On traffic analysis attacks and countermeasures

Security and privacy have gained more and more attention with the rapid growth and public acceptance of the Internet as a means of communication and information dissemination. Security and privacy of a computing or network system may be compromised by a variety of well-crafted attacks. In this dissertation, we address issues related to security and privacy in computer network systems. Specifically, we model and analyze a special group of network attacks, known as traffic analysis attacks, and develop and evaluate their countermeasures. Traffic analysis attacks aim to derive critical information by analyzing traffic over a network. We focus our study on two classes of traffic analysis attacks: link-load analysis attacks and flow-connectivity analysis attacks. Our research has made the following conclusions: (1) We have found that an adversary may effectively discover link load by passively analyzing selected statistics of packet inter-arrival times of traffic flows on a network link. This is true even if some commonly used countermeasures (e.g., link padding) have been deployed. We proposed an alternative effective countermeasure to counter this passive traffic analysis attack. Our extensive experimental results indicated this to be an effective approach. (2) Our newly proposed countermeasure may not be effective against active traffic analysis attacks, which an adversary may also use to discover the link load. We developed methodologies in countering these kinds of active attacks. (3) To detect the connectivity of a flow, an adversary may embed a recognizable pattern of marks into traffic flows by interference. We have proposed new countermeasures based on the digital filtering technology. Experimental results have demonstrated the effectiveness of our method. From our research, it is obvious that traffic analysis attacks present a serious challenge to the design of a secured computer network system. It is the objective of this study to develop robust but cost-effective solutions to counter link-load analysis attacks and flow-connectivity analysis attacks. It is our belief that our methodology can provide a solid foundation for studying the entire spectrum of traffic analysis attacks and their countermeasures.

[1]  Charles E. Perkins,et al.  Highly Dynamic Destination-Sequenced Distance-Vector Routing (DSDV) for mobile computers , 1994, SIGCOMM.

[2]  Richard E. Newman,et al.  Performance analysis of a method for high level prevention of traffic analysis , 1992, [1992] Proceedings Eighth Annual Computer Security Application Conference.

[3]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[4]  David G. Stork,et al.  Pattern Classification (2nd ed.) , 1999 .

[5]  Aleksandar Kuzmanovic,et al.  Low-rate TCP-targeted denial of service attacks and counter strategies , 2003, IEEE/ACM Transactions on Networking.

[6]  Charles E. Perkins,et al.  Ad-hoc on-demand distance vector routing , 1999, Proceedings WMCSA'99. Second IEEE Workshop on Mobile Computing Systems and Applications.

[7]  H. T. Kung,et al.  Design and analysis of an IP-Layer anonymizing infrastructure , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[8]  Donald F. Towsley,et al.  Modeling TCP throughput: a simple model and its empirical validation , 1998, SIGCOMM '98.

[9]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[10]  George Danezis,et al.  Mixminion: design of a type III anonymous remailer protocol , 2003, 2003 Symposium on Security and Privacy, 2003..

[11]  kc claffy,et al.  Longitudinal study of Internet traffic in 1998-2003 , 2004 .

[12]  Lili Qiu,et al.  Statistical identification of encrypted Web browsing traffic , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[13]  Paul Baran ON DISTRIBUTED COMMUNICATIONS: IX. SECURITY, SECRECY, AND TAMPER-FREE CONSIDERATIONS, , 1964 .

[14]  Dawn Xiaodong Song,et al.  Timing Analysis of Keystrokes and Timing Attacks on SSH , 2001, USENIX Security Symposium.

[15]  Mark Carson,et al.  NIST Net: a Linux-based network emulation tool , 2003, CCRV.

[16]  Jean-François Raymond,et al.  Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[17]  Richard E. Newman,et al.  High level prevention of traffic analysis , 1991, Proceedings Seventh Annual Computer Security Applications Conference.

[18]  Anton Stiglic,et al.  Traffic Analysis Attacks and Trade-Offs in Anonymity Providing Systems , 2001, Information Hiding.

[19]  Paul F. Syverson,et al.  Anonymous connections and onion routing , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[20]  David A. Maltz,et al.  Dynamic Source Routing in Ad Hoc Wireless Networks , 1994, Mobidata.

[21]  Stephen T. Kent,et al.  Security Mechanisms in High-Level Network Protocols , 1983, CSUR.

[22]  Richard E. Newman,et al.  Performance analysis of a method for high level prevention of traffic analysis using measurements from a campus network , 1994, Tenth Annual Computer Security Applications Conference.

[23]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[24]  Walter Willinger,et al.  Self-similarity through high-variability: statistical analysis of Ethernet LAN traffic at the source level , 1997, TNET.

[25]  Xiaoyan Hong,et al.  ANODR: anonymous on demand routing with untraceable routes for mobile ad-hoc networks , 2003, MobiHoc '03.

[26]  Robert Tappan Morris,et al.  Tarzan: a peer-to-peer anonymizing network layer , 2002, CCS '02.

[27]  Roger Dingledine,et al.  From a Trickle to a Flood: Active Attacks on Several Mix Types , 2002, Information Hiding.

[28]  Peter Sewell,et al.  Passive Attack Analysis for Connection-Based Anonymity Systems , 2003, ESORICS.

[29]  R. Moddemeijer On estimation of entropy and mutual information of continuous distributions , 1989 .

[30]  Theodore S. Rappaport,et al.  Wireless position location: fundamentals, implementation strategies, and sources of error , 1997, 1997 IEEE 47th Vehicular Technology Conference. Technology in Motion.

[31]  George Danezis,et al.  The Traffic Analysis of Continuous-Time Mixes , 2004, Privacy Enhancing Technologies.

[32]  Riccardo Bettati,et al.  IEEE TRANSACTIONS ON SYSTEMS , MAN , AND CYBERNETICS — PART A : SYSTEMS AND HUMANS , 2001 .

[33]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[34]  Riccardo Bettati,et al.  An optimal strategy for anonymous communication protocols , 2002, Proceedings 22nd International Conference on Distributed Computing Systems.

[35]  Ragunathan Rajkumar,et al.  Resource management of the OS network subsystem , 2002, Proceedings Fifth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing. ISIRC 2002.

[36]  Gerald Q. Maguire,et al.  A class of mobile motion prediction algorithms for wireless mobile computing and communications , 1996, Mob. Networks Appl..

[37]  Brenda Timmerman,et al.  A security model for dynamic adaptive traffic masking , 1998, NSPW '97.

[38]  Mario Gerla,et al.  A zone routing protocol for Bluetooth scatternets , 2003, 2003 IEEE Wireless Communications and Networking, 2003. WCNC 2003..

[39]  Riccardo Bettati,et al.  On Flow Correlation Attacks and Countermeasures in Mix Networks , 2004, Privacy Enhancing Technologies.

[40]  R. Wilder,et al.  Wide-area Internet traffic patterns and characteristics , 1997, IEEE Netw..

[41]  Andrew Hintz,et al.  Fingerprinting Websites Using Traffic Analysis , 2002, Privacy Enhancing Technologies.

[42]  Micah Adler,et al.  An Analysis of the Degradation of Anonymous Protocols , 2002, NDSS.

[43]  Fouad A. Tobagi,et al.  Packet-level traffic measurements from a tier-1 ip backbone , 2001 .

[44]  Sung-Ju Lee,et al.  Wireless Ad Hoc Multicast Routing with Mobility Prediction , 2001, Mob. Networks Appl..