Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis Presented by Yang Gao 11/2/2011 Charles V. Wright MIT Lincoln Laboratory Scott.

Slides:

Advertisements

Similar presentations

Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis Charles Wright, Scott Coull, Fabian Monrose Presented by Sruthi Vemulapalli.

Advertisements

Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.

Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,

Word Spotting DTW.

Slick: A control plane for middleboxes Bilal Anwer, Theophilus Benson, Dave Levin, Nick Feamster, Jennifer Rexford Supported by DARPA through the U.S.

Structured Sparse Principal Component Analysis Reading Group Presenter: Peng Zhang Cognitive Radio Institute Friday, October 01, 2010 Authors: Rodolphe.

Polymorphic blending attacks Prahlad Fogla et al USENIX 2006 Presented By Himanshu Pagey.

Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.

Exploring timing based side channel attacks against i CCMP Suman Jana, Sneha K. Kasera University of Utah Introduction

Toward a Framework for Preventing Side-Channel Attacks in Wireless Networks Jeff Pang.

Network Coding for Large Scale Content Distribution Christos Gkantsidis Georgia Institute of Technology Pablo Rodriguez Microsoft Research IEEE INFOCOM.

Matching a 3D Active Shape Model on sparse cardiac image data, a comparison of two methods Marleen Engels Supervised by: dr. ir. H.C. van Assen Committee:

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

CS526Topic 9: Web Security (2)1 Information Security CS 526 Topic 9 Web Security Part 2.

Authors: Thomas Ristenpart, et at.

Design and Implementation of SIP-aware DDoS Attack Detection System.

Face Recognition Using Neural Networks Presented By: Hadis Mohseni Leila Taghavi Atefeh Mirsafian.

Key-Stroke Timing and Timing Attack on SSH Yonit Shabtai and Michael Lustig supervisor: Yoram Yihyie Technion - Israel Institute of Technology Computer.

SSH Secure Login Connections over the Internet

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

Jinhui Tang †, Shuicheng Yan †, Richang Hong †, Guo-Jun Qi ‡, Tat-Seng Chua † † National University of Singapore ‡ University of Illinois at Urbana-Champaign.

Signatures As Threats to Privacy Brian Neil Levine Assistant Professor Dept. of Computer Science UMass Amherst.

Alert Correlation for Extracting Attack Strategies Authors: B. Zhu and A. A. Ghorbani Source: IJNS review paper Reporter: Chun-Ta Li ( 李俊達 )

Towards a Safe Playground for HTTPS and Middle-Boxes with QoS2 Zhenyu Zhou CS Dept., Duke University.

Language Identification of Search Engine Queries Hakan Ceylan Yookyung Kim Department of Computer Science Yahoo! Inc. University of North Texas 2821 Mission.

Presented by Group 2: Presented by Group 2: Shan Gao ( ) Shan Gao ( ) Dayang Yu ( ) Dayang Yu ( ) Jiayu Zhou ( ) Jiayu Zhou.

IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS 2007 (TPDS 2007)

Protecting Web 2.0 Services from Botnet Exploitations Cybercrime and Trustworthy Computing Workshop (CTC), 2010 Second Nguyen H Vo, Josef Pieprzyk Department.

Uncovering spoken phrases in encrypted VoIP conversations BY, RITESH CHANDRA REDDY GUNNA. PRASAD VUNNAM.

COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.

Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.

FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

Carnegie Mellon Selected Topics in Automated Diversity Stephanie Forrest University of New Mexico Mike Reiter Dawn Song Carnegie Mellon University.

Computer Security: Principles and Practice

Detection Unknown Worms Using Randomness Check Computer and Communication Security Lab. Dept. of Computer Science and Engineering KOREA University Hyundo.

An Overview of Intrusion Detection Using Soft Computing Archana Sapkota Palden Lama CS591 Fall 2009.

Copyright © 2003 OPNET Technologies, Inc. Confidential, not for distribution to third parties. Session 1341: Case Studies of Security Studies of Intrusion.

Evaluating Network Security with Two-Layer Attack Graphs Anming Xie Zhuhua Cai Cong Tang Jianbin Hu Zhong Chen ACSAC (Dec., 2009) 2010/6/151.

Performance Analysis of Real Traffic Carried with Encrypted Cover Flows Nabil Schear David M. Nicol University of Illinois at Urbana-Champaign Department.

Wireless communications and mobile computing conference, p.p , July 2011.

Efficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks Donggang Liu and Peng Ning Department of Computer.

Database Security David Nguyen. Dangers of Internet  Web based applications open up new threats to a corporation security  Protection of information.

1 An Arc-Path Model for OSPF Weight Setting Problem Dr.Jeffery Kennington Anusha Madhavan.

Systems of Equations: Substitution

Network and Internet Security Prepared by Dr. Lamiaa Elshenawy

Review of Statistical Terms Population Sample Parameter Statistic.

Presentation for CDA6938 Network Security, Spring 2006 Timing Analysis of Keystrokes and Timing Attacks on SSH Authors: Dawn Xiaodong Song, David Wagner,

COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.

Active Learning for Network Intrusion Detection ACM CCS 2009 Nico Görnitz, Technische Universität Berlin Marius Kloft, Technische Universität Berlin Konrad.

Incremental Reduced Support Vector Machines Yuh-Jye Lee, Hung-Yi Lo and Su-Yun Huang National Taiwan University of Science and Technology and Institute.

DIVYA K 1RN09IS016 RNSIT1. Cloud computing provides a framework for supporting end users easily through internet. One of the security issues is how to.

Pouya Ostovari and Jie Wu Computer & Information Sciences

Maninda Edirisooriya. Introduction Extension for Google Chrome. Privacy protection system for online chat. Encrypts chat text using 128 bit AES. Decrypts.

Spot me if you can: Uncovering spoken phrases in encrypted VoIP conversations Charles V. Wright Scott E. Coull Gerald M. Masson Lucas Ballard Fabian Monrose.

Aaron Johnson Rob Jansen Aaron D. Jaggard Joan Feigenbaum

Presented by Edith Ngai MPhil Term 3 Presentation

A Comprehensive Security Assessment of the Westminster College Unix Lab Jacob Shodd.

Statistical Identification of Encrypted Web-Browsing Traffic

Location Cloaking for Location Safety Protection of Ad Hoc Networks

Dieudo Mulamba November 2017

Defending Against DDoS

Timing Analysis of Keystrokes and Timing Attacks on SSH

Anupam Das , Nikita Borisov

On Scalability of In-Situ OAM draft-song-ippm-ioam-scalability-01

Timing Analysis of Keystrokes And Timing Attacks on SSH

A research work by: Charles V. Wright, Scott E. Coull, Fabian Monrose

Information Security CS 526 Topic 9

Cheating and Prevention in Visual Secret Sharing

Presentation transcript:

Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis Presented by Yang Gao 11/2/2011 Charles V. Wright MIT Lincoln Laboratory Scott E. Coull Johns Hopkins University Fabian Monrose University of North Carolina

Outline  Potential Hazards  Counter measures and Traffic Morphing  How it works?  Evaluation and Results

Privacy Security

Packet Size and Timing Information Privacy Leakage Classification Tools Language of a VoIP call Password in SSH Web browsing habits...

How does the attack happen  Webpage browsing  Statistical Identification of Encrypted Web Browsing Traffic (Sun,Q. Stanford University)

A 2000 sample from 100,000 WebPages Only Objects number and sizes are recorded Jaccard’s coefficient Trained classifier

How does the attack happen  Webpage browsing  Statistical Identification of Encrypted Web Browsing Traffic (Sun,Q. Et Stanford University)  Inferring the Source of Encrypted HTTP Connections (Marc Liberatore and Brian Neil Levine UMA)  Identification of Encrypted VoIP Traffic

Results of the Classifiers

Outline  Potential Hazards  Counter measures and Traffic Morphing  How it works?  Evaluation and Results

Countermeasures  Padding  Mimicking  Morphing  Sending at fixed time intervals(counter the timing analysis)

Comparison

Traffic Morphing morphing

How does the morphing work? L1L2L1 L2L1L2 N L1 : N L2 = 2 : 1 N L1 : N L2 = 1 : 2

Outline  Potential Hazards  Counter measures and Traffic Morphing  How it works?  Evaluation and Results

Traffic Morphing  Goals  Good resemblance in packet size distribution  Less overhead  Steps  Morphing matrix construction

Morphing Matrix Size x1 Size xn Size y1 Size yn 2*n equations and n 2 unknowns

How to solve these equations?  We won't solve them directly.  Convex Optimization  Cost Function  Restrictions

Example L1L2L1 L2L1L2

Example L1L2L1 L2 Reduce? Add more constrains to avoid this situation.

Steps for Traffic Morphing  Matrix Construction  Select the source process and calculate the probability distribution of the packets size.  Select the target process and calculate the probability distribution of the packets size.  Solve the morphing matrix with optimization method which could minimize the cost while following the restrictions.  Traffic Morphing  Get the packet to send.  set up a random number to select the element in the matrix  Calculate the corresponding packet size.  Padding or reduce the packet size  Transmit the new packet.

Traffic Morphing  Goals  Good resemblance in packet size distribution  Less overhead  Steps  Morphing matrix construction  Additional Morphing Constraints

Pitfall 1  System is over-specified  Y = AX  Solution:  Multi-level programming  Find Z which is closest to Y  Find A which such that most efficiently maps X to Z  Z=A’X => Minimize( f d (Y,Z) )  Z=AX => Minimize( f 0 (A) )

Traffic Morphing  Goals  Good resemblance in packet size distribution  Less overhead  Steps  Morphing matrix construction  Additional Morphing Constraints  Dealing with Large Sample Spaces

Pitfall 2  Pool Scalability  Pentium 4 2.8G run 1 hr for 80x80 matrix with 6560 constraints  MTU(40~1500) means 1460x1460 Matrix  Solution  Multi-level method  Sub-matrix Morphing

Multi-level method

Traffic Morphing in sum  Goals  Good resemblance in packet size distribution  Less overhead  Steps  Morphing matrix construction  Convex optimization  Additional Morphing Constraints  2 level Multi-level programming  Dealing with Large Sample Spaces  Sub-matrix Morphing

Outline  Potential Hazards  Counter measures and Traffic Morphing  How it works?  Evaluation and Results

Evaluation  Encrypted Voice over IP  Web Page Identification  Defeating Original Classifier  Evaluating Indistinguishability

Encrypted Voice over IP  Language Identification of Encrypted VoIP Traffic:Alejandra y Roberto or Alice and Bob?  Charles V. Wright Lucas Ballard Fabian Monrose Gerald M. Masson from Department of Computer Science Johns Hopkins University

White box encode

Why even the encrypted voice packet will leak information  Unigram frequencies of bit rates

2-gram resemblance

Blackbox

Results for original classifier

Results for Indistinguishablity

Overhead

Web page Identification

Overhead

Practical Considerations  Short Network Sessions  Short of packets generated by source?  Keep generating until reach a distance threshold  Variations in Source Distribution  Packets size difference for training and using?  Divide and conquer  Reduced Packet Sizes  How to deal with the reduced packet size in HTTP  Packing to the next

Traffic Morphing in a nut shell  Resemblance  Morphing Matrix  Convex Optimization  Overhead Minimization  Additional Morphing Constraints  Dealing with Large Sample Spaces  Practical Considerations  Short Network Sessions  Variations in Source Distribution  Reduced Packet Sizes

Conclusion  User privacy are vulnerable even under encryption protected.  Traffic morphing is effective and robust  Traffic morphing is applicable.  Traffic morphing is much more efficient than padding.

Discussion  The other side of morphing  Anti-intrude-detection.  Mimicry attack System call sequence Malicious call combination library deny accept morphing

Thank you!