New covert channels in HTTP: adding unwitting Web browsers to anonymity sets

This paper presents new methods enabling anonymous communication on the Internet. We describe a new protocol that allows us to create an anonymous overlay network by exploiting the web browsing activities of regular users. We show that the overlay net work provides an anonymity set greater than the set of senders and receivers in a realistic threat model. In particular, the protocol provides unobservability in our threat model.

[1]  A. Juels,et al.  Universal Re-encryption for Mixnets , 2004, CT-RSA.

[2]  Sameer Parekh Prospects for Remailers , 1996, First Monday.

[3]  Bernhard Plattner,et al.  Introducing MorphMix: peer-to-peer based anonymous Internet usage with collusion detection , 2002, WPES '02.

[4]  George Danezis,et al.  Mixminion: design of a type III anonymous remailer protocol , 2003, 2003 Symposium on Security and Privacy, 2003..

[5]  Lawrence C. Stewart,et al.  HTTP Authentication: Basic and Digest Access Authentication , 1999 .

[6]  Roger Dingledine,et al.  From a Trickle to a Flood: Active Attacks on Several Mix Types , 2002, Information Hiding.

[7]  Yossi Matias,et al.  How to Make Personalized Web Browising Simple, Secure, and Anonymous , 1997, Financial Cryptography.

[8]  Jean-François Raymond,et al.  Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[9]  Paul F. Syverson,et al.  Onion routing , 1999, CACM.

[10]  Roy T. Fielding,et al.  Hypertext Transfer Protocol - HTTP/1.0 , 1996, RFC.

[11]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[12]  Robert Tappan Morris,et al.  Tarzan: a peer-to-peer anonymizing network layer , 2002, CCS '02.

[13]  Guy L. Steele,et al.  The Java Language Specification , 1996 .

[14]  David M. Kristol,et al.  HTTP State Management Mechanism , 2000, RFC.

[15]  Craig H. Rowland,et al.  Covert Channels in the TCP/IP Protocol Suite , 1997, First Monday.

[16]  Dogan Kesdogan,et al.  Stop-and-Go-MIXes Providing Probabilistic Anonymity in an Open System , 1998, Information Hiding.

[17]  Tim Berners-Lee,et al.  Uniform Resource Locators (URL) , 1994, RFC.

[18]  Mike Fisk,et al.  Eliminating Steganography in Internet Traffic with Active Wardens , 2002, Information Hiding.

[19]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[20]  Anton Stiglic,et al.  Traffic Analysis Attacks and Trade-Offs in Anonymity Providing Systems , 2001, Information Hiding.

[21]  Keith Moore,et al.  On the use of HTTP as a Substrate , 2002, RFC.

[22]  Paul Syverson,et al.  Onion Routing for Anonymous and Private Internet Connections , 1999 .

[23]  Ian Goldberg,et al.  TAZ servers and the rewebber network , 1998 .

[24]  Hannes Federrath,et al.  Web MIXes: A System for Anonymous and Unobservable Internet Access , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[25]  Andreas Pfitzmann,et al.  Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[26]  Oliver Berthold,et al.  Dummy Traffic against Long Term Intersection Attacks , 2002, Privacy Enhancing Technologies.

[27]  Nick Feamster,et al.  Infranet: Circumventing Web Censorship and Surveillance , 2002, USENIX Security Symposium.