Private communication detection: a stochastic approach

Private communication detection (PCD) enables an ordinary network user to discover communication patterns (e.g., call time, length, frequency, and initiator) between two or more private parties. Ordinary users have neither eavesdropping capabilities (e.g., the network may employ strong anonymity measures) nor legal authority (e.g., collection of call records---without any voice/data content---requires "national security letters") to collect private-communication records. Analysis of communication patterns between private parties has historically been a powerful tool used by intelligence, military, law-enforcement and business organizations as it can reveal the strength of tie between these parties. In this paper, we show that PCD is possible by ordinary users merely by sending packets to various network end-nodes (e.g., WiFi nodes) and analyzing the timing of their responses. We show that timing side channels, which are caused by distinct resource-contention responses when different applications run in end nodes, enable effective PCD despite network and proxy-generated noise (e.g., jitter, delays). We use a stochastic analysis to demonstrate how PCD exploits indirectly accessible, remote end-node resources, such as WiFi radio channels and computer keyboards in Instant Messaging. Similar analysis enables practical Sybil node detection.

[1]  Fan Zhang,et al.  Inferring users' online activities through traffic analysis , 2011, WiSec '11.

[2]  Rakesh Agrawal,et al.  Keyboard acoustic emanations , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[3]  Sadaoki Furui,et al.  Speaker-independent isolated word recognition using dynamic features of speech spectrum , 1986, IEEE Trans. Acoust. Speech Signal Process..

[4]  Charles V. Wright,et al.  Spot Me if You Can: Uncovering Spoken Phrases in Encrypted VoIP Conversations , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[5]  Hongbo Jiang,et al.  Privacy in VoIP Networks: Flow Analysis Attacks and Defense , 2011, IEEE Transactions on Parallel and Distributed Systems.

[6]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[7]  Sushil Jajodia,et al.  Tracking anonymous peer-to-peer VoIP calls on the internet , 2005, CCS '05.

[8]  Sanjay Kumar,et al.  Virtual WiFi: bring virtualization from wired to wireless , 2011, VEE '11.

[9]  Christian Grothoff,et al.  Privacy-Implications of Performance-Based Peer Selection by Onion-Routers: A Real-World Case Study Using I2P , 2011, PETS.

[10]  Dawn Xiaodong Song,et al.  Timing Analysis of Keystrokes and Timing Attacks on SSH , 2001, USENIX Security Symposium.

[11]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[12]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[13]  James H. Martin,et al.  Speech and language processing: an introduction to natural language processing, computational linguistics, and speech recognition, 2nd Edition , 2000, Prentice Hall series in artificial intelligence.

[14]  Eric Gilbert,et al.  Predicting tie strength with social media , 2009, CHI.

[15]  Dakshi Agrawal,et al.  The EM Side-Channel(s) , 2002, CHES.

[16]  A. Perrig,et al.  The Sybil attack in sensor networks: analysis & defenses , 2004, Third International Symposium on Information Processing in Sensor Networks, 2004. IPSN 2004.

[17]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[18]  George Danezis,et al.  A Survey of Anonymous Communication Channels , 2008 .

[19]  Birgit Pfitzmann,et al.  ISDN-MIXes: Untraceable Communication with Small Bandwidth Overhead , 1991, Kommunikation in Verteilten Systemen.

[20]  Vipin Kumar,et al.  Introduction to Data Mining, (First Edition) , 2005 .

[21]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[22]  Brian Neil Levine,et al.  A Survey of Solutions to the Sybil Attack , 2006 .

[23]  Daniel T. Larose,et al.  Discovering Knowledge in Data: An Introduction to Data Mining , 2005 .

[24]  Jean-Louis Lacoume,et al.  Noise Reduction in Side Channel Attack Using Fourth-Order Cumulant , 2007, IEEE Transactions on Information Forensics and Security.

[25]  Lawrence R. Rabiner,et al.  A tutorial on hidden Markov models and selected applications in speech recognition , 1989, Proc. IEEE.

[26]  Mark Handley,et al.  SIP: Session Initiation Protocol , 1999, RFC.

[27]  Paramvir Bahl,et al.  MultiNet: connecting to multiple IEEE 802.11 networks using a single wireless card , 2004, IEEE INFOCOM 2004.

[28]  Thomas S. Messerges,et al.  Investigations of Power Analysis Attacks on Smartcards , 1999, Smartcard.

[29]  Xun Gong,et al.  Fingerprinting websites using remote traffic analysis , 2010, CCS '10.

[30]  Ankur Teredesai,et al.  Extracting Social Networks from Instant Messaging Populations , 2004 .

[31]  Kai-Fu Lee,et al.  On large-vocabulary speaker-independent continuous speech recognition , 1988, Speech Commun..

[32]  Jean-François Raymond,et al.  Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems , 2000, Workshop on Design Issues in Anonymity and Unobservability.