-limiting store-and-forward procedure at each TOR router Graph shows bytes of exit node traffic in green and client traffic in red whilst downloading a 1MB file (figure from -5QQ00 h = llllllihlllllll III hh illnlllllnlillll lllll lllllliillllhllii n I T 50; 100s 150s 200s IGCHQ
12 Cumulative packet counts Our new insight is to use cumulative packet counts Hope packets are approximately preserved - Approximate as TOR repacketises data See strong correlation MAT A Sek-13-5-a.pdf, Blatt 12 Exit Guard StoC ~\ r 1 r ~\ :46 15: :52 15:54 15:56 15:45 15:48 15:50 15:52 15:54 15:56 StoC T 16:02 16:04 16:06 StoC :08 16:02 16:04 16:06 16:08 ~stoc 51 StoC 16:12 16:14 15:16 16:18 T 2a 2b 15:22 16:24 16:25 ~1 1 16:28 16:22 15:24 Time (hh:mm) i 1 16:26 16:28 GCHQI This information is exempt from disclosure under the Freedom of Inforn other UK information legislation. Refer disclosure requests to GCHQ or
13 An idea of" UK TOP SECRETSTRAP1 COMINT MAT A Sek-13-5-a.pdf, Blatt 13 Scoring:basicidea - Bin time into intervals - For each interval get a pair (E,, G,) Cumulative exit node packets upto time i Cumulative guard node packets upto time i - Measure the correlation between these pairs We use Is time-windows - Easy for the SIGINT system - Seems to work GCHQI
14 MAT A Sek-13-5-a.pdf, Blatt 14 Scoring:refinements We also expect counts to be similar - Fit a linear model G, = a+pe, - Only accept sessions where V2 < p< 2 GCHQI
15 MAT A Sek-13-5-a.pdf, Blatt 15 Scoring:refinements There may be an unknown time-offset - Traffic takes time to relay through the TOR network - SIGINT clocks may not be synchronised - We slide the traces against each other and find the best match - Truncate to exit node trace (we know that it is a complete TOR circuit) other UK information legislation. Refer disclosure requests to GCHQ on
16 We show how the score behaviour as a function of time slide See high correlation (pink) at small time offset Also generally see (3 (blue) in a sensible range MAT A Sek-13-5-a.pdf, Blatt 16 Self-comparison CtoS CtoS CtoS CtoS CtoS 500 2a 2b r~2-500 _i_ StoC StoC StoC StoC StoC P 'A 500 A 2a 2b Time offset / s IGCHQ other UK information legislation. Refer disclosure requests to GCHQ on
17 MAT A Sek-13-5-a.pdf, Blatt 17 Falsepositives Want an algorithm with very low false positive rate Used 2 hours of (timestamp, source IP, destination IP) tuples captured from 4 10G internet bearers Filtered to tuples between a guard node and a non- TOR node Allow time to arbitrarily slide +/- 2 hours - In real redeployment one would restrict this slide Allow us to plot ROC curves for the technique GCHQI
18 UK TOP SECRET STRAF Falsepositives MAT A Sek-13-5-a.pdf, Blatt 18 Linear - log ROC curve plot Server-to-client good - We miss the very short "2a" session with no false-positives - Threshold r 2 =0.998 High as comparing increasing functions Client-to-server direction - many false positives - There's less structure in data as less data flows in this direction when web-browsinq This information is exempt from disclosure under the Freedom of Infot 1e-06 other UK information legislation. Refer disclosure requests to GCHQ c
19 MAT A Sek-13-5-a.pdf, Blatt 19 A larger experiment We want to find some false hits to understand worst case accuracy for the server-to-client direction Let's open the aperture very wide bearer hours of logs with any time slide - Filter to all traffic involving a TOR node Not just likely guard-to-client traffic as before We find some false hits (540) but rate is assessed to be low enough. 92% of false hits are against the big download session which has little structure
20 The next step We are collecting the required logs of packet times with TOR guard nodes in SIGINT GTE / JTRIG have adapted some TOR exit nodes we own to collect the required exit node data - We are keen to engage with others with exit nodes too Then run the attack - Expect to basically work MAT A Sek-13-5-a.pdf, Blatt 20 - Some extra work might be required to only allow queries on sessions with enough structure Need the bulk data first to progress this question This information is exempt from disclosure under the Freedom of lnformatjorw\c^ooc^ridma^
21 MAT A Sek-13-5-a.pdf, Blatt 21 R package An R packaqe can be downloaded from Includes algorithm and the collected web-browsing data Recommend R packages for sharing analytics, can contain: - R / C / Fortran code - Example data - Runnable examples and documentation - Unit tests This information is exempt from disclosure under the Freedom of Informatioj^c^OOOariajTTaW]
22 MAT A Sek-13-5-a.pdf, Blatt 22 Conclusion Have shown a potential externals-based deanonymisation attack for TOR - Requires SIGINT collection of guard-to-client packet times - Requires TOR collection from exit nodes we own Hope to get this running live at GCHQ soon Full paper and software available from
23 MAT A Sek-13-5-a.pdf, Blatt 23 IGCHQ
Tor Hidden Services How Hidden is 'Hidden'?
Tor Hidden Services How Hidden is 'Hidden'? - ICTR Network Expl This information is exempt under the Freedom of Information Act 2000 {FOIA) and may be exempt under other UK information legislation. Refer
More informationComputer Security. 15. Tor & Anonymous Connectivity. Paul Krzyzanowski. Rutgers University. Spring 2017
Computer Security 15. Tor & Anonymous Connectivity Paul Krzyzanowski Rutgers University Spring 2017 April 24, 2017 CS 419 2017 Paul Krzyzanowski 1 Private Browsing Browsers offer a "private" browsing modes
More informationPrivate Browsing. Computer Security. Is private browsing private? Goal. Tor & The Tor Browser. History. Browsers offer a "private" browsing modes
Private Browsing Computer Security 16. Tor & Anonymous Connectivity Paul Krzyzanowski Rutgers University Spring 2017 Browsers offer a "private" browsing modes Apple Private Browsing, Mozilla Private Browsing,
More informationA SIMPLE INTRODUCTION TO TOR
A SIMPLE INTRODUCTION TO TOR The Onion Router Fabrizio d'amore May 2015 Tor 2 Privacy on Public Networks Internet is designed as a public network Wi-Fi access points, network routers see all traffic that
More informationCS Paul Krzyzanowski
Computer Security 17. Tor & Anonymous Connectivity Anonymous Connectivity Paul Krzyzanowski Rutgers University Spring 2018 1 2 Anonymity on the Internet Often considered bad Only criminals need to hide
More informationAnonymity With Tor. The Onion Router. July 21, Technische Universität München
The Onion Router Nathan S. Evans Christian Grothoff Technische Universität München July 21, 2011 Overview What is Tor? Motivation Background Material How Tor Works Hidden Services Attacks Specific Attack
More informationTor. Tor Anonymity Network. Tor Basics. Tor Basics. Free software that helps people surf on the Web anonymously and dodge censorship.
Tor Tor Anonymity Network Free software that helps people surf on the Web anonymously and dodge censorship. CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk Initially developed at the U.S.
