SlideShare une entreprise Scribd logo

21-TrafAnal.pptx

Télécharger en tant que PPTX, PDF
A
adityaanshu10

This document discusses network flow watermarking as an active traffic analysis technique. It begins with background on anonymity systems and passive traffic analysis attacks. It then introduces the concept of active traffic analysis by watermarking network flows to perturb traffic characteristics like packet timing. The document focuses on the RAINBOW watermarking scheme, which embeds a spread spectrum watermark in the inter-packet delay. It describes the watermarking and detection process, analyzes the detection performance, and discusses applications like stepping stone detection and anonymity compromise.

Ingénierie
1  sur  43
Traffic Analysis: Network Flow Watermarking Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 1 CS660 - Advanced Information Assurance - UMassAmherst
Previously • Two popular forms of anonymous communications – Onion Routing (Tor) – Mix Networks • They aim to be low-latency to be used for interactive application, e.g., web browsing, IM, VoIP, etc. Gives birth to attacks 2 CS660 - Advanced Information Assurance - UMassAmherst
Attacks on anonymity systems • Traffic analysis attacks • Intersection attacks • Fingerprinting attacks • DoS attacks • … 3 CS660 - Advanced Information Assurance - UMassAmherst
Who Wants to Attack Tor? • Who has the ability to attack Tor? CS660 - Advanced Information Assurance - UMassAmherst 4
• How NSA tries to break Tor – Tor stinks 5 CS660 - Advanced Information Assurance - UMassAmherst
Why do they want to break Tor (or, what do they say?) 6 CS660 - Advanced Information Assurance - UMassAmherst
7 CS660 - Advanced Information Assurance - UMassAmherst
8 CS660 - Advanced Information Assurance - UMassAmherst
9 CS660 - Advanced Information Assurance - UMassAmherst
10 CS660 - Advanced Information Assurance - UMassAmherst
11 CS660 - Advanced Information Assurance - UMassAmherst
12 CS660 - Advanced Information Assurance - UMassAmherst
13 CS660 - Advanced Information Assurance - UMassAmherst
Discussion • Should privacy-enhancing technologies (e.g., Tor) have backdoors for the law-enforcement? CS660 - Advanced Information Assurance - UMassAmherst 14
Traffic Analysis • Definition: inferring sensitive information from communication patterns, instead of traffic contents, no matter if encrypted • Related fields – Traffic shaping – Data mining 15 CS660 - Advanced Information Assurance - UMassAmherst
Use cases of traffic analysis • Inferring encrypted data (SSH, VoIP) • Inferring events • Linking network flows in low-latency networking applications • … 16 CS660 - Advanced Information Assurance - UMassAmherst
Outline • Traffic analysis in low-latency scenarios • Passive traffic analysis • Active traffic analysis: watermarks 17 CS660 - Advanced Information Assurance - UMassAmherst
18 Compromising anonymity Anonymous network A B CS660 - Advanced Information Assurance - UMassAmherst
Stepping stone attack 19 CS660 - Advanced Information Assurance - UMassAmherst
Passive Traffic analysis • Analyzing network flow patterns by only Observing traffic: – Packet counts – Packet timings – Packet sizes – Flow rate – … 20 CS660 - Advanced Information Assurance - UMassAmherst
Some literature  Stepping stone detection – Character frequencies [Staniford-Chen et al., S&P’95] – ON/OFF behavior of interactive connections [Zhang et al., SEC’00] – Correlating inter-packet delays [Wang et al., ESORICS’02] – Flow-sketches [Coskun et al., ACSAC’09]  Compromising anonymity – Analysis of onion routing [Syverson et al., PET’00] – Freedom and PipeNet [Back et al., IH’01] – Mix-based systems: [Raymond et al., PET’00], [Danezis et al., PET’04] 21 CS660 - Advanced Information Assurance - UMassAmherst
Passive Traffic analysis • Based on inter-packet delays of network flows [Wang et al., ESORICS’02] – Min/Max Sum Ratio (MMS) – Statistical Correlation (STAT) – Normalized Dot Product (NDP) 22 CS660 - Advanced Information Assurance - UMassAmherst
Passive Traffic analysis • ON/OFF behavior of interactive connections [Zhang et al., SEC’00] • Based on flow sketches [Coskun et al., ACSAC’09] 23 CS660 - Advanced Information Assurance - UMassAmherst
Issues of passive traffic analysis • Intrinsic correlation of flows – High false error rates – Need long flows for detection 24 CS660 - Advanced Information Assurance - UMassAmherst
Compromising anonymity 25 Anonymity network B A CS660 - Advanced Information Assurance - UMassAmherst
Issues of passive traffic analysis • Intrinsic correlation of flows – High false error rates – Need long flows for detection • Massive computation and communication – Not scalable: O(n) communication, O(n2) computation 26 CS660 - Advanced Information Assurance - UMassAmherst
Compromising anonymity 27 Anonymity network B A CS660 - Advanced Information Assurance - UMassAmherst
Flow watermarks: Active traffic analysis 28 CS660 - Advanced Information Assurance - UMassAmherst
Flow watermarking • Traffic analysis by perturbing network traffic – Packet timings – Packet counts – Packet sizes – Flow rate – … 29 CS660 - Advanced Information Assurance - UMassAmherst
Compromising anonymity 30 Anonymity network B A CS660 - Advanced Information Assurance - UMassAmherst
Stepping stone detection 31 Enterprise network CS660 - Advanced Information Assurance - UMassAmherst
32 Active Traffic Analysis Improve detection efficiency (lower false errors, fewer packets) O(1) communication and O(n) computation, instead of O(n) and O(n2) Faster detection CS660 - Advanced Information Assurance - UMassAmherst
Compromising anonymity 33 Anonymity network B A CS660 - Advanced Information Assurance - UMassAmherst
Watermark features Detection efficiency Invisibility Robustness Resource efficiency 34 CS660 - Advanced Information Assurance - UMassAmherst
35 Inter-Packet Delay vs. Interval-Based Watermarking • Interval-Based Watermarking – Robustness to packet modifications • IBW[Infocom’07], ICBW[S&P’07], DSSS[S&P’07] CLEAR LOAD • Inter-Packet Delay (IPD) watermarking CS660 - Advanced Information Assurance - UMassAmherst
RAINBOW: Robust And Invisible Non-Blind Watermark NDSS 2009 With Negar Kiyavash and Nikita Borisov 36 CS660 - Advanced Information Assurance - UMassAmherst
37 RAINBOW Scheme • Insert spread spectrum watermark within Inter-Packet Delay (IPD) information – At the watermarker: IPDW= IPD + WM – At the detector: IPDR - IPD = WM + Jitter • IPD Database – Last n packets, removed after connection ends – Low memory resources for moderate-size enterprises Watermarker Receiver Detector Sender IPD Database IPD IPDW IPD IPDR IPD WM • Non-Blind watermarking: provide invisibility CS660 - Advanced Information Assurance - UMassAmherst
38 Detection Analysis • Using the last n samples of IPD – Y= IPDR - IPD = WM + Jitter – Normalized correlation – Detection threshold η • System parameters: – a: watermark amplitude – b: standard deviation of jitter – represents the SNR – n: watermark length • Detection analysis: Hypothesis testing ) 2 ) ( exp( 5 . 0 ) 2 exp( 5 . 0 n FN n FP         b a   Subtraction IPDR IPD Normalized Correlation Decision IPD Database Watermark Detector Y CS660 - Advanced Information Assurance - UMassAmherst
39 System Design • Cross-Over Error Rate (COER) versus system parameters • Increasing – Lower error, more visible • Increasing n – lower error, slower detection • a can be traded for n • a should be adjusted to jitter  CS660 - Advanced Information Assurance - UMassAmherst
40 Evaluation • Devise a selective correlation to compensate for packet-level modifications – Sliding window • Invisibility analyzed using – Kolmogorov-Smirnov test – Entropy-based tools of [Gianvecchio, CCS07] • Performance summary – Fast detection – Detection time ≈ 3 min of SSH traffic (400 packets) – False errors of order 10-6 CS660 - Advanced Information Assurance - UMassAmherst
Other applications • Linking flows in low-latency applications – Stepping stone detection – Compromising anonymous networks – Long path attack – IRC-based botnet detection – VoIP de-anonymization – … 41 CS660 - Advanced Information Assurance - UMassAmherst
IRC-based botnets 43 CS660 - Advanced Information Assurance - UMassAmherst
Acknowledgement • Some of the slides, content, or pictures are borrowed from the following resources, and some pictures are obtained through Google search without being referenced below: • Tor stinks 44 CS660 - Advanced Information Assurance - UMassAmherst

