6 research outputs found
Practical Traffic Analysis Attacks on Secure Messaging Applications
Instant Messaging (IM) applications like Telegram, Signal, and WhatsApp have
become extremely popular in recent years. Unfortunately, such IM services have
been targets of continuous governmental surveillance and censorship, as these
services are home to public and private communication channels on socially and
politically sensitive topics. To protect their clients, popular IM services
deploy state-of-the-art encryption mechanisms. In this paper, we show that
despite the use of advanced encryption, popular IM applications leak sensitive
information about their clients to adversaries who merely monitor their
encrypted IM traffic, with no need for leveraging any software vulnerabilities
of IM applications. Specifically, we devise traffic analysis attacks that
enable an adversary to identify administrators as well as members of target IM
channels (e.g., forums) with high accuracies. We believe that our study
demonstrates a significant, real-world threat to the users of such services
given the increasing attempts by oppressive governments at cracking down
controversial IM channels.
We demonstrate the practicality of our traffic analysis attacks through
extensive experiments on real-world IM communications. We show that standard
countermeasure techniques such as adding cover traffic can degrade the
effectiveness of the attacks we introduce in this paper. We hope that our study
will encourage IM providers to integrate effective traffic obfuscation
countermeasures into their software. In the meantime, we have designed and
deployed an open-source, publicly available countermeasure system, called
IMProxy, that can be used by IM clients with no need for any support from IM
providers. We have demonstrated the effectiveness of IMProxy through
experiments
Recommended from our members
Design and Implementation of Algorithms for Traffic Classification
Traffic analysis is the practice of using inherent characteristics of a network flow such as timings, sizes, and orderings of the packets to derive sensitive information about it. Traffic analysis techniques are used because of the extensive adoption of encryption and content-obfuscation mechanisms, making it impossible to infer any information about the flows by analyzing their content. In this thesis, we use traffic analysis to infer sensitive information for different objectives and different applications. Specifically, we investigate various applications: p2p cryptocurrencies, flow correlation, and messaging applications. Our goal is to tailor specific traffic analysis algorithms that best capture network traffic’s intrinsic characteristics in those applications for each of these applications. Also, the objective of traffic analysis is different for each of these applications. Specifically, in Bitcoin, our goal is to evaluate Bitcoin traffic’s resilience to blocking by powerful entities such as governments and ISPs. Bitcoin and similar cryptocurrencies play an important role in electronic commerce and other trust-based distributed systems because of their significant advantage over traditional currencies, including open access to global e-commerce. Therefore, it is essential to
the consumers and the industry to have reliable access to their Bitcoin assets. We also examine stepping stone attacks for flow correlation. A stepping stone is a host that an attacker uses to relay her traffic to hide her identity. We introduce two fingerprinting systems, TagIt and FINN. TagIt embeds a secret fingerprint into the flows by moving the packets to specific time intervals. However, FINN utilizes DNNs to embed the fingerprint by changing the inter-packet delays (IPDs) in the flow. In messaging applications, we analyze the WhatsApp messaging service to determine if traffic leaks any sensitive information such as members’ identity in a particular conversation to the adversaries who watch their encrypted traffic. These messaging applications’ privacy is essential because these services provide an environment to dis- cuss politically sensitive subjects, making them a target to government surveillance and censorship in totalitarian countries. We take two technical approaches to design our traffic analysis techniques. The increasing use of DNN-based classifiers inspires our first direction: we train DNN classifiers to perform some specific traffic analysis task. Our second approach is to inspect and model the shape of traffic in the target application and design a statistical classifier for the expected shape of traffic. DNN- based methods are useful when the network is complex, and the traffic’s underlying noise is not linear. Also, these models do not need a meticulous analysis to extract the features. However, deep learning techniques need a vast amount of training data to work well. Therefore, they are not beneficial when there is insufficient data avail- able to train a generalized model. On the other hand, statistical methods have the advantage that they do not have training overhead
Les Botmasters et leurs rôles dans le marché des botnets
Travail dirigé présenté à la Faculté des études supérieures et postdoctorales en vue de l’obtention du grade de Maîtrise ès Sciences (M.Sc.) en Criminologie option Criminalistique et informationLes botnets continuent à présenter une préoccupation réelle dans la sphère virtuelle. Ces
rĂ©seaux d’ordinateurs corrompus facilitent la prolifĂ©ration des crimes en ligne de façon Ă
atteindre une quantité énorme de victimes. De nombreuses études traitent ainsi des
mécanismes d’infection de machines ainsi que des comportements de ces botnets.
D’ailleurs, les conséquences qui en découlent sont elles aussi bien documentées. On
constate cependant un manque dans la littérature en ce qui concerne les botmasters, les
pirates informatiques qui créent et contrôlent de tels réseaux. À l’aide d’analyses de
contenus du forum Dark0de, 88 botmasters ont été identifiés et catégorisés en fonction des
rôles qu’ils occupent dans le marché de botnets. Cette étude exploratoire vise à évaluer le
statut, la réputation, le taux d’activité ainsi que les expertises de ces botmasters, soit : les
codeurs, les commerçants, les distributeurs, les opérateurs, les curieux, ainsi que les
individus qui monétisent les botnets et qui affirment être expérimentés dans ce domaine.
Cette étude permet de conclure que les distributeurs et les opérateurs de botnets sont les
membres les plus réputés dans leur communauté. C’est auprès des commerçants ainsi que
des botmasters d’expériences que l’on retrouve les membres avec les meilleurs statuts du
forum. Les catégories de botmasters les plus actifs au sein de Dark0de sont les opérateurs
et les commerçants. La plupart des botmasters à l’étude ont été identifiés dans un forum de
piratages différent de Dark0de, ou aucun. Pour finir, à part pour les codeurs, dont plus de
la moitié se spécialise en programmation, et les botmasters d’expérience, dont le tiers n’ont
qu’une seule spécialisation, les autres sujets possèdent diverses expertises non reliées au
botnets.Botnets still represent one of the biggest threats in cyberspace. These corrupted computer
networks are used to facilitate the propagation of cybercrime and to reach simultaneously
an important number of victims. Previous studies have covered subjects such as the bot
infection mechanisms, botnets’ behaviour and also the consequences of their usage. While
botnets are well documented, there is a gap in literature regarding botmasters, the hackers
responsible for creating and controlling these networks. To understand better those
individuals, a content analysis of the underground forum Dark0de helped identify a pool
of 88 botmasters that were categorised according to their roles in the botnet market. This
preliminary study aims to measure the status, reputation, activity and expertise of
botmasters according to their groups: coding, business, distribution, operation,
monetization, interest and experience. Preliminary results indicate that distributors and
operators have a better reputation in their community, while traders and experienced
botmasters have higher statuses in the forum. Operators and traders are the most active
botmasters in this forum. Also, most of the botmasters in this study have been found in
another forum or none. Finally, except for half of the coders and a third of experienced
botmasters, most of these individuals possess many expertise in different fields than botnets