More information0x1A Great Papers in Computer Security
CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/ Privacy on Public Networks Internet is designed as a public network Wi-Fi access points,
More informationDeanonymizing Tor. Colorado Research Institute for Security and Privacy. University of Denver
Deanonymizing Tor Nathan S. Evans Nathan.S.Evans@du.edu Christian Grothoff christian@grothoff.org Colorado Research Institute for Security and Privacy University of Denver 1 Motivation Tor is probably
More informationPort-Scanning Resistance in Tor Anonymity Network. Presented By: Shane Pope Dec 04, 2009
Port-Scanning Resistance in Tor Anonymity Network Presented By: Shane Pope (Shane.M.Pope@gmail.com) Dec 04, 2009 In partial fulfillment of the requirements for graduation with the Dean's Scholars Honors
More informationMAT A Sek-13-4-a.pdf, Blatt 2 Benefits Outcome Expected Benefit How will benefit be measured? Validation of the new hardware chosen for cryptanalytic
Experiment Name Version InnovÄ MAT A Sek-13-4-a.pdf, Blatt 1 Cryptanalytic Services ^ExperimentProfile Experiment Reference Date Experiment Owner (NSA) (GCHQ) Department NSA/S3/CES GCHQ/PTD Experiment
More informationAnonymity. Assumption: If we know IP address, we know identity
03--4 Anonymity Some degree of anonymity from using pseudonyms However, anonymity is always limited by address TCP will reveal your address address together with ISP cooperation Anonymity is broken We
More informationOnion Routing. Submitted By, Harikrishnan S Ramji Nagariya Sai Sambhu J
Onion Routing Submitted By, Harikrishnan S Ramji Nagariya Sai Sambhu J Motivation Public Network Encryption does not hide Routing Information Traffic Analysis Who is Talking to Whom? by analyzing the traffic
More informationThe New Cell-Counting-Based Against Anonymous Proxy
The New Cell-Counting-Based Against Anonymous Proxy Yadarthugalla Raju M.Tech Student, Department of CSE, Dr.K.V.S.R.I.T, Kurnool. K. Pavan Kumar Assistant Professor, Department of IT, Dr.K.V.S.R.I.T,
More informationAvoiding The Man on the Wire: Improving Tor s Security with Trust-Aware Path Selection
Avoiding The Man on the Wire: Improving Tor s Security with Trust-Aware Path Selection Aaron Johnson Rob Jansen Aaron D. Jaggard Joan Feigenbaum Paul Syverson (U.S. Naval Research Laboratory) (U.S. Naval
More informationSECRET STRAP1 COMINT The maximum classification allowed on GCWiki is TOP SECRET STRAP1 COMINT. Click to report inappropriate content.
SECRET STRAP1 COMINT The maximum classification allowed on GCWiki is TOP SECRET STRAP1 COMINT. Click to report inappropriate content. SEBACIUM For GCWiki help contact: From GCWiki (Redirected from File
More informationAnonymity With Tor. The Onion Router. July 5, It s a series of tubes. Ted Stevens. Technische Universität München
Anonymity With Tor The Onion Router Nathan S. Evans Christian Grothoff Technische Universität München July 5, 2012 It s a series of tubes. Ted Stevens Overview What is Tor? Motivation Background Material
More informationCE Advanced Network Security Anonymity II
CE 817 - Advanced Network Security Anonymity II Lecture 19 Mehdi Kharrazi Department of Computer Engineering Sharif University of Technology Acknowledgments: Some of the slides are fully or partially obtained
More informationRAPTOR: Routing Attacks on Privacy in Tor. Yixin Sun. Princeton University. Acknowledgment for Slides. Joint work with
RAPTOR: Routing Attacks on Privacy in Tor Yixin Sun Princeton University Joint work with Annie Edmundson, Laurent Vanbever, Oscar Li, Jennifer Rexford, Mung Chiang, Prateek Mittal Acknowledgment for Slides
More informationObjectives: (1) To learn to capture and analyze packets using wireshark. (2) To learn how protocols and layering are represented in packets.
Team Project 1 Due: Beijing 00:01, Friday Nov 7 Language: English Turn-in (via email) a.pdf file. Objectives: (1) To learn to capture and analyze packets using wireshark. (2) To learn how protocols and
More informationDetecting Denial of Service Attacks in Tor
Norman Danner Danny Krizanc Marc Liberatore Department of Mathematics and Computer Science Wesleyan University Middletown, CT 06459 USA Financial Cryptography and Data Security 2009 Outline 1 Background
More informationTor: Online anonymity, privacy, and security.
Tor: Online anonymity, privacy, and security. Runa A. Sandvik runa@torproject.org 12 September 2011 Runa A. Sandvik runa@torproject.org () Tor: Online anonymity, privacy, and security. 12 September 2011
More informationTor Hidden Services. Roger Dingledine Free Haven Project Electronic Frontier Foundation.
Tor Hidden Services Roger Dingledine Free Haven Project Electronic Frontier Foundation http://tor.eff.org/ 31 July 2005 Talk Outline Tor overview Circuit-building in Tor Hidden services in Tor Demo Anonymity
More informationYou are the internet
The Onion Router Hello World I'm Tony I am interested in the concept of security I work for a local ISP / MSP I like skills sharing / access to knowledge Hackspaces are awesome 2 You are the internet DEMO
More informationThe Tor Network. Cryptography 2, Part 2, Lecture 6. Ruben Niederhagen. June 16th, / department of mathematics and computer science
The Tor Network Cryptography 2, Part 2, Lecture 6 Ruben Niederhagen June 16th, 2014 Tor Network Introduction 2/33 Classic goals of cryptography: confidentiality, data integrity, authentication, and non-repudiation.
More informationAnonymous Communication and Internet Freedom
Anonymous Communication and Internet Freedom CS 161: Computer Security Prof. David Wagner May 2, 2013 Goals For Today State-sponsored adversaries Anonymous communication Internet censorship State-Sponsored
More informationAnonymous Communication and Internet Freedom
Anonymous Communication and Internet Freedom CS 161: Computer Security Prof. David Wagner April 29, 2016 Announcements Final exam in RSF Fieldhouse, 5/10, arrive by 7PM HW4 due Monday, 5/2, 11:59pm Review
More informationTor: The Second-Generation Onion Router. Roger Dingledine, Nick Mathewson, Paul Syverson
Tor: The Second-Generation Onion Router Roger Dingledine, Nick Mathewson, Paul Syverson Introduction Second Generation of Onion Routing Focus on deployability Perfect forward secrecy Separation of protocol
More informationPractical Traceability (101) 31st October 2000
Practical Traceability (101) 31st October 2000 by Richard Clayton Reading List http://www.linx.net/noncore/bcp/ traceability-bcp.html written by UK ISP industry; edited by Richard Clayton Outline TCP/IP
More informationPrivacy defense on the Internet. Csaba Kiraly
Advanced Networking Privacy defense on the Internet Csaba Kiraly 1 Topics Anonymity on the Internet Chaum Mix Mix network & Onion Routing Low-latency anonymous routing 2 Anonymity: Chaum mix David L. Chaum
More informationADVANCED, UNKNOWN MALWARE IN THE HEART OF EUROPE
ADVANCED, UNKNOWN MALWARE IN THE HEART OF EUROPE AGENDA Network Traffic Analysis: What, Why, Results Malware in the Heart of Europe Bonus Round 2 WHAT: NETWORK TRAFFIC ANALYSIS = Statistical analysis,
More informationOnion Routing. Varun Pandey Dept. of Computer Science, Virginia Tech. CS 6204, Spring
Onion Routing Varun Pandey Dept. of Computer Science, Virginia Tech 1 What is Onion Routing? a distributed overlay network to anonymize TCP based routing Circuit based (clients choose the circuit) Each
More informationanonymous routing and mix nets (Tor) Yongdae Kim
anonymous routing and mix nets (Tor) Yongdae Kim Significant fraction of these slides are borrowed from CS155 at Stanford 1 q Why? Anonymous web browsing 1. Discuss health issues or financial matters anonymously
More informationOnion services. Philipp Winter Nov 30, 2015
Onion services Philipp Winter pwinter@cs.princeton.edu Nov 30, 2015 Quick introduction to Tor An overview of Tor Tor is a low-latency anonymity network Based on Syverson's onion routing......which is based
More informationthis security is provided by the administrative authority (AA) of a network, on behalf of itself, its customers, and its legal authorities
INFRASTRUCTURE SECURITY this security is provided by the administrative authority (AA) of a network, on behalf of itself, its customers, and its legal authorities Goals * prevent or mitigate resource attacks
More informationThe Reconnaissance Phase
The Reconnaissance Phase Detecting the Enemy Before the Attack Carrie Gates PhD Candidate, Dalhousie University Visiting Scientist, CERT, Carnegie Mellon University Outline! Indicate a gap in our defences!
More information9. Wireshark I: Protocol Stack and Ethernet
Distributed Systems 205/2016 Lab Simon Razniewski/Florian Klement 9. Wireshark I: Protocol Stack and Ethernet Objective To learn how protocols and layering are represented in packets, and to explore the
More informationSirindhorn International Institute of Technology Thammasat University
Name.............................. ID............... Section...... Seat No...... Sirindhorn International Institute of Technology Thammasat University Course Title: IT Security Instructor: Steven Gordon
More informationAnonymous communications: Crowds and Tor
Anonymous communications: Crowds and Tor Basic concepts What do we want to hide? sender anonymity attacker cannot determine who the sender of a particular message is receiver anonymity attacker cannot
More informationCircuit Fingerprinting Attack: Passive Deanonymization of Tor Hidden Services
Circuit Fingerprinting Attack: Passive Deanonymization of Tor Hidden Services Albert Kwon 1 Mashael Saad Al-Sabah 123 David Lazar 1 Marc Dacier 2 Srinivas Devadas 1 1 CSAIL/MIT 2 Qatar Computing Research
More informationA Modern Congestion Attack on Tor Using Long Paths
A Modern Congestion Attack on Tor Using Long Paths Towards Nathan S. Evans 1 Christian Grothoff 1 Roger Dingledine 2 1 University of Denver, Denver CO 2 The Tor Project June, 22 2009 Why attack Tor? Tor
More informationIntroduction to Tor. January 20, Secure Web Browsing and Anonymity. Tor Mumbai Meetup, Sukhbir Singh
Introduction to Tor Secure Web Browsing and Anonymity Tor Mumbai Meetup, 2018 Sukhbir Singh sukhbir@torproject.org January 20, 2018 Before We Begin... 2 / 18 Before We Begin... Understand your threat model
More informationNew Directions in Traffic Measurement and Accounting. Need for traffic measurement. Relation to stream databases. Internet backbone monitoring
New Directions in Traffic Measurement and Accounting C. Estan and G. Varghese Presented by Aaditeshwar Seth 1 Need for traffic measurement Internet backbone monitoring Short term Detect DoS attacks Long
More informationNetwork Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2010
Network Security: Anonymity Tuomas Aura T-110.5240 Network security Aalto University, Nov-Dec 2010 Outline 1. Anonymity and privacy 2. High-latency anonymous routing 3. Low-latency anonymous routing Tor
More informationImpact of Network Topology on Anonymity and Overhead in Low-Latency Anonymity Networks
Impact of Network Topology on Anonymity and Overhead in Low-Latency Anonymity Networks Claudia Diaz 1, Steven J. Murdoch 2, Carmela Troncoso 1 1 K.U.Leuven, ESAT/COSIC 2 University of Cambridge / The Tor
More informationCIS 551 / TCOM 401 Computer and Network Security. Spring 2008 Lecture 23
CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 23 Announcements Project 4 is Due Friday May 2nd at 11:59 PM Final exam: Friday, May 12th. Noon - 2:00pm DRLB A6 Today: Last details
More informationDesign and Implementation of Privacy-Preserving Surveillance. Aaron Segal
1 Design and Implementation of Privacy-Preserving Surveillance Aaron Segal Yale University May 11, 2016 Advisor: Joan Feigenbaum 2 Overview Introduction Surveillance and Privacy Privacy Principles for
More informationANONYMOUS CONNECTIONS AND ONION ROUTING
I J C I T A E Serials Publications 6(1) 2012 : 31-37 ANONYMOUS CONNECTIONS AND ONION ROUTING NILESH MADHUKAR PATIL 1 AND CHELPA LINGAM 2 1 Lecturer, I. T. Dept., Rajiv Gandhi Institute of Technology, Mumbai
More informationComputer Security and Privacy
CSE P 590 / CSE M 590 (Spring 2010) Computer Security and Privacy Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for
More informationInvestigating the Use of Synchronized Clocks in TCP Congestion Control
Investigating the Use of Synchronized Clocks in TCP Congestion Control Michele Weigle (UNC-CH) November 16-17, 2001 Univ. of Maryland Symposium The Problem TCP Reno congestion control reacts only to packet
More informationCSCD 433/533 Advanced Networks
CSCD 433/533 Advanced Networks Lecture 2 Network Review Winter 2017 Reading: Chapter 1 1 Topics Network Topics Some Review from CSCD330 Applications Common Services Architecture OSI Model AS and Routing
More informationIP address. When you connect to another computer you send it your IP address.
Anonymity IP address When you connect to another computer you send it your IP address. It is very hard to communicate without revealing an address on which you can receive traffic. Recent court cases have
More informationMetrics for Security and Performance in Low-Latency Anonymity Systems
Metrics for Security and Performance in Low-Latency Anonymity Systems Tor user Entry node Tor Network Middle node Exit node Bandwidth per node (kb/s) (log scale) 1e+01 1e+03 1e+05 Encrypted tunnel Web
More informationSystem-Level Failures in Security
System-Level Failures in Security Non linear offset component (ms) 0.0 0.5 1.0 1.5 2.0 Variable skew De noised Non linear offset Temperature 26.4 26.3 26.2 26.1 26.0 25.9 25.8 Temperature ( C) Fri 11:00
More informationPractical Network-wide Packet Behavior Identification by AP Classifier
Practical Network-wide Packet Behavior Identification by AP Classifier NETWORK-WIDE PACKET BEHAVIOR IDENTIFICATION o An control plane application identifying forwarding behaviors of packets in a flow:
More informationHOW TO ANALYZE AND UNDERSTAND YOUR NETWORK
Handbook HOW TO ANALYZE AND UNDERSTAND YOUR NETWORK Part 3: Network Traffic Monitoring or Packet Analysis? by Pavel Minarik, Chief Technology Officer at Flowmon Networks www.flowmon.com In previous two
More informationTop 3 Marketing Metrics You Should Measure in Google Analytics
Top 3 Marketing Metrics You Should Measure in Google Analytics Presented By Table of Contents Overview 3 How to Use This Knowledge Brief 3 Metric to Measure: Traffic 4 Direct (Acquisition > All Traffic
More informationAuthors: Mark Handley, Vern Paxson, Christian Kreibich
Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics Authors: Mark Handley, Vern Paxson, Christian Kreibich Exploitable Ambiguities NIDS does not have full range
More informationWatchGuard M200 Firewall/Router QoS Configuration Guide
WatchGuard M200 Firewall/Router QoS Configuration Guide QoS Configuration Guide WatchGuard M200 Contents Contents Intr oduction Performance and Capacities 3 3 Configure Your Fir ewall 4 WatchGuard M200
More informationTHE SECOND GENERATION ONION ROUTER. Roger Dingledine Nick Mathewson Paul Syverson. -Presented by Arindam Paul
THE SECOND GENERATION ONION ROUTER Roger Dingledine Nick Mathewson Paul Syverson 1 -Presented by Arindam Paul Menu Motivation: Why do we need Onion Routing? Introduction : What is TOR? Basic TOR Design
More informationContents What is CNE? Why do CNE? CNE Teams Partners Challenges Contacts
Contents What is CNE? Why do CNE? CNE Teams Partners Challenges Contacts What is CNE? Computer & Network Exploitation delivers to GCHQ data of intelligence value by remote access to computers, computer
More informationWhy You Should Consider a Hardware Based Protocol Analyzer?
Why You Should Consider a Hardware Based Protocol Analyzer? Software-only protocol analyzers are limited to accessing network traffic through the utilization of mirroring. While this is the most convenient
More informationThe Controlled Delay (CoDel) AQM Approach to fighting bufferbloat
The Controlled Delay (CoDel) AQM Approach to fighting bufferbloat BITAG TWG Boulder, CO February 27, 2013 Kathleen Nichols Van Jacobson Background The persistently full buffer problem, now called bufferbloat,
More informationPrivCount: A Distributed System for Safely Measuring Tor
PrivCount: A Distributed System for Safely Measuring Tor Rob Jansen Center for High Assurance Computer Systems Invited Talk, October 4 th, 2016 University of Oregon Department of Computer and Information
More informationThe attacker appears to use an exploit that is derived from the Metasploit FreeBSD Telnet Service Encryption Key ID Buffer Overflow?
Atlassian Home Documentation Support Blog Forums Explore Dashboard Repositories Carl Pulley owner/repo carlpulley / Challenge11 http://honeynet.org/node/829 Submission for Honeynet Challenge 11 - Dive
More informationsurveillance & anonymity cs642 computer security adam everspaugh
surveillance & anonymity cs642 computer security adam everspaugh ace@cs.wisc.edu today Internet-wide scanning, zmap Massive surveillance, packet inspection Anonymous browsing, TOR TCP handshake Client
More informationENEE 459-C Computer Security. Security protocols
ENEE 459-C Computer Security Security protocols Key Agreement: Diffie-Hellman Protocol Key agreement protocol, both A and B contribute to the key Setup: p prime and g generator of Z p *, p and g public.
More informationTor, a quick overview
Tor, a quick overview Linus Nordberg The Tor Project https://torproject.org/ 1 What is Tor Online anonymity: 1. software, 2. network, 3. protocol Open source, freely available Community
More informationNurseSim Help Files. Before you start
NurseSim Help Files. Before you start Before starting NurseSim you will need to check your PC specifications. NurseSim needs a minimum of 4GB RAM (memory) and a Core i3, i5, i7 or A6/A8 processor. To check
More informationBasic Concepts in Intrusion Detection
Technology Technical Information Services Security Engineering Roma, L Università Roma Tor Vergata, 23 Aprile 2007 Basic Concepts in Intrusion Detection JOVAN GOLIĆ Outline 2 Introduction Classification
More informationHow Do Tor Users Interact With Onion Services?
How Do Tor Users Interact With Onion Services? Philipp Winter, Annie Edmundson, Laura Roberts, Agnieszka Dutkowska-Zuk, Marshini Chetty, Nick Feamster USENIX Security Symposium 15 August 2018 1 Tor is
More informationConfiguring Cisco IOS IP SLA Operations
CHAPTER 58 This chapter describes how to use Cisco IOS IP Service Level Agreements (SLA) on the switch. Cisco IP SLA is a part of Cisco IOS software that allows Cisco customers to analyze IP service levels
More informationENEE 459-C Computer Security. Security protocols (continued)
ENEE 459-C Computer Security Security protocols (continued) Key Agreement: Diffie-Hellman Protocol Key agreement protocol, both A and B contribute to the key Setup: p prime and g generator of Z p *, p
More informationConfiguring IP SLAs Metro-Ethernet 3.0 (ITU-T Y.1731) Operations
Configuring IP SLAs Metro-Ethernet 3.0 (ITU-T Y.1731) Operations This module describes how to configure an IP SLAs Metro-Ethernet 3.0 (ITU-T Y.1731) operation to gather the following performance measurements
More informationIP SLAs QFP Time Stamping
This module describes how to configure the IP SLA QFP Time Stamping feature for IP Service Level Agreements (SLAs) UDP jitter operations. This new probe and responder structure enables more accurate network
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationThe Onion Routing Performance using Shadowplugin-TOR
The Onion Routing Performance using Shadowplugin-TOR Hartanto Kusuma Wardana, Liauw Frediczen Handianto, Banu Wirawan Yohanes * Faculty of Electronic and Computer Engineering Universitas Kristen Satya
More informationRogue Femtocell Owners: How Mallory Can Monitor My Devices
Rogue Femtocell Owners: How Mallory Can Monitor My Devices David Malone, Darren F. Kavanagh and Niall R. Murphy 19 April 2013 Femtocells Small devices acting as cellular base stations. Deployed to extend
More informationAnonymity. With material from: Dave Levin and Michelle Mazurek
http://www.sogosurvey.com/static/sogo_resp_images/tat_resp_images/designimg/guaranteed-anonymous-survey.png Anonymity With material from: Dave Levin and Michelle Mazurek What is anonymity? Dining cryptographers
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationAnonymous Communications
Anonymous Communications Andrew Lewman andrew@torproject.org December 05, 2012 Andrew Lewman andrew@torproject.org () Anonymous Communications December 05, 2012 1 / 45 Who is this guy? 501(c)(3) non-profit
More informationLINKING TOR CIRCUITS
LINKING TOR CIRCUITS MSc Information Security, 2014 University College London Otto Huhta Supervisor: Dr George Danezis This report is submitted as part requirement for the MSc in Information Security at
More informationThe Vectra App for Splunk. Table of Contents. Overview... 2 Getting started Setup... 4 Using the Vectra App for Splunk... 4
Table of Contents Overview... 2 Getting started... 3 Installation... 3 Setup... 4 Using the Vectra App for Splunk... 4 The Vectra Dashboard... 5 Hosts... 7 Detections... 8 Correlations... 9 Technical support...
More informationAnonymity, Usability, and Humans. Pick Two.
Anonymity, Usability, and Humans. Pick Two. Runa A. Sandvik runa@torproject.org 20 September 2011 Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 1
More informationSender Reputation Filtering
This chapter contains the following sections: Overview of, on page 1 SenderBase Reputation Service, on page 1 Editing Score Thresholds for a Listener, on page 4 Entering Low SBRS Scores in the Message
More informationTrawling for Tor Hidden Services: Detection, Measurement, Deanonymization
Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization A. Biryukov, I. Pustogarov, R.P. Weinmann University of Luxembourg Ivan.pustogarov@uni.lu May 20, 2013 Overview Background Measuring
More informationNetworking interview questions
Networking interview questions What is LAN? LAN is a computer network that spans a relatively small area. Most LANs are confined to a single building or group of buildings. However, one LAN can be connected
More informationLaying the Groundwork for UC Network Performance
Laying the Groundwork for UC Network Performance Step by Step Planning Guide for UC Network Performance Success Better Planning for Better Network Performance This white paper shows you how to use Mitel
More informationDetect Cyber Threats with Securonix Proxy Traffic Analyzer
Detect Cyber Threats with Securonix Proxy Traffic Analyzer Introduction Many organizations encounter an extremely high volume of proxy data on a daily basis. The volume of proxy data can range from 100
More informationAnonymity C S A D VA N C E D S E C U R I T Y TO P I C S P R E S E N TAT I O N BY: PA N AY I OTO U M A R KO S 4 T H O F A P R I L
Anonymity C S 6 8 2 A D VA N C E D S E C U R I T Y TO P I C S P R E S E N TAT I O N BY: PA N AY I OTO U M A R KO S 4 T H O F A P R I L 2 0 1 9 Tor: The Second- Generation Onion Router R. DINGLEDINE N.
More informationReport on ESET NOD 32 Antivirus
Report on ESET NOD 32 Antivirus CYBER SECURITY & PRIVACY FOUNDATION 1 Software: NOD 32 Antivirus for Windows Lab Setup: Oracle Virtualbox v4.3.6 r91406 Operating System: Machine 1: Windows 7 32-Bit. Processor:
More informationJim Green CTO, IoT Software Cisco Systems. The State of The Internet of The Things
Jim Green CTO, IoT Software Cisco Systems The State of The Internet of The Things The Goal of IoT Leveraging Machine Generated Data for Business Benefit Product Quality Assessment at the Well Is IoT Big
More informationSIP and VoIP What is SIP? What s a Control Channel? History of Signaling Channels
Network Security - ISA 656 Voice Over IP (VoIP) Security Simple SIP ing Alice s Bob Session Initiation Protocol Control channel for Voice over IP (Other control channel protocols exist, notably H.323 and
More informationEnhancing Tor s Performance using Real-time Traffic Classification
Enhancing Tor s Performance using Real-time Traffic Classification Mashael AlSabah, Kevin Bauer, Ian Goldberg Cheriton School of Computer Science University of Waterloo {malsabah,k4bauer,iang}@cs.uwaterloo.ca
More information2 ND GENERATION ONION ROUTER
2 ND GENERATION ONION ROUTER Roger Dingledine, Nick Mathewson and Paul Syverson Presenter: Alejandro Villanueva Agenda Threat model Cells and circuits Other features Related work How does it work? Rendezvous
More informationAnonymity With material from: Dave Levin
Anonymity With material from: Dave Levin http://www.sogosurvey.com/static/sogo_resp_images/tat_resp_images/designimg/guaranteed-anonymous-survey.png What is anonymity? Dining cryptographers Mixnets and
More information802.11b+g Wireless LAN USB Adapter. User Manual
802.11b+g Wireless LAN USB Adapter User Manual REGULATORY STATEMENTS FCC Certification The United States Federal Communication Commission (FCC) and the Canadian Department of Communications have established
More informationOnlineAnonymity. OpenSource OpenNetwork. Communityof researchers, developers,usersand relayoperators. U.S.501(c)(3)nonpro%torganization
The Tor Project Our mission is to be the global resource for technology, advocacy, research and education in the ongoing pursuit of freedom of speech, privacy rights online, and censorship circumvention.
More informationBitTorrent Traffic Classification
BitTorrent Traffic Classification Atwin O. Calchand, Van T. Dinh, Philip Branch, Jason But Centre for Advanced Internet Architectures, Technical Report 090227A Swinburne University of Technology Melbourne,
More informationPRIVACY POLICY. We will use the information that we collect about you in accordance with:
PRIVACY POLICY The preservation of your privacy is important to Gingko and we are committed to letting you know how we use your personal information and to making only responsible use of your data. The
More information