Recommandé

Opensample: A Low-latency, Sampling-based Measurement Platform for Software D...
Opensample: A Low-latency, Sampling-based Measurement Platform for Software D...Opensample: A Low-latency, Sampling-based Measurement Platform for Software D...
Opensample: A Low-latency, Sampling-based Measurement Platform for Software D...
Junho Suh
 
Application-engaged Dynamic Orchestration of Optical Network Resources
Application-engaged Dynamic Orchestration of Optical Network ResourcesApplication-engaged Dynamic Orchestration of Optical Network Resources
Application-engaged Dynamic Orchestration of Optical Network Resources
Tal Lavian Ph.D.
 
5 Anonymous Communication exercises fee d
5 Anonymous Communication exercises fee d5 Anonymous Communication exercises fee d
5 Anonymous Communication exercises fee d
gawodaf378
 
ASERT's DDoS Malware Corral, Volume 1 by Dennis Schwarz and Jason Jones
ASERT's DDoS Malware Corral, Volume 1 by Dennis Schwarz and Jason JonesASERT's DDoS Malware Corral, Volume 1 by Dennis Schwarz and Jason Jones
ASERT's DDoS Malware Corral, Volume 1 by Dennis Schwarz and Jason Jones
arborjjones
 
DEFCON-21 - How to Hack Your Mini Cooper, by Jason Staggs
DEFCON-21 - How to Hack Your Mini Cooper, by Jason StaggsDEFCON-21 - How to Hack Your Mini Cooper, by Jason Staggs
DEFCON-21 - How to Hack Your Mini Cooper, by Jason Staggs
Guy Boulianne
 
ENSEIRB - Advanced Project
ENSEIRB - Advanced ProjectENSEIRB - Advanced Project
ENSEIRB - Advanced Project
Arnaud Lempereur
 
Network Algorithmics
Network AlgorithmicsNetwork Algorithmics
Network Algorithmics
인욱 황
 
Mobile Experience Management and Network Services Health Check with Aruba Air...
Mobile Experience Management and Network Services Health Check with Aruba Air...Mobile Experience Management and Network Services Health Check with Aruba Air...
Mobile Experience Management and Network Services Health Check with Aruba Air...
Aruba, a Hewlett Packard Enterprise company
 

Recommandé

Opensample: A Low-latency, Sampling-based Measurement Platform for Software D...
Opensample: A Low-latency, Sampling-based Measurement Platform for Software D...Opensample: A Low-latency, Sampling-based Measurement Platform for Software D...
Opensample: A Low-latency, Sampling-based Measurement Platform for Software D...
Junho Suh
 
Application-engaged Dynamic Orchestration of Optical Network Resources
Application-engaged Dynamic Orchestration of Optical Network ResourcesApplication-engaged Dynamic Orchestration of Optical Network Resources
Application-engaged Dynamic Orchestration of Optical Network Resources
Tal Lavian Ph.D.
 
5 Anonymous Communication exercises fee d
5 Anonymous Communication exercises fee d5 Anonymous Communication exercises fee d
5 Anonymous Communication exercises fee d
gawodaf378
 
ASERT's DDoS Malware Corral, Volume 1 by Dennis Schwarz and Jason Jones
ASERT's DDoS Malware Corral, Volume 1 by Dennis Schwarz and Jason JonesASERT's DDoS Malware Corral, Volume 1 by Dennis Schwarz and Jason Jones
ASERT's DDoS Malware Corral, Volume 1 by Dennis Schwarz and Jason Jones
arborjjones
 
DEFCON-21 - How to Hack Your Mini Cooper, by Jason Staggs
DEFCON-21 - How to Hack Your Mini Cooper, by Jason StaggsDEFCON-21 - How to Hack Your Mini Cooper, by Jason Staggs
DEFCON-21 - How to Hack Your Mini Cooper, by Jason Staggs
Guy Boulianne
 
ENSEIRB - Advanced Project
ENSEIRB - Advanced ProjectENSEIRB - Advanced Project
ENSEIRB - Advanced Project
Arnaud Lempereur
 
Network Algorithmics
Network AlgorithmicsNetwork Algorithmics
Network Algorithmics
인욱 황
 
Mobile Experience Management and Network Services Health Check with Aruba Air...
Mobile Experience Management and Network Services Health Check with Aruba Air...Mobile Experience Management and Network Services Health Check with Aruba Air...
Mobile Experience Management and Network Services Health Check with Aruba Air...
Aruba, a Hewlett Packard Enterprise company
 
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
SBWebinars
 
My Project on Cryptograpghy.2023.ppt
My Project on Cryptograpghy.2023.pptMy Project on Cryptograpghy.2023.ppt
My Project on Cryptograpghy.2023.ppt
halosidiq1
 
Getting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallGetting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewall
Aruba, a Hewlett Packard Enterprise company
 
S4x16 europe krotofil_granular_dataflowsics
S4x16 europe krotofil_granular_dataflowsicsS4x16 europe krotofil_granular_dataflowsics
S4x16 europe krotofil_granular_dataflowsics
Marina Krotofil
 
Traffic data fusion methodology
Traffic data fusion methodologyTraffic data fusion methodology
Traffic data fusion methodology
JumpingJaq
 
Артем Гавриченков "The Dark Side of Things: Distributed Denial of Service Att...
Артем Гавриченков "The Dark Side of Things: Distributed Denial of Service Att...Артем Гавриченков "The Dark Side of Things: Distributed Denial of Service Att...
Артем Гавриченков "The Dark Side of Things: Distributed Denial of Service Att...
Tanya Denisyuk
 
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAMNext-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Frank Brockners
 
AusNOG 2023: RPKI and whois updates
AusNOG 2023: RPKI and whois updatesAusNOG 2023: RPKI and whois updates
AusNOG 2023: RPKI and whois updates
APNIC
 
TASVEER : Tomography of India’s Internet Infrastructure
TASVEER : Tomography of India’s Internet InfrastructureTASVEER : Tomography of India’s Internet Infrastructure
TASVEER : Tomography of India’s Internet Infrastructure
Cybersecurity Education and Research Centre
 
Sym 2015 product overview apr2015
Sym 2015 product overview apr2015Sym 2015 product overview apr2015
Sym 2015 product overview apr2015
Todd Masters
 
Network traffic analysis course
Network traffic analysis courseNetwork traffic analysis course
Network traffic analysis course
TECHNOLOGY CONTROL CO.
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilities
G Prachi
 
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
BGA Cyber Security
 
Regional Internet Registry and Whois
Regional Internet Registry and WhoisRegional Internet Registry and Whois
Regional Internet Registry and Whois
APNIC
 
Network Bandwidth management - Mumbai Seminar
Network Bandwidth management - Mumbai SeminarNetwork Bandwidth management - Mumbai Seminar
Network Bandwidth management - Mumbai Seminar
ManageEngine, Zoho Corporation
 
Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren NetzwerkverkehrSplunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Georg Knon
 
Dynamic Adaptation of Software-defined Networks for IoT Systems: A Search-bas...
Dynamic Adaptation of Software-defined Networks for IoT Systems: A Search-bas...Dynamic Adaptation of Software-defined Networks for IoT Systems: A Search-bas...
Dynamic Adaptation of Software-defined Networks for IoT Systems: A Search-bas...
Lionel Briand
 
DDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and MitigationDDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and Mitigation
Wilson Rogerio Lopes
 
Network Automation in Support of Cyber Defense
Network Automation in Support of Cyber DefenseNetwork Automation in Support of Cyber Defense
Network Automation in Support of Cyber Defense
Richard Larkin
 
Network Automation in Support of Cyber Defense
Network Automation in Support of Cyber DefenseNetwork Automation in Support of Cyber Defense
Network Automation in Support of Cyber Defense
Michael Malone
 
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
amitlee9823
 
Block diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.pptBlock diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.ppt
NANDHAKUMARA10
 

Contenu connexe

Similaire à 21-TrafAnal.pptx

Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
SBWebinars
 
Артем Гавриченков "The Dark Side of Things: Distributed Denial of Service Att...
Артем Гавриченков "The Dark Side of Things: Distributed Denial of Service Att...Артем Гавриченков "The Dark Side of Things: Distributed Denial of Service Att...
Артем Гавриченков "The Dark Side of Things: Distributed Denial of Service Att...
Tanya Denisyuk
 
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAMNext-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Frank Brockners
 
TASVEER : Tomography of India’s Internet Infrastructure
TASVEER : Tomography of India’s Internet InfrastructureTASVEER : Tomography of India’s Internet Infrastructure
TASVEER : Tomography of India’s Internet Infrastructure
Cybersecurity Education and Research Centre
 
Dynamic Adaptation of Software-defined Networks for IoT Systems: A Search-bas...
Dynamic Adaptation of Software-defined Networks for IoT Systems: A Search-bas...Dynamic Adaptation of Software-defined Networks for IoT Systems: A Search-bas...
Dynamic Adaptation of Software-defined Networks for IoT Systems: A Search-bas...
Lionel Briand
 

Similaire à 21-TrafAnal.pptx (20)

Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
 
My Project on Cryptograpghy.2023.ppt
My Project on Cryptograpghy.2023.pptMy Project on Cryptograpghy.2023.ppt
My Project on Cryptograpghy.2023.ppt
 
Getting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallGetting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewall
 
S4x16 europe krotofil_granular_dataflowsics
S4x16 europe krotofil_granular_dataflowsicsS4x16 europe krotofil_granular_dataflowsics
S4x16 europe krotofil_granular_dataflowsics
 
Traffic data fusion methodology
Traffic data fusion methodologyTraffic data fusion methodology
Traffic data fusion methodology
 
Артем Гавриченков "The Dark Side of Things: Distributed Denial of Service Att...
Артем Гавриченков "The Dark Side of Things: Distributed Denial of Service Att...Артем Гавриченков "The Dark Side of Things: Distributed Denial of Service Att...
Артем Гавриченков "The Dark Side of Things: Distributed Denial of Service Att...
 
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAMNext-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAM
 
AusNOG 2023: RPKI and whois updates
AusNOG 2023: RPKI and whois updatesAusNOG 2023: RPKI and whois updates
AusNOG 2023: RPKI and whois updates
 
TASVEER : Tomography of India’s Internet Infrastructure
TASVEER : Tomography of India’s Internet InfrastructureTASVEER : Tomography of India’s Internet Infrastructure
TASVEER : Tomography of India’s Internet Infrastructure
 
Sym 2015 product overview apr2015
Sym 2015 product overview apr2015Sym 2015 product overview apr2015
Sym 2015 product overview apr2015
 
Network traffic analysis course
Network traffic analysis courseNetwork traffic analysis course
Network traffic analysis course
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilities
 
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
 
Regional Internet Registry and Whois
Regional Internet Registry and WhoisRegional Internet Registry and Whois
Regional Internet Registry and Whois
 
Network Bandwidth management - Mumbai Seminar
Network Bandwidth management - Mumbai SeminarNetwork Bandwidth management - Mumbai Seminar
Network Bandwidth management - Mumbai Seminar
 
Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren NetzwerkverkehrSplunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
 
Dynamic Adaptation of Software-defined Networks for IoT Systems: A Search-bas...
Dynamic Adaptation of Software-defined Networks for IoT Systems: A Search-bas...Dynamic Adaptation of Software-defined Networks for IoT Systems: A Search-bas...
Dynamic Adaptation of Software-defined Networks for IoT Systems: A Search-bas...
 
DDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and MitigationDDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and Mitigation
 
Network Automation in Support of Cyber Defense
Network Automation in Support of Cyber DefenseNetwork Automation in Support of Cyber Defense
Network Automation in Support of Cyber Defense
 
Network Automation in Support of Cyber Defense
Network Automation in Support of Cyber DefenseNetwork Automation in Support of Cyber Defense
Network Automation in Support of Cyber Defense
 

Dernier

Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
amitlee9823
 
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
roncy bisnoi
 
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
SUHANI PANDEY
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
Kamal Acharya
 
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
tanu pandey
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Arindam Chakraborty, Ph.D., P.E. (CA, TX)
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Kandungan 087776558899
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
Asst.prof M.Gokilavani
 
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Call Girls in Nagpur High Profile
 

Dernier (20)

Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
 
Block diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.pptBlock diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.ppt
 
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
 
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghly
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPT
 
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
 
Unit 2- Effective stress & Permeability.pdf
Unit 2- Effective stress & Permeability.pdfUnit 2- Effective stress & Permeability.pdf
Unit 2- Effective stress & Permeability.pdf
 
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringchapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineering
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdf
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the start
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 

21-TrafAnal.pptx

  • 1. Traffic Analysis: Network Flow Watermarking Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 1 CS660 - Advanced Information Assurance - UMassAmherst
  • 2. Previously • Two popular forms of anonymous communications – Onion Routing (Tor) – Mix Networks • They aim to be low-latency to be used for interactive application, e.g., web browsing, IM, VoIP, etc. Gives birth to attacks 2 CS660 - Advanced Information Assurance - UMassAmherst
  • 3. Attacks on anonymity systems • Traffic analysis attacks • Intersection attacks • Fingerprinting attacks • DoS attacks • … 3 CS660 - Advanced Information Assurance - UMassAmherst
  • 4. Who Wants to Attack Tor? • Who has the ability to attack Tor? CS660 - Advanced Information Assurance - UMassAmherst 4
  • 5. • How NSA tries to break Tor – Tor stinks 5 CS660 - Advanced Information Assurance - UMassAmherst
  • 6. Why do they want to break Tor (or, what do they say?) 6 CS660 - Advanced Information Assurance - UMassAmherst
  • 7. 7 CS660 - Advanced Information Assurance - UMassAmherst
  • 8. 8 CS660 - Advanced Information Assurance - UMassAmherst
  • 9. 9 CS660 - Advanced Information Assurance - UMassAmherst
  • 10. 10 CS660 - Advanced Information Assurance - UMassAmherst
  • 11. 11 CS660 - Advanced Information Assurance - UMassAmherst
  • 12. 12 CS660 - Advanced Information Assurance - UMassAmherst
  • 13. 13 CS660 - Advanced Information Assurance - UMassAmherst
  • 14. Discussion • Should privacy-enhancing technologies (e.g., Tor) have backdoors for the law-enforcement? CS660 - Advanced Information Assurance - UMassAmherst 14
  • 15. Traffic Analysis • Definition: inferring sensitive information from communication patterns, instead of traffic contents, no matter if encrypted • Related fields – Traffic shaping – Data mining 15 CS660 - Advanced Information Assurance - UMassAmherst
  • 16. Use cases of traffic analysis • Inferring encrypted data (SSH, VoIP) • Inferring events • Linking network flows in low-latency networking applications • … 16 CS660 - Advanced Information Assurance - UMassAmherst
  • 17. Outline • Traffic analysis in low-latency scenarios • Passive traffic analysis • Active traffic analysis: watermarks 17 CS660 - Advanced Information Assurance - UMassAmherst
  • 18. 18 Compromising anonymity Anonymous network A B CS660 - Advanced Information Assurance - UMassAmherst
  • 19. Stepping stone attack 19 CS660 - Advanced Information Assurance - UMassAmherst
  • 20. Passive Traffic analysis • Analyzing network flow patterns by only Observing traffic: – Packet counts – Packet timings – Packet sizes – Flow rate – … 20 CS660 - Advanced Information Assurance - UMassAmherst
  • 21. Some literature  Stepping stone detection – Character frequencies [Staniford-Chen et al., S&P’95] – ON/OFF behavior of interactive connections [Zhang et al., SEC’00] – Correlating inter-packet delays [Wang et al., ESORICS’02] – Flow-sketches [Coskun et al., ACSAC’09]  Compromising anonymity – Analysis of onion routing [Syverson et al., PET’00] – Freedom and PipeNet [Back et al., IH’01] – Mix-based systems: [Raymond et al., PET’00], [Danezis et al., PET’04] 21 CS660 - Advanced Information Assurance - UMassAmherst
  • 22. Passive Traffic analysis • Based on inter-packet delays of network flows [Wang et al., ESORICS’02] – Min/Max Sum Ratio (MMS) – Statistical Correlation (STAT) – Normalized Dot Product (NDP) 22 CS660 - Advanced Information Assurance - UMassAmherst
  • 23. Passive Traffic analysis • ON/OFF behavior of interactive connections [Zhang et al., SEC’00] • Based on flow sketches [Coskun et al., ACSAC’09] 23 CS660 - Advanced Information Assurance - UMassAmherst
  • 24. Issues of passive traffic analysis • Intrinsic correlation of flows – High false error rates – Need long flows for detection 24 CS660 - Advanced Information Assurance - UMassAmherst
  • 25. Compromising anonymity 25 Anonymity network B A CS660 - Advanced Information Assurance - UMassAmherst
  • 26. Issues of passive traffic analysis • Intrinsic correlation of flows – High false error rates – Need long flows for detection • Massive computation and communication – Not scalable: O(n) communication, O(n2) computation 26 CS660 - Advanced Information Assurance - UMassAmherst
  • 27. Compromising anonymity 27 Anonymity network B A CS660 - Advanced Information Assurance - UMassAmherst
  • 28. Flow watermarks: Active traffic analysis 28 CS660 - Advanced Information Assurance - UMassAmherst
  • 29. Flow watermarking • Traffic analysis by perturbing network traffic – Packet timings – Packet counts – Packet sizes – Flow rate – … 29 CS660 - Advanced Information Assurance - UMassAmherst
  • 30. Compromising anonymity 30 Anonymity network B A CS660 - Advanced Information Assurance - UMassAmherst
  • 31. Stepping stone detection 31 Enterprise network CS660 - Advanced Information Assurance - UMassAmherst
  • 32. 32 Active Traffic Analysis Improve detection efficiency (lower false errors, fewer packets) O(1) communication and O(n) computation, instead of O(n) and O(n2) Faster detection CS660 - Advanced Information Assurance - UMassAmherst
  • 33. Compromising anonymity 33 Anonymity network B A CS660 - Advanced Information Assurance - UMassAmherst
  • 34. Watermark features Detection efficiency Invisibility Robustness Resource efficiency 34 CS660 - Advanced Information Assurance - UMassAmherst
  • 35. 35 Inter-Packet Delay vs. Interval-Based Watermarking • Interval-Based Watermarking – Robustness to packet modifications • IBW[Infocom’07], ICBW[S&P’07], DSSS[S&P’07] CLEAR LOAD • Inter-Packet Delay (IPD) watermarking CS660 - Advanced Information Assurance - UMassAmherst
  • 36. RAINBOW: Robust And Invisible Non-Blind Watermark NDSS 2009 With Negar Kiyavash and Nikita Borisov 36 CS660 - Advanced Information Assurance - UMassAmherst
  • 37. 37 RAINBOW Scheme • Insert spread spectrum watermark within Inter-Packet Delay (IPD) information – At the watermarker: IPDW= IPD + WM – At the detector: IPDR - IPD = WM + Jitter • IPD Database – Last n packets, removed after connection ends – Low memory resources for moderate-size enterprises Watermarker Receiver Detector Sender IPD Database IPD IPDW IPD IPDR IPD WM • Non-Blind watermarking: provide invisibility CS660 - Advanced Information Assurance - UMassAmherst
  • 38. 38 Detection Analysis • Using the last n samples of IPD – Y= IPDR - IPD = WM + Jitter – Normalized correlation – Detection threshold η • System parameters: – a: watermark amplitude – b: standard deviation of jitter – represents the SNR – n: watermark length • Detection analysis: Hypothesis testing ) 2 ) ( exp( 5 . 0 ) 2 exp( 5 . 0 n FN n FP         b a   Subtraction IPDR IPD Normalized Correlation Decision IPD Database Watermark Detector Y CS660 - Advanced Information Assurance - UMassAmherst
  • 39. 39 System Design • Cross-Over Error Rate (COER) versus system parameters • Increasing – Lower error, more visible • Increasing n – lower error, slower detection • a can be traded for n • a should be adjusted to jitter  CS660 - Advanced Information Assurance - UMassAmherst
  • 40. 40 Evaluation • Devise a selective correlation to compensate for packet-level modifications – Sliding window • Invisibility analyzed using – Kolmogorov-Smirnov test – Entropy-based tools of [Gianvecchio, CCS07] • Performance summary – Fast detection – Detection time ≈ 3 min of SSH traffic (400 packets) – False errors of order 10-6 CS660 - Advanced Information Assurance - UMassAmherst
  • 41. Other applications • Linking flows in low-latency applications – Stepping stone detection – Compromising anonymous networks – Long path attack – IRC-based botnet detection – VoIP de-anonymization – … 41 CS660 - Advanced Information Assurance - UMassAmherst
  • 42. IRC-based botnets 43 CS660 - Advanced Information Assurance - UMassAmherst
  • 43. Acknowledgement • Some of the slides, content, or pictures are borrowed from the following resources, and some pictures are obtained through Google search without being referenced below: • Tor stinks 44 CS660 - Advanced Information Assurance - UMassAmherst