340 research outputs found
Recommended from our members
Techniques for the dynamic randomization of network attributes
Critical infrastructure control systems continue to foster predictable communication paths and static configurations that allow easy access to our networked critical infrastructure around the world. This makes them attractive and easy targets for cyber-attack. We have developed technologies that address these attack vectors by automatically reconfiguring network settings. Applying these protective measures will convert control systems into «moving targets» that proactively defend themselves against attack. This «Moving Target Defense» (MTD) revolves about the movement of network reconfiguration, securely communicating reconfiguration specifications to other network nodes as required, and ensuring that connectivity between nodes is uninterrupted. Software-defined Networking (SDN) is leveraged to meet many of these goals. Our MTD approach eliminates adversaries targeting known static attributes of network devices and systems, and consists of the following three techniques: (1) Network Randomization for TCP/UDP Ports; (2) Network Randomization for IP Addresses; (3) Network Randomization for Network Paths In this paper, we describe the implementation of the aforementioned technologies. We also discuss the individual and collective successes for the techniques, challenges for deployment, constraints and assumptions, and the performance implications for each technique
HORNET: High-speed Onion Routing at the Network Layer
We present HORNET, a system that enables high-speed end-to-end anonymous
channels by leveraging next generation network architectures. HORNET is
designed as a low-latency onion routing system that operates at the network
layer thus enabling a wide range of applications. Our system uses only
symmetric cryptography for data forwarding yet requires no per-flow state on
intermediate nodes. This design enables HORNET nodes to process anonymous
traffic at over 93 Gb/s. HORNET can also scale as required, adding minimal
processing overhead per additional anonymous channel. We discuss design and
implementation details, as well as a performance and security evaluation.Comment: 14 pages, 5 figure
The Effect of Modern Web Content and Caching on The Tor Onion Router
This work evaluates Tor users\u27 risk of de-anonymization in the presence of a network-level adversary. We evaluate the likelihood that a Tor user, who is consuming modern web content, will be susceptible to a traffic analysis or watermarking attack. This work shows that the previously studied point-to-point model for Tor connections is not realistic and does not fully capture the risk of de-anonymization for Tor users. We show these results by measuring network paths along key parts of a Tor circuit. First, we measure the paths between the Tor exit relays and web resources requested when accessing the Alexa Top 1000 websites. Then, we use available and trusted traceroute data to approximate paths between Tor users and likely guard nodes. Then, the intersection of these paths at an autonomous system level is examined to determine if they share any elements. If the intersection of the paths is non-empty, then a Tor user making a request with those paths is susceptible to de-anonymization.Results from weighted selection of Tor exit and guard relays indicate that a Tor user visiting a random Alexa Top 1000 website is susceptible to de-anonymization with 20% probability for almost half of the Alexa Top 1000. Multiple resources account for significant additional de-anonymization risk over the point-to-point model, and shorter network paths to content distribution nodes do not effectively compensate. Moreover, examining the intersection of paths to resources in the top-level domains of a website does not full eliminate the risk of de-anonymization under the AS-Aware Tor problem
ToR K-Anonymity against deep learning watermarking attacks
It is known that totalitarian regimes often perform surveillance and censorship of their
communication networks. The Tor anonymity network allows users to browse the Internet
anonymously to circumvent censorship filters and possible prosecution. This has made
Tor an enticing target for state-level actors and cooperative state-level adversaries, with
privileged access to network traffic captured at the level of Autonomous Systems(ASs) or
Internet Exchange Points(IXPs).
This thesis studied the attack typologies involved, with a particular focus on traffic
correlation techniques for de-anonymization of Tor endpoints. Our goal was to design a
test-bench environment and tool, based on recently researched deep learning techniques
for traffic analysis, to evaluate the effectiveness of countermeasures provided by recent ap-
proaches that try to strengthen Tor’s anonymity protection. The targeted solution is based
on K-anonymity input covert channels organized as a pre-staged multipath network.
The research challenge was to design a test-bench environment and tool, to launch
active correlation attacks leveraging traffic flow correlation through the detection of in-
duced watermarks in Tor traffic. To de-anonymize Tor connection endpoints, our tool
analyses intrinsic time patterns of Tor synthetic egress traffic to detect flows with previ-
ously injected time-based watermarks.
With the obtained results and conclusions, we contributed to the evaluation of the
security guarantees that the targeted K-anonymity solution provides as a countermeasure
against de-anonymization attacks.Já foi extensamente observado que em vários países governados por regimes totalitários
existe monitorização, e consequente censura, nos vários meios de comunicação utilizados.
O Tor permite aos seus utilizadores navegar pela internet com garantias de privacidade e
anonimato, de forma a evitar bloqueios, censura e processos legais impostos pela entidade
que governa. Estas propriedades tornaram a rede Tor um alvo de ataque para vários
governos e ações conjuntas de várias entidades, com acesso privilegiado a extensas zonas
da rede e vários pontos de acesso à mesma.
Esta tese realiza o estudo de tipologias de ataques que quebram o anonimato da rede
Tor, com especial foco em técnicas de correlação de tráfegos. O nosso objetivo é realizar
um ambiente de estudo e ferramenta, baseada em técnicas recentes de aprendizagem pro-
funda e injeção de marcas de água, para avaliar a eficácia de contramedidas recentemente
investigadas, que tentam fortalecer o anonimato da rede Tor. A contramedida que pre-
tendemos avaliar é baseada na criação de multi-circuitos encobertos, recorrendo a túneis
TLS de entrada, de forma a acoplar o tráfego de um grupo anonimo de K utilizadores. A
solução a ser desenvolvida deve lançar um ataque de correlação de tráfegos recorrendo a
técnicas ativas de indução de marcas de água. Esta ferramenta deve ser capaz de correla-
cionar tráfego sintético de saída de circuitos Tor, realizando a injeção de marcas de água à
entrada com o propósito de serem detetadas num segundo ