Network Flow Watermarking Attack on Low-Latency Anonymous Communication Systems Xinyuan Wang, Shiping Chen, Sushil Jajodia Presented by Eun Kyoung Kim.

Slides:

Advertisements

Similar presentations

Ulams Game and Universal Communications Using Feedback Ofer Shayevitz June 2006.

Advertisements

Mobility Increase the Capacity of Ad-hoc Wireless Network Matthias Gossglauser / David Tse Infocom 2001.

Data and Computer Communications

Introduction to Information Technologies

Channel Allocation Protocols. Dynamic Channel Allocation Parameters Station Model. –N independent stations, each acting as a Poisson Process for the purpose.

Information Hiding: Watermarking and Steganography

RTP: A Transport Protocol for Real-Time Applications Provides end-to-end delivery services for data with real-time characteristics, such as interactive.

EECB 473 Data Network Architecture and Electronics Lecture 3 Packet Processing Functions.

Defending Against Traffic Analysis Attacks in Wireless Sensor Networks Security Team

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL

How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.

Traitor Tracing Vijay Ramachandran CS 655: E-commerce Foundations October 10, 2000.

NETWORKING CONCEPTS. ERROR DETECTION Error occures when a bit is altered between transmission& reception ie. Binary 1 is transmitted but received is binary.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

The Power of Explicit Congestion Notification Aleksandar Kuzmanovic Northwestern University

Chapter 12 Multiple Access Figure 12.1 Data link layer divided into two functionality-oriented sublayers Figure 12.2 Taxonomy of multiple-access protocols.

An Integrated Source Transcoding and Congestion Control Paradigm for Video Streaming in the Internet Proposed by R. Puri, K.W. Lee, K. Ramchandran and.

Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly Designed by Yao Zhao.

Anatomy: Simple and Effective Privacy Preservation Israel Chernyak DB Seminar (winter 2009)

1 The Sybil Attack John R. Douceur Microsoft Research Presented for Cs294-4 by Benjamin Poon.

Security of wireless ad-hoc networks. Outline Properties of Ad-Hoc network Security Challenges MANET vs. Traditional Routing Why traditional routing protocols.

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

CS352- Link Layer Dept. of Computer Science Rutgers University.

Proxy-based TCP over mobile nets1 Proxy-based TCP-friendly streaming over mobile networks Frank Hartung Uwe Horn Markus Kampmann Presented by Rob Elkind.

Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning1 CSC 774 Advanced Network Security Topic 4. Broadcast Authentication.

Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes Andrew Tran, Nicholas Hopper, Yongdae Kim Presenter: Josh Colvin, Fall 2011.

Lecture 1 Signals in the Time and Frequency Domains

Slicing the Onion: Anonymity Using Unreliable Overlays Sachin Katti Jeffrey Cohen & Dina Katabi.

1 Secure Cooperative MIMO Communications Under Active Compromised Nodes Liang Hong, McKenzie McNeal III, Wei Chen College of Engineering, Technology, and.

When rate of interferer’s codebook small Does not place burden for destination to decode interference When rate of interferer’s codebook large Treating.

Mobile Traffic Sensor Network versus Motion-MIX: Tracing and Protecting Mobile Wireless Nodes JieJun Kong Dapeng Wu Xiaoyan Hong and Mario Gerla.

Data and Computer Communications Eighth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 6 – Digital Data Communications Techniques.

Secure routing in wireless sensor network: attacks and countermeasures Presenter: Haiou Xiang Author: Chris Karlof, David Wagner Appeared at the First.

3-2008UP-Copyrights reserved1 ITGD4103 Data Communications and Networks Lecture-11:Data encoding techniques week 12- q-2/ 2008 Dr. Anwar Mousa University.

1 Countering DoS Through Filtering Omar Bashir Communications Enabling Technologies

Unit 5 Lecture 2 Error Control Error Detection & Error Correction.

Communication Systems 3.1) Characteristics of a Communication System.

Slide Copyright © 2007 Pearson Education, Inc. Publishing as Pearson Addison-Wesley.

Preserving Location Privacy in Wireless LANs Jiang, Wang and Hu MobiSys 2007 Presenter: Bibudh Lahiri.

Dual-Region Location Management for Mobile Ad Hoc Networks Yinan Li, Ing-ray Chen, Ding-chau Wang Presented by Youyou Cao.

Dr. Sudharman K. Jayaweera and Amila Kariyapperuma ECE Department University of New Mexico Ankur Sharma Department of ECE Indian Institute of Technology,

DHT-based unicast for mobile ad hoc networks Thomas Zahn, Jochen Schiller Institute of Computer Science Freie Universitat Berlin 報告 : 羅世豪.

SybilGuard: Defending Against Sybil Attacks via Social Networks.

1 Covert Communication based Privacy Preservation in Mobile Vehicular Networks Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**,

Tunable QoS-Aware Network Survivability Presenter : Yen Fen Kao Advisor : Yeong Sung Lin 2013 Proceedings IEEE INFOCOM.

Multicast Scaling Laws with Hierarchical Cooperation Chenhui Hu, Xinbing Wang, Ding Nie, Jun Zhao Shanghai Jiao Tong University, China.

1 An Interleaved Hop-by-Hop Authentication Scheme for Filtering of Injected False Data in Sensor Networks Sencun Zhu, Sanjeev Setia, Sushil Jajodia, Peng.

Jinfang Jiang, Guangjie Han, Lei Shu, Han-Chieh Chao, Shojiro Nishio

Privacy Preserving in Social Network Based System PRENTER: YI LIANG.

Mobility Increases the Connectivity of K-hop Clustered Wireless Networks Qingsi Wang, Xinbing Wang and Xiaojun Lin.

1 On Detection and Concealment of Critical Roles in Tactical Wireless Networks Zhuo Lu University of Memphis Cliff Wang Army Research Office Mingkui Wei.

Toward Reliable and Efficient Reporting in Wireless Sensor Networks Authors: Fatma Bouabdallah Nizar Bouabdallah Raouf Boutaba.

Data and Computer Communications Eighth & Ninth Edition by William Stallings Chapter 6 – Digital Data Communications Techniques.

11 A First Step towards Live Botmaster Traceback Daniel Ramsbrock, Xinyuan Wang, and Xuxian Jiang - the 11th International Symposium on Recent Advances.

Improved IEEE PCF performance using silence detection and cyclic shift on stations polling E. Ziouva and T. Antonakopoulos IEE Proceedings-Communications,

@Yuan Xue CS 285 Network Security Block Cipher Principle Fall 2012 Yuan Xue.

Tuesday, March 19 The Network Simplex Method for Solving the Minimum Cost Flow Problem Handouts: Lecture Notes Warning: there is a lot to the network.

Network Topology Single-level Diversity Coding System (DCS) An information source is encoded by a number of encoders. There are a number of decoders, each.

Digital Communications Chapter 6. Channel Coding: Part 1

1 Anonymity. 2 Overview  What is anonymity?  Why should anyone care about anonymity?  Relationship with security and in particular identification 

Pouya Ostovari and Jie Wu Computer & Information Sciences

Establishing baselines Detecting a Trend What to do following a Trend How to re-baseline Life Cycle of a Trend.

1 Project management Organising, planning and scheduling software projects.

Towards Measuring Anonymity

Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity and Identity Management – A Consolidated Proposal for Terminology Authors: Andreas.

Packetizing Error Detection

Packetizing Error Detection

Packetizing Error Detection

Presentation transcript:

Network Flow Watermarking Attack on Low-Latency Anonymous Communication Systems Xinyuan Wang, Shiping Chen, Sushil Jajodia Presented by Eun Kyoung Kim

Content Introduction Network Flow Identification and Anonymous Communication Interval Centroid Based Watermarking Scheme Properties of the Interval Centroid Based Watermarking Scheme Experiments Conclusions Discussions

Introduction To address privacy concerns, anonymous communication systems have been designed to provide anonymity Traditional methods of achieving anonymity include using proxies, MIXes, and various other flow transformations We investigate the fundamental limitations of flow transformations by developing a novel flow watermarking technique

Network Flow Identification and Anonymous Communication(1/5) Network information flow : the transmission path of some information along the network Network flow identification problem : how to determine network flows that belong to any particular network information flows Network flow identification is inherently related to anonymous communication whose goal is to conceal the true identities and relationships among the communication parties

Network Flow Identification and Anonymous Communication(2/5) Anonymous communication systems usually mix multiple network information flows among multiple communicating parties and transform each network flow substantially Existing network flow transformations can be divided into intra-flow transformations and inter-flow transformations

Network Flow Identification and Anonymous Communication(3/5)

Network Flow Identification and Anonymous Communication(4/5)

Network Flow Identification and Anonymous Communication(5/5) Existing low-latency anonymous communication systems have used variations of the flow transformations in addition to any cryptographic operations they may use Whether or not we could uniquely identify a network flow despite these flow transformations is a key problem that has a direct impact on some of the very foundations of existing anonymizing techniques

Interval Centroid Based Watermarking Scheme(1/6) Goal : to make a sufficiently long flow uniquely identifiable even after significant transformations have occurred Method : given a packet flow of duration Tf, to embed l-bit watermark with redundancy r

Interval Centroid Based Watermarking Scheme(2/6) Random grouping and assignment of intervals where n = l x r

Interval Centroid Based Watermarking Scheme(3/6) Finding aggregated centroids ◦ Aggregate all of the time stamps in the r group A and group B intervals ( I A i, j and I B i,j ), respectively, and calculate the centroids of group A and B packets (Ai and Bi), respectively, assigned for watermark bit i ◦ Before watermark encoding  E(Ai) = E(Bi) = T/2  E(Yi) = 0, where Yi = Ai - Bi

Interval Centroid Based Watermarking Scheme(4/6) Encoding scheme ◦ To encode bit ‘1’ or ‘0’, make Yi positive or negative by increasing Ai or Bi, respectively ◦ To increase Ai or Bi, delay each packet within each interval I A i, j or I B i,j, respectively ◦ Delay strategy ◦ After watermark encoding  E(A’i) = E(B’i) = (T+a) / 2  E(Y i 1 ) = a/2, E(Y i 0 ) = -a/2

Interval Centroid Based Watermarking Scheme(5/6) Decoding scheme ◦ Calculate each Yi(i=0, …, l-1) given the exact interval grouping and assignment information ◦ If Yi is positive/negative, the decoding of watermark bit i is 1/0

Interval Centroid Based Watermarking Scheme(6/6) The upper bound of the decoding error probability by Chebyshev inequality ◦ Given any T and a, we can minimize the error by increasing Ni, which can be achieved by increasing r provided that the flow is long enough with sufficient packets

Properties of the Interval Centroid Based Watermarking Scheme(1/3) Self-synchronization ◦ Try a rage of different offsets and find the offset that results in the closest match with the watermark ◦ Problem : increasing the false-positive rate ◦ Solution : lowering the false-positive rate of the single-offset decoding if we have enough packets

Properties of the Interval Centroid Based Watermarking Scheme(2/3) Robustness Against Chaff and Flow Mixing ◦ The chaff added to a watermarked flow tends to shift the centroid within each interval toward the center of the interval ◦ How large is the impact of the chaff packets over the watermark detection error probability? ◦ The upper bounds on the decoding error probabilities says no matter how large the R A, R B, R, we can always make the decoding error probabilities arbitrarily close to zero by having sufficiently large N i, which can be achieved by having sufficiently large number of packets

Properties of the Interval Centroid Based Watermarking Scheme(3/3) Robustness against packet dropping, repacketization, and flow splitting ◦ When there are enough packets left in the flow, the centroids of all the intervals tend to remain the same

Experiments(1/2) Real-time experiments on live anonymized web traffic

Experiments(2/2) Offline experiments

Conclusions We demonstrate that existing flow transformations do not necessarily make a long network flow indistinguishable from others By developing a novel flow watermarking technique, we can uniquely identify a long flow even after drastic flow transformations Our flow watermarking attack is applicable to all practical low-latency anonymous communication systems

Discussions Potential research topics ◦ How to keep privacy from this attack  Make the flow “sufficiently” short ◦ What is the capability of the low-latency anonymous communication systems in the presence of active adversary