Tracking Anonymous Peer-to-Peer Calls on the Internet

Similar documents
The FootFall Project Tracing Attacks Through Non-Cooperative Networks and Stepping Stones with Timing-Based Watermarking

Wei Wang, Mehul Motani and Vikram srinivasan Department of Electrical & Computer Engineering National University of Singapore, Singapore

Impact of Network Topology on Anonymity and Overhead in Low-Latency Anonymity Networks

THE increasing Internet bandwidth has enabled more and

precise rules that govern communication between two parties TCP/IP: the basic Internet protocols IP: Internet protocol (bottom level)

Duo Travel Guide. duo.com

Chaum, Untraceable Electronic Mail, Return Addresses, and Digital Pseudonym, Communications of the ACM, 24:2, Feb. 1981

Denial of Service, Traceback and Anonymity

Cisco Webex Cloud Connected Audio

An Analysis of Onion-Based Anonymous Routing in Delay Tolerant Networks

Covert Channels through External Interference

A quick guide to the Internet. David Clark 6.978J/ESD.68J Lecture 1 V1.0 Spring 2006

Active Timing-Based Correlation of Perturbed Traffic Flows with Chaff Packets

ECE 697J Advanced Topics in Computer Networks

Wide area networks: packet switching and congestion

Top-Down Network Design

Cisco Implementing Cisco IP Routing (ROUTE v2.0)

Module 2 Communication Switching. Version 1 ECE, IIT Kharagpur

A common issue that affects the QoS of packetized audio is jitter. Voice data requires a constant packet interarrival rate at receivers to convert

DiffServ Architecture: Impact of scheduling on QoS

Protocol Data Hiding. By Chet Hosmer Article Posted: March 06, 2012

Location Based Advanced Phone Dialer. A mobile client solution to perform voice calls over internet protocol. Jorge Duda de Matos

Lecture 1: Perfect Security

Anonymity With material from: Dave Levin

Protecting Network Quality of Service Against Denial of Service Attacks

SIP and VoIP What is SIP? What s a Control Channel? History of Signaling Channels

Keywords: fingerprinting; flow watermarking; dynamic watermark; proactive network security.

EECS 3214 Final Exam Winter 2017 April 19, 2017 Instructor: S. Datta. 3. You have 180 minutes to complete the exam. Use your time judiciously.

BGP. Daniel Zappala. CS 460 Computer Networking Brigham Young University

Security and Anonymity

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network

Tangents. In this tutorial we are going to take a look at how tangents can affect an animation.

Coupon VPN4ALL-Mobile + Extra AV Protection (1 month) all software free download list ]

Anonymity. Assumption: If we know IP address, we know identity

Mobile IP Overview. Based on IP so any media that can support IP can also support Mobile IP

Chapter 2.6: Testing and running a solution

ANET: An Anonymous Networking Protocol

DiffServ Architecture: Impact of scheduling on QoS

Shared, Multi-Hop Networks and End-to-End Arguments

List of groups known at each router. Router gets those using IGMP. And where they are in use Where members are located. Enhancement to OSPF

Wireless Network Security Spring 2016

ANONYMOUS CONNECTIONS AND ONION ROUTING

EECS 3214 Midterm Test Winter 2017 March 2, 2017 Instructor: S. Datta. 3. You have 120 minutes to complete the exam. Use your time judiciously.

Part 5: Link Layer Technologies. CSE 3461: Introduction to Computer Networking Reading: Chapter 5, Kurose and Ross

Wireless Network Security Spring 2011

APPENDIX F THE TCP/IP PROTOCOL ARCHITECTURE

A SIMPLE INTRODUCTION TO TOR

Wireless Network Security Spring 2014

THE COMPLETE FIELD GUIDE TO THE WAN

Introduction to TCP/IP networking

Why equivariance is better than premature invariance

VoIP. ALLPPT.com _ Free PowerPoint Templates, Diagrams and Charts

Internetworking Models The OSI Reference Model

Data Center Networks and Switching and Queueing and Covert Timing Channels

CSE 123A Computer Networks

New Approach towards Covert Communication using TCP-SQN Reference Model


Wireless Network Security Spring 2013

5 What two Cisco tools can be used to analyze network application traffic? (Choose two.) NBAR NetFlow AutoQoS Wireshark Custom Queuing

Congestion? What Congestion? Mark Handley

VOIP and Video on a City-wide Scale

Resist Intruders Manipulation via Context-based TCP/IP Packet Matching

Laying the Groundwork for UC Network Performance

Cradlepoint to Palo Alto VPN Example. Summary. Standard IPSec VPN Topology. Global Leader in 4G LTE Network Solutions

ABSTRACT. that it avoids the tolls charged by ordinary telephone service

Anonymity With Tor. The Onion Router. July 5, It s a series of tubes. Ted Stevens. Technische Universität München

Wireless Network Security Spring 2015

PROTECTING CONVERSATIONS

Symmetric-Key Cryptography Part 1. Tom Shrimpton Portland State University

CRYPTOGRAPHIC PROTOCOLS: PRACTICAL REVOCATION AND KEY ROTATION

Strongly Anonymous Communications in Mobile Ad Hoc Networks

VOIP Network Pre-Requisites

Distributed Systems. 21. Content Delivery Networks (CDN) Paul Krzyzanowski. Rutgers University. Fall 2018

CS November 2018

Error-Free correlation in Encrypted Attack Traffic by Watermarking flow through Stepping Stones

A Covert Channel in RTP Protocol

Alibi Routing. D. Levin, Y. Lee, L. Valenta Z. Li, V. Lai, C. Lumezanu N. Spring, B. Bhattacharjee SIGCOMM 2015

OpenSIPS Bootcamp 1.5

The investigation of a system for assessing the quality of telecommunications services based on the SDN core.

LECTURE WK4 NETWORKING

OSI Layers (Open System Interconnection)

Switching & ARP Week 3

Definition. Quantifying Anonymity. Anonymous Communication. How can we calculate how anonymous we are? Who you are from the communicating party

Managing Your IP Telephony Environment

OSI Layer OSI Name Units Implementation Description 7 Application Data PCs Network services such as file, print,

Inside SD-WAN: WAN Virtualization Traffic Routing Options

Top-Down Network Design

SIP security and the great fun with Firewall / NAT Bernie Höneisen SURA / ViDe, , Atlanta, GA (USA)

Your Guide to NeuroTracker

Test 2 Review. 1. (10 points) Timestamps and nonces are both used in security protocols to prevent replay attacks.

MASERGY S MANAGED SD-WAN

Communications Transformations 2: Steps to Integrate SIP Trunk into the Enterprise

Lecture 13: Routing in multihop wireless networks. Mythili Vutukuru CS 653 Spring 2014 March 3, Monday

Communication Networks

From Routing to Traffic Engineering

CMPT 280 Intermediate Data Structures and Algorithms

Encryption setup for gateways and trunks

Topic 3 part 2 Traffic analysis; Routing Attacks &Traffic Redirection Fourth Stage

Bloom Filter for Network Security Alex X. Liu & Haipeng Dai

IP Mobility vs. Session Mobility

Transcription:

1 Tracking Anonymous Peer-to-Peer Calls on the Internet Xinyuan Wang, Shiping Chen and Sushil Jajodia CCS 2005 Presenter: Patrick Traynor

2 Extra Credit Watch the following video and count the number of times the people in white shirts pass the ball. First person to get it right gets +5 points on their Introduction assignment. If you get it wrong, you lose 10 points! Pay attention! http://viscog.beckman.uiuc.edu/grafs/demos/15.html

3 Covert Channels Information can be exchanged between parties in overt and covert manners. As we ve seen, truly interesting information can be exchanged without you noticing it. Covert communications in computing systems typically exist as of storage or timing channels. How can we use covert channels against encrypted data?

4 VoIP and Security Voice over IP (VoIP) software allows individuals to have conversations over the Internet. All call content is protected (by default) using AES-256. Anonymizing networks can hide the parties involved. How does these guarantees differ from traditional telephony? What are we trading off here?

5 The Gist It is possible to remove the protection provided by anonymizing networks by creating a covert channel in inter-packet delay (IPD). Increase your delay to encode a 1, decrease it for a 0. Before the packets arrive at the suspected destination, see if the embedded watermark is still present. Why is this difficult?

6 Boiling it Down Natural jitter in the network changes the timing of packets. lim Pr[ n(xn µ) n σ x] = Φ(x) where Φ(x) = x 1 2π e u2 2 du. The theorem indicates that whenever a random sampl r(yr,d E(Y k,d )) Pr[ Var(Yr,d ) ryr,d < x] = Pr[ σ Y,d < x] Φ(x) ryr,d Pr[Y r,d < a] = Pr[ σ Y,d < a r ] Φ( a r ) σ Y,d σ Y,d Pr[Y r,d < a] Φ( a r σ 2Y,d + σ2d + 2Cor(Y k,d, X k )σ Y,d σ d ) Simply, just take a lot of samples. The Central Limit Theorem says that given enough samples, the correct IPDs will become obvious. a r Φ( ) (7) σ Y,d + σ d

7 Results A 24-bit random value was encoded in IPD. Voice samples occurred every 30ms. After approximately 1200 packets (90 seconds), an observer can perfectly verify about 59% of all calls. Allowing error bits increases this value towards 100% fairly quickly. How well would 6 out of 24 error bits stand up in a courtroom?

8 Limitations 90 seconds is a long time, given that the phone companies assume the average call lasts 2 minutes. How many calls would be untraceable given standard behavior? What time of day were the experiments conducted? If I wanted to hide the fact that I made a call, I d do it at high-traffic times. How does this effect jitter? Sampling (r)? What about sending other traffic through the same first hop? Chaffing the channel.

9 Improvements? This is a nice use of timing channels, but is there an easier way to get the same result? Why not just replicate a packet? If you have this kind of control, you could filter out duplicates on the other end. The client may even do it for you. Can we do better if we shift the mean? It may be hard to get packets out faster than they would normally flow.

10 Comments The idea here is good and fairly simple. Be careful of math in papers! There s nothing here you don t already understand. Understand how to take a simple idea and make it into a research agenda. DaTA - Data-Transparent Authentication Without Communication Overhead (SecureComm 06) Tracing Traffic through Intermediate Hosts that Repacketize Flows (INFOCOM 07) Network Flow Watermarking Attack on Low-Latency Anonymous Communication Systems (OAKLAND 07)

11 Questions Patrick Traynor traynor@cse.psu.edu http://www.cse.psu.edu/~traynor

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback