4471 anonymous communications
Post on 14-Apr-2018
215 Views
Preview:
TRANSCRIPT
-
7/29/2019 4471 Anonymous Communications
1/39
Anonymous Communications
-
7/29/2019 4471 Anonymous Communications
2/39
Outline
Overview of Anonymous Communications
Invisible Traceback over Anonymous
Communications
Final Remarks
-
7/29/2019 4471 Anonymous Communications
3/39
Overview: Anonymous
Communications
Network communications among parties
concealing parties identity, existence of
communications
Applications: whistleblowing, privacy-preserving
free expression, voting in elections, etc.
Systems: Tor [1], I2P [2], Anonymizer [3], etc.
Practice: Users communications cloaked bypartitioning into application-layer chunks, relayed
among users in system [4]
-
7/29/2019 4471 Anonymous Communications
4/39
Case Study: How Tor Works
Source: [1]
-
7/29/2019 4471 Anonymous Communications
5/39
Outline
Overview of Anonymous Communications
Invisible Traceback over Anonymous
Communications
Motivation
Flow marking traceback technique
Prototyping
Implementation and Evaluation
Related Work
Final Remarks
-
7/29/2019 4471 Anonymous Communications
6/39
Motivation: Invisible Traceback (1)
Traceback in the real world
Animal traceback Mail traceback Family traceback [5]
-
7/29/2019 4471 Anonymous Communications
7/39
Motivation: Invisible Traceback (2)
Internet is breeding ground for many crimes:
Criminal enterprises like anonymous communications
For such cases, law enforcement investigators need to
determine parties responsible for crimes
Credit Card Fraud Sharing Files(without permission)
Cyber-Terrorism Malware Distribution
-
7/29/2019 4471 Anonymous Communications
8/39
Motivation: Invisible Traceback (3)
Traceback aims to determine whodunit:
Origin of a packet/message
Unauthorized distributors, downloaders of files
Evil cybercriminals communicating with each other
Evil Evil
Investigator
-
7/29/2019 4471 Anonymous Communications
9/39
Motivation: Invisible Traceback (4)
Critical point: investigators traceback activityneeds to be invisible to suspects (e.g., illegal filesharers, cybercriminals)
Without invisibility: Suspects would cease criminal activity, do it
elsewhere, develop countermeasures to foolinvestigators, etc.
Investigator would have no evidence of wrongdoing
Traceback helps hold cybercriminals responsiblefor their actions
-
7/29/2019 4471 Anonymous Communications
10/39
Challenges to Invisible Traceback (1)
The nature of the Internet:
Large scale, loose control
Destination oriented routing and forwarding
easy to spoof source IP addresses
Intermediate nodes record very little information
-
7/29/2019 4471 Anonymous Communications
11/39
Challenges to Invisible Traceback (2)
Availability of anonymous communication systems
Anonymous Communication
Sender Receiver
A
B
Human Spy Network
S to A
B to R
A to B
-
7/29/2019 4471 Anonymous Communications
12/39
Our Focus
Suppose a sender sends traffic through an encrypted
anonymous channel. How can the investigator trace
and confirm the receivers identity?
Papers [4] and [6] (S&P 2007, ToN 2012)
ReceiverSender
Anonymous
Channel
-
7/29/2019 4471 Anonymous Communications
13/39
Outline
Overview of Anonymous Communications
Invisible Traceback over Anonymous
Communications
Motivation
Flow marking traceback technique
Prototyping
Implementation and Evaluation
Related Work
Final Remarks
-
7/29/2019 4471 Anonymous Communications
14/39
An Intuitive Solution
Packet marking: mark certain packets
Sender
AnonymousNetwork
Receiver
However, packets are encrypted inanonymous communication systems Carelessly marked packets fail decryption
visible to the attacker!
-
7/29/2019 4471 Anonymous Communications
15/39
Our Solution
Flow marking
Change traffic flow rates
Traffic rate changes represent a mark, i.e.,
special secret code
Anonymous
Channel
Investigator knows that Sender communicates with Receiver!
Investigator
Sender Anonymous
Network
Interferer
Receiver
Sniffer
-
7/29/2019 4471 Anonymous Communications
16/39
Key Differences Between Flow and
Packet Marking Packet marking
Mark embedded in packets
Packet content is changed
It is very difficult, if impossible, to hide suchchanges when packets are encrypted
Flow marking
Mark is embedded in flow rate changes No packet content is changed
It is feasible to hide flow rate changes in theInternet, typically with dynamic traffic
-
7/29/2019 4471 Anonymous Communications
17/39
Questions About Flow Marking
A detail question:
How is a mark embedded into flow rate changes?
Two big picture questions:
How do we make the traffic rate changes invisible
to cybercriminals?
How do we make the traffic changes robustto
burst traffic interference in the Internet?
-
7/29/2019 4471 Anonymous Communications
18/39
Embedding Mark Into Flow Rate
Changes
Mark decides flow rate changes
Key to flow rate changes invisibility and
robustness: choose an appropriate mark
Direct Sequence Spread Spectrum (DSSS)
-1111 1 -1 -1Mark
Flow
-
7/29/2019 4471 Anonymous Communications
19/39
Basic Direct Sequence Spread
Spectrum (DSSS)
A pseudo-noise (PN) code is used for spreading
a signal and despreading a spread signal
DespreadingSpreading
PN Code
Original
Signaltb
ct
dt
PN Code
cr
Recovered
Signalnoisy
channel
Interferer Snifferrb dr
-
7/29/2019 4471 Anonymous Communications
20/39
Example: Spreading and Despreading
Signal PN code (i.e. DSSS code)
One symbol is represented by 7 chips
PN code is random; not visible in time or frequency domains
tb
is the mark!
Despreading is the reverse process of spreading
+1
1dt t
ct+1
1
Tc(chip)
t
NcTc
t
tb
Mark
-
7/29/2019 4471 Anonymous Communications
21/39
Invisibility of Flow Marking
Marks show a white noise-like pattern in both
time, frequency domains
Mark amplitude can be very small
As suspects dont know the code, its very hard
for them to recognize marks
-
7/29/2019 4471 Anonymous Communications
22/39
Accuracy of Flow Marking
Recognition
Spreading/despreading processes make the
mark immune to burst interference introduced
by Internet background traffic
+1
1dt t
ct+1
1
Tc(chip)
t
tb
Mark
-
7/29/2019 4471 Anonymous Communications
23/39
Outline
Overview of Anonymous Communications
Invisible Traceback over Anonymous
Communications
Motivation
Flow marking traceback technique
Prototyping
Implementation and Evaluation
Related Work
Final Remarks
-
7/29/2019 4471 Anonymous Communications
24/39
A Prototype System
ReceiverSender
SnifferInterferer
Anonymous
Network
Signal Modulator
Flow Modulator Flow Demodulator
Signal Modulator
Recovered Signal
-
7/29/2019 4471 Anonymous Communications
25/39
Embedding Signal into Traffic at
Interferer
1. Choose a random signalof length n: (1 -1)
2. Signal modulator: obtain thespread signal
3. Flow modulator: modulate a
target traffic flow byappropriate interference Bit 1: without interference
Bit1: with interference
PN
Code
Signal
Flow
Modulator
Internet
spread signal + noise
Signal Modulator
-
7/29/2019 4471 Anonymous Communications
26/39
Recovering Signal at Sniffer
1. Flow demodulator: Sniff target traffic
Sample target traffic to derive trafficrate time series
Use high-pass filter to remove directcomponent by Fast Fourier Transform(FFT)
2. Signal demodulator: Despreading by the PN code
Use low-pass filter to remove high-frequency noise
3. Decision rule: Recovered signal == Original signal?
PN
Code
Decision
Rule
spread signal + noise
High-pass
Filter
Low-pass
Filter
Flow Demodulator
Signal Demodulator
-
7/29/2019 4471 Anonymous Communications
27/39
Analytical Results
1 bit signal detection rate: probability that we recognize 1
signal bit if we know when the signal appears
where erfc() is complementary error function,
Nc is PN code length n-bit signal detection rate
SNR influences accuracy as well as invisibility
A
Signal to Noise Ratio (SNR)
-
7/29/2019 4471 Anonymous Communications
28/39
Outline
Overview of Anonymous Communications
Invisible Traceback over Anonymous
Communications
Motivation
Flow marking traceback technique
Prototyping
Implementation and Evaluation
Related Work
Final Remarks
-
7/29/2019 4471 Anonymous Communications
29/39
Real World Experimental Setup
The flow modulator at the interferer uses denial of service attack in wirednetworks
-
7/29/2019 4471 Anonymous Communications
30/39
Evaluation Setup
Sender
Receiver
-
7/29/2019 4471 Anonymous Communications
31/39
Traceback Invisibility
Overlapping traffic rate curves for traffic
without marks in time and frequency domains
-
7/29/2019 4471 Anonymous Communications
32/39
Traceback Accuracy
-
7/29/2019 4471 Anonymous Communications
33/39
Transformation into a Real-World Tool
Remaining issues
Not totally invisible
Not accurate to low rate traffic
Robustness
Applied to different scenarios
One-to-one group
Orthogonal codes parallel flow marking
Wireless/wired networks
-
7/29/2019 4471 Anonymous Communications
34/39
Outline
Overview of Anonymous Communications
Invisible Traceback over Anonymous
Communications
Motivation
Flow marking traceback technique
Prototyping
Implementation and Evaluation
Related Work
Final Remarks
-
7/29/2019 4471 Anonymous Communications
35/39
Related Work
IP packet marking based traceback (UC Berkeley, Purdue U.) [7, 8]
Each router on path adds its IP address to packet; victim reads path from packet
Con: requires extra space in packet; requires network infrastructure involvement
Packet inter-arrival time based traceback (NCSU, George Mason U.)
[9, 10]
Adjusts packet inter-arrival time conveying information
Pro: fewer packets
Con: sensitive to interference; needs more controlled network segments
Correlation based traceback (UT Arlington, U. of Cambridge) [11, 12] Correlates traffic at different locations (passively or actively)
Pro: passive, no target traffic interference (good secrecy)
Con: needs threshold to determine whether traffic at different locations is related
-
7/29/2019 4471 Anonymous Communications
36/39
Outline
Overview of Anonymous Communications
Invisible Traceback over Anonymous
Communications
Final Remarks
-
7/29/2019 4471 Anonymous Communications
37/39
Final Remarks
Anonymous communication systems useful,
but can be abused by cybercriminals
Invisible traceback: important, hard problem
We proposed novel traceback technique based
on flow marking with spread spectrum
We prototyped a system based on this
technique
Technique has strong potential for
development as a real-world tool
-
7/29/2019 4471 Anonymous Communications
38/39
References (1)
1. Tor Project, Tor: Anonymity Online,http://torproject.org/about/overview.html.en
2. I2P Anonymous Network,http://www.i2p2.de/
3. Anonymizer, Inc., http://www.anonymizer.com
4. Z. Ling, J. Luo, W. Yu, X. Fu, D. Xuan, and W. Jia,A New Cell-Counting-Based Attack
Against Tor,ACM/IEEE Trans. on Networking (ToN), vol. 20, no. 4, Aug. 2012, pp. 1245
1261.
5. http://www.englishexercises.org/makeagame/viewgame.asp?id=453
6. W. Yu, X. Fu, S. Graham, D. Xuan, and W. Zhao, DSSS-Based Flow Marking Technique
for Invisible Traceback,Proc. IEEE Symp. on Security and Privacy (S&P), 2007, pp. 18
31.
7. D. X. Song and A. Perrig, Advanced and authenticated marking schemes for IP traceback,
inProc. IEEE INFOCOM, 2001
8. K. Park and H. Lee, On the Effectiveness of Probabilistic Packet Marking for IP Traceback
under Denial of Service Attack, inProc. IEEE INFOCOM, 2001.
9. X. Wang, S. Chen, and S. Jajodia, Tracking anonymous peer-to-peer voip calls on the
internet, inProc. ACM Conf. on Computer Communications Security (CCS), 2005.
10. P. Peng, P. Ning, and D. S. Reeves, On the secrecy of timing-based active watermarking
trace-back techniques, inProc. IEEE Symp. on Security and Privacy (S&P), 2006.
http://torproject.org/about/overview.html.enhttp://www.i2p2.de/http://www.anonymizer.com/http://www.englishexercises.org/makeagame/viewgame.asp?id=453http://www.englishexercises.org/makeagame/viewgame.asp?id=453http://www.anonymizer.com/http://www.i2p2.de/http://torproject.org/about/overview.html.en -
7/29/2019 4471 Anonymous Communications
39/39
References (2)
11. Y. Zhu, X. Fu, B. Graham, R. Bettati, and W. Zhao,On flow correlation attacks and
countermeasures in mix networks, inProc. Workshop on Privacy Enhancing Technologies
(PET), 2004.
12. B. N. Levine, M. Reiter, C. Wang, and M. Wright, Timing analysis in low-latency mix
systems, inProc. Intl. Conf. on Financial Cryptography, 2004.
top related