The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.12 - Dec. (2013 vol.62)
pp: 2411-2426
Zhen Ling , Southeast University, Nanjing
Xinwen Fu , University of Massachusetts Lowell, Lowell
Weijia Jia , City University of Hong Kong, Hong Kong
Wei Yu , Towson University, Towson
Dong Xuan , Ohio State University, Columbus
Junzhou Luo , Southeast University, Nanjing
ABSTRACT
In this paper, we present a study on the anonymity of Anonymizer, a well-known commercial anonymous communication system. We discovered the architecture of Anonymizer and found that the size of web packets in the Anonymizer network can be very dynamic at the client. Motivated by this finding, we investigated a class of novel packet size-based covert channel attacks against Anonymizer. The attacker between a website and the Anonymizer server can manipulate the web packet size and embed secret signal symbols into the target traffic. An accomplice at the user side can sniff the traffic and recognize the secret signal. In this way, the anonymity provided by Anonymizer is compromised. We developed intelligent and robust algorithms to cope with the packet size distortion incurred by Anonymizer and Internet. We developed techniques to make the attack harder to detect: 1) We pick up right packets of web objects to manipulate to preserve the regularity of the TCP packet size dynamics, which can be measured by the Hurst parameter; 2) We adopt the Monte Carlo sampling technique to preserve the distribution of the web packet size despite manipulation. We have implemented the attack over Anonymizer and conducted extensive analytical and experimental evaluations. It is observed that the attack is highly efficient and requires only tens of packets to compromise the anonymous web surfing via Anonymizer. The experimental results are consistent with our theoretical analysis.
INDEX TERMS
Servers, Web sites, Monte Carlo methods, Computer architecture, Educational institutions, Electronic mail,TCP dynamics, Anonymizer, watermark
CITATION
Zhen Ling, Xinwen Fu, Weijia Jia, Wei Yu, Dong Xuan, Junzhou Luo, "Novel Packet Size-Based Covert Channel Attacks against Anonymizer", IEEE Transactions on Computers, vol.62, no. 12, pp. 2411-2426, Dec. 2013, doi:10.1109/TC.2012.169
REFERENCES
[1] L. Overlier and P. Syverson, "Locating Hidden Servers," Proc. IEEE Security and Privacy Symp. (S&P), May 2006.
[2] B.N. Levine, M.K. Reiter, C. Wang, and M. Wright, "Timing Attacks in Low-Latency Mix-Based Systems," Proc. Eighth Int'l Financial Cryptography (FC) Conf., Feb. 2004.
[3] Y. Zhu, X. Fu, B. Graham, R. Bettati, and W. Zhao, "On Flow Correlation Attacks and Countermeasures in Mix Networks," Proc. Workshop Privacy Enhancing Technologies (PET), May 2004.
[4] S.J. Murdoch and G. Danezis, "Low-Cost Traffic Analysis of Tor," Proc. IEEE Security and Privacy Symp. (S&P), May 2006.
[5] K. Bauer, D. McCoy, D. Grunwald, T. Kohno, and D. Sicker, "Low-Resource Routing Attacks against Anonymous Systems," Proc. ACM Workshop Privacy Electronic Soc. (WPES), Oct. 2007.
[6] X. Wang, S. Chen, and S. Jajodia, "Network Flow Watermarking Attack on Low-Latency Anonymous Communication Systems," Proc. IEEE Symp. Security & Privacy (S&P), May 2007.
[7] W. Yu, X. Fu, S. Graham, D. Xuan, and W. Zhao, "DSSS-Based Flow Marking Technique for Invisible Traceback," Proc. IEEE Symp. Security and Privacy (S&P), May 2007.
[8] A. Houmansadr, N. Kiyavash, and N. Borisov, "Rainbow: A Robust and Invisible Non-Blind Watermark for Network Flows," Proc. 16th Network and Distributed System Security Symp. (NDSS), Feb. 2009.
[9] N. Evans, R. Dingledine, and C. Grothoff, "A Practical Congestion Attack on Tor Using Long Paths," Proc. 18th USENIX Security Symp.(Security), Aug. 2009.
[10] Z. Ling, J. Luo, W. Yu, X. Fu, D. Xuan, and W. Jia, "A New Cell Counter Based Attack against Tor," Proc. 16th ACM Conf. Computer and Comm. Security (CCS), Nov. 2009.
[11] Q.X. Sun, D.R. Simon, Y. Wang, W. Russell, V.N. Padmanabhan, and L.L. Qiu, "Statistical Identification of Encrypted Web Browsing Traffic," Proc. IEEE Symp. Security and Privacy (S&P), May 2002.
[12] M. Liberatore and B.N. Levine, "Inferring the Source of Encrypted HTTP Connections," Proc. ACM Conf. Computer and Comm. Security (CCS), Oct. 2006.
[13] C.V. Wright, L. Ballard, S.E. Coull, F. Monrose, and G.M. Masson, "Language Identification of Encrypted VOIP Traffic: Alejandra y Roberto or Alice and Bob," Proc. 16th Ann. USENIX Security Symp. (Security), Aug. 2007.
[14] C.V. Wright, L. Ballard, S.E. Coull, F. Monrose, and G.M. Masson, "Spot Me If You Can: Uncovering Spoken Phrases in Encrypted VOIPConversation," Proc. IEEE Symp. Security and Privacy (S&P), May 2008.
[15] W.E. Leland, M.S. Taqqu, W. Willinger, and D.V. Wilson, "On the Self-Similar Nature of Ethernet Traffic (Extended)," IEEE/ACM Trans. Networking, vol. 2, no. 1, pp. 1-15, Feb. 1994.
[16] J. Beran, Statistics for Long-Memory Processes. Chapman & Hall, Oct. 1994.
[17] Anonymizer, Inc., http:/www.anonymizer.com/, 2011.
[18] T. Ylonen and C. Lonvick, "The Secure Shell (Ssh) Transport Layer Protocol, RFC 4253," http://www.ietf.org/rfcrfc4253.txt, Jan. 2006.
[19] T. Ylonen and C. Lonvick, "The Secure Shell (SSH) Authentication Protocol, RFC 4252," http://www.ietf.org/rfcrfc4252.txt, Jan. 2006.
[20] T. Ylonen and C. Lonvick, "The Secure Shell (SSH) Connection Protocol, RFC 4254," http://www.ietf.org/rfcrfc4254.txt, Jan. 2006.
[21] D. Ramsbrock, X. Wang, and X. Jiang, "A First Step Towards Live Botmaster Traceback," Proc. 11th Int'l Symp. Recent Advances in Intrusion Detection (RAID), Sept. 2008.
[22] S. Gianvecchio, H. Wang, D. Wijesekera, and S. Jajodia, "Model-Based Covert Timing Channels: Automated Modeling and Evasion," Proc. 11th Int'l Symp. Recent Advances in Intrusion Detection (RAID), Sept. 2008.
[23] H.E. Hurst, "Long Term Storage Capacity of Reservoirs," Trans. Am. Soc. Civil Engineers, vol. 116, pp. 770-799, 1951.
[24] R.G. Clegg, "A Practical Guide to Measuring the Hurst Parameter," Proc. 21st UK Performance Eng. Workshop, 2005.
[25] B.B. Mandelbrot and J.W.V. Ness, "Fractional Brownian Motions, Fractional Noises and Applications," Soc. Industrial and Applied Math., vol. 10, no. 4, pp. 422-437, Oct. 1968.
[26] I. Cox, M. Miller, J. Bloom, J. Fridrich, and T. Kalker, Digital Watermarking and Steganography, second ed. Morgan Kaufmann, 2007.
[27] J. Soto and L. Bassham, "Randomness Testing of the Advanced Encryption Standard Finalist Candidates," NIST IR 6483, Nat'l Inst. of Standards and Technology, 1999.
[28] H.-K. Choi and J.O. Limb, A Behavioral Model of Web Traffic," Proc. IEEE Int'l Conf. Network Protocols (ICNP), Sept. 1999.
[29] J.J. Lee and M. Gupta, "A New Traffic Model for Current User Web Browsing Behavior," technical report, Intel Corp., Santa Clara, Calif, 2007.
[30] X. Fu, B. Graham, Y. Guan, R. Bettati, and W. Zhao, "NetCamo: Camouflaging Network Traffic for Real-Time Applications," Proc. Texas Workshop Security of Information Systems, Apr. 2003.
[31] W. Dai, "Pipenet 1.1," http://weidai.compipenet.txt, 2011.
[32] R. Dingledine, N. Mathewson, and P. Syverson, "Tor: The Secondgeneration Onion Router," Proc. 13th USENIX Security Symp., Aug. 2004.
[33] X. Fu, B. Graham, R. Bettati, and W. Zhao, "Analytical and Empirical Analysis of Countermeasures to Traffic Analysis Attacks," Proc. Int'l Conf. Parallel Processing (ICPP), 2003.
[34] V. Shmatikov and M. hsiu Wang, "Timing Analysis in Low-Latency Mix Networks: Attacks and Defenses," Proc. European Symp. Research in Computer Security (ESORICS), 2006.
[35] "Pen," http://siag.nupen, 2011.
[36] "Adobe Flash Player," http://www.adobe.com/products flashplayer /, 2011.
[37] D.X. Song, D. Wagner, and X. Tian, "Timing Analysis of Keystrokes and Timing Attacks on SSH," Proc. 10th USENIX Security Symp., Aug. 2001.
[38] N. Kiyavash, A. Houmansadr, and N. Borisov, "Multi-Flow Attacks against Network Flow Watermarking Schemes," Proc. 17th USENIX Security Symp., July/Aug. 2008.
[39] Y.J. Pyun, Y.H. Park, X. Wang, D.S. Reeves, and P. Ning, "Tracing Traffic through Intermediate Hosts that Repacketize Flows," Proc. IEEE INFOCOM, May 2007.
[40] C.V. Wright, S.E. Coull, and F. Monrose, "Traffic Morphing: An Efficient Defense against Statistical Traffic Analysis," Proc. Network and Distributed Security Symp. (NDSS), Feb. 2009.
[41] P. Peng, P. Ning, and D.S. Reeves, "On the Secrecy of Timing-Based Active Watermarking Trace-Back Techniques," Proc. IEEE Security and Privacy Symp. (S&P), May 2006.
[42] X. Wang and D.S. Reeves, "Robust Correlation of Encrypted Attack Traffic through Stepping Stones by Manipulation of Inter-Packet Delays," Proc. ACM Conf. Computer and Comm. Security (CCS), Nov. 2003.
[43] G. Shah, A. Molina, and M. Blaze, "Keyboards and Covert Channels," Proc. 15th USENIX Security Symp., July/Aug. 2006.
[44] S. Cabuk, C.E. Brodley, and C. Shields, "IP Covert Timing Channels: Design and Detection," Proc. ACM Conf. Computer and Comm. Security (CCS), Oct. 2004.
72 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool