Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.
-
Upload
edwin-bell -
Category
Documents
-
view
222 -
download
4
Transcript of Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.
![Page 1: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/1.jpg)
Anonymous Communications
Adam C. Champion and Dong Xuan
CSE 4471: Information Security
Autumn 2012
![Page 2: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/2.jpg)
Outline
• Overview of Anonymous Communications
• Invisible Traceback over Anonymous Communications
• Final Remarks
![Page 3: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/3.jpg)
Overview: Anonymous Communications
• Network communications among parties concealing parties’ identity, existence of communications– Applications: whistleblowing, privacy-preserving
free expression, voting in elections, etc.
– Systems: Tor [1], I2P [2], Anonymizer [3], etc.
– Practice: Users’ communications cloaked by partitioning into application-layer chunks, relayed among users in system [4]
![Page 4: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/4.jpg)
Case Study: How Tor Works
Source: [1]
![Page 5: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/5.jpg)
Outline
• Overview of Anonymous Communications
• Invisible Traceback over Anonymous Communications– Motivation
– Flow marking traceback technique
– Prototyping
– Implementation and Evaluation
– Related Work
• Final Remarks
![Page 6: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/6.jpg)
Motivation: Invisible Traceback (1)
• Traceback in the real world
Animal traceback Mail traceback Family traceback [5]
![Page 7: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/7.jpg)
Motivation: Invisible Traceback (2)
• Internet is breeding ground for many crimes:
• Criminal enterprises like anonymous communications…
• For such cases, law enforcement investigators need to determine parties responsible for crimes
Credit Card Fraud Sharing © Files(without permission)
Cyber-Terrorism Malware Distribution
![Page 8: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/8.jpg)
Motivation: Invisible Traceback (3)
• Traceback aims to determine “whodunit”:– Origin of a packet/message– Unauthorized distributors, downloaders of © files– Evil cybercriminals communicating with each other
Evil Evil
Investigator
![Page 9: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/9.jpg)
Motivation: Invisible Traceback (4)
• Critical point: investigator’s traceback activity needs to be invisible to suspects (e.g., illegal file sharers, cybercriminals)
• Without invisibility:– Suspects would cease criminal activity, do it
elsewhere, develop countermeasures to fool investigators, etc.
– Investigator would have no evidence of wrongdoing
• Traceback helps hold cybercriminals responsible for their actions
![Page 10: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/10.jpg)
Challenges to Invisible Traceback (1)
• The nature of the Internet:– Large scale, loose control
– Destination oriented routing and forwarding ⟹easy to spoof source IP addresses
– Intermediate nodes record very little information
![Page 11: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/11.jpg)
Challenges to Invisible Traceback (2)
• Availability of anonymous communication systems
Anonymous Communication
Sender Receiver
A
B
Human Spy Network
S to A
B to R
A to B
![Page 12: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/12.jpg)
Our Focus
• Suppose a sender sends traffic through an encrypted anonymous channel. How can the investigator trace and confirm the receiver’s identity?
• Papers [4] and [6] (S&P 2007, ToN 2012)
ReceiverSender
Anonymous Channel
![Page 13: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/13.jpg)
Outline
• Overview of Anonymous Communications
• Invisible Traceback over Anonymous Communications– Motivation
– Flow marking traceback technique
– Prototyping
– Implementation and Evaluation
– Related Work
• Final Remarks
![Page 14: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/14.jpg)
An Intuitive Solution
• Packet marking: mark certain packets
Sender
AnonymousNetwork
Receiver
• However, packets are encrypted in anonymous communication systems– Carelessly marked packets fail decryption ⟹
visible to the attacker!
![Page 15: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/15.jpg)
Our Solution
• Flow marking– Change traffic flow rates
– Traffic rate changes represent a “mark,” i.e., special secret code
AnonymousChannel
Investigator knows that Sender communicates with Receiver!
Investigator
Sender AnonymousNetwork
Interferer
Receiver
Sniffer
![Page 16: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/16.jpg)
Key Differences Between Flow and Packet Marking
• Packet marking– Mark embedded in packets – Packet content is changed– It is very difficult, if impossible, to hide such
changes when packets are encrypted
• Flow marking– Mark is embedded in flow rate changes– No packet content is changed– It is feasible to hide flow rate changes in the
Internet, typically with dynamic traffic
![Page 17: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/17.jpg)
Questions About Flow Marking
• A “detail” question:– How is a mark embedded into flow rate changes?
• Two “big picture” questions:– How do we make the traffic rate changes invisible
to cybercriminals?
– How do we make the traffic changes robust to burst traffic interference in the Internet?
![Page 18: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/18.jpg)
Embedding Mark Into Flow Rate Changes
• Mark decides flow rate changes– Key to flow rate changes’ invisibility and
robustness: choose an appropriate mark
– Direct Sequence Spread Spectrum (DSSS)
-1111 1 -1 -1 Mark
Flow
![Page 19: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/19.jpg)
Basic Direct Sequence Spread Spectrum (DSSS)
• A pseudo-noise (PN) code is used for spreading a signal and despreading a spread signal
DespreadingSpreading
PN Code
Original Signal
tb
ct
dt
PN Code
cr
Recovered Signal
noisychannel
Interferer Sniffer
rb dr
![Page 20: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/20.jpg)
Example: Spreading and Despreading• Signal • PN code (i.e. DSSS code) •
– One symbol is “represented” by 7 chips– PN code is random; not visible in time or frequency domains
• tb is the mark!• Despreading is the reverse process of spreading
+1
–1dt t
ct
+1
–1
Tc (chip)
t
NcTc
t
tb
Mark
![Page 21: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/21.jpg)
Invisibility of Flow Marking
• Marks show a white noise-like pattern in both time, frequency domains
• Mark amplitude can be very small
• As suspects don’t know the code, it’s very hard for them to recognize marks
![Page 22: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/22.jpg)
Accuracy of Flow Marking Recognition
• Spreading/despreading processes make the mark immune to burst interference introduced by Internet background traffic
+1
–1dt t
ct
+1
–1
Tc (chip)
t
tb
Mark
![Page 23: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/23.jpg)
Outline
• Overview of Anonymous Communications
• Invisible Traceback over Anonymous Communications– Motivation
– Flow marking traceback technique
– Prototyping
– Implementation and Evaluation
– Related Work
• Final Remarks
![Page 24: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/24.jpg)
A Prototype System
ReceiverSender
SnifferInterferer
AnonymousNetwork
Signal Modulator
Flow Modulator Flow Demodulator
Signal Modulator
Recovered Signal
![Page 25: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/25.jpg)
Embedding Signal into Traffic at Interferer
1. Choose a random signalof length n: (1 -1)
2. Signal modulator: obtain the spread signal
3. Flow modulator: modulate a target traffic flow by appropriate interference• Bit 1: without interference• Bit –1: with interference
PN Code
Signal
FlowModulator
Internet
spread signal + noise
Signal Modulator
![Page 26: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/26.jpg)
Recovering Signal at Sniffer1. Flow demodulator:
• Sniff target traffic• Sample target traffic to derive traffic
rate time series• Use high-pass filter to remove direct
component by Fast Fourier Transform (FFT)
2. Signal demodulator: • Despreading by the PN code• Use low-pass filter to remove high-
frequency noise
3. Decision rule:• Recovered signal == Original signal?
PN Code
Decision Rule
spread signal + noise
High-pass Filter
Low-pass Filter
Flow Demodulator
Signal Demodulator
![Page 27: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/27.jpg)
Analytical Results
• 1 bit signal detection rate: probability that we recognize 1 signal bit if we know when the signal appears
where erfc( ) is complementary error function,⋅
Nc is PN code length
• n-bit signal detection rate
• SNR influences accuracy as well as invisibility
A
Signal to Noise Ratio (SNR)
![Page 28: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/28.jpg)
Outline
• Overview of Anonymous Communications
• Invisible Traceback over Anonymous Communications– Motivation
– Flow marking traceback technique
– Prototyping
– Implementation and Evaluation
– Related Work
• Final Remarks
![Page 29: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/29.jpg)
Real World Experimental Setup
• The flow modulator at the interferer uses denial of service attack in wired networks
![Page 30: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/30.jpg)
Evaluation Setup
Interfer
er
SnifferSender
Receiver
![Page 31: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/31.jpg)
Traceback Invisibility
• Overlapping traffic rate curves for traffic without marks in time and frequency domains
![Page 32: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/32.jpg)
Traceback Accuracy
![Page 33: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/33.jpg)
Transformation into a Real-World Tool
• Remaining issues– Not totally invisible
– Not accurate to low rate traffic
– Robustness
• Applied to different scenarios– One-to-one group ⟹• Orthogonal codes parallel flow marking⟹
–Wireless/wired networks
![Page 34: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/34.jpg)
Outline
• Overview of Anonymous Communications
• Invisible Traceback over Anonymous Communications– Motivation
– Flow marking traceback technique
– Prototyping
– Implementation and Evaluation
– Related Work
• Final Remarks
![Page 35: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/35.jpg)
Related Work
• IP packet marking based traceback (UC Berkeley, Purdue U.) [7, 8]– Each router on path adds its IP address to packet; victim reads path from packet
– Con: requires extra space in packet; requires network infrastructure involvement
• Packet inter-arrival time based traceback (NCSU, George Mason U.) [9, 10]– Adjusts packet inter-arrival time conveying information
– Pro: fewer packets
– Con: sensitive to interference; needs more controlled network segments
• Correlation based traceback (UT Arlington, U. of Cambridge) [11, 12]– Correlates traffic at different locations (passively or actively)
– Pro: passive, no target traffic interference (good secrecy)
– Con: needs threshold to determine whether traffic at different locations is related
![Page 36: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/36.jpg)
Outline
• Overview of Anonymous Communications
• Invisible Traceback over Anonymous Communications
• Final Remarks
![Page 37: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/37.jpg)
Final Remarks
• Anonymous communication systems useful, but can be abused by cybercriminals
• Invisible traceback: important, hard problem
• We proposed novel traceback technique based on flow marking with spread spectrum
• We prototyped a system based on this technique
• Technique has strong potential for development as a real-world tool
![Page 38: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/38.jpg)
References (1)1. Tor Project, “Tor: Anonymity Online,” http://torproject.org/about/overview.html.en
2. “I2P Anonymous Network,” http://www.i2p2.de/
3. Anonymizer, Inc., http://www.anonymizer.com
4. Z. Ling, J. Luo, W. Yu, X. Fu, D. Xuan, and W. Jia, “A New Cell-Counting-Based Attack Against Tor,” ACM/IEEE Trans. on Networking (ToN), vol. 20, no. 4, Aug. 2012, pp. 1245–1261.
5. http://www.englishexercises.org/makeagame/viewgame.asp?id=453
6. W. Yu, X. Fu, S. Graham, D. Xuan, and W. Zhao, “DSSS-Based Flow Marking Technique for Invisible Traceback,” Proc. IEEE Symp. on Security and Privacy (S&P), 2007, pp. 18–31.
7. D. X. Song and A. Perrig, “Advanced and authenticated marking schemes for IP traceback”, in Proc. IEEE INFOCOM, 2001
8. K. Park and H. Lee, “On the Effectiveness of Probabilistic Packet Marking for IP Traceback under Denial of Service Attack”, in Proc. IEEE INFOCOM, 2001.
9. X. Wang, S. Chen, and S. Jajodia, “Tracking anonymous peer-to-peer voip calls on the internet,” in Proc. ACM Conf. on Computer Communications Security (CCS), 2005.
10. P. Peng, P. Ning, and D. S. Reeves, “On the secrecy of timing-based active watermarking trace-back techniques,” in Proc. IEEE Symp. on Security and Privacy (S&P), 2006.
![Page 39: Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649e425503460f94b3584c/html5/thumbnails/39.jpg)
References (2)
11. Y. Zhu, X. Fu, B. Graham, R. Bettati, and W. Zhao, “On flow correlation attacks and countermeasures in mix networks,” in Proc. Workshop on Privacy Enhancing Technologies (PET), 2004.
12. B. N. Levine, M. Reiter, C. Wang, and M. Wright, “Timing analysis in low-latency mix systems,” in Proc. Int’l. Conf. on Financial Cryptography, 2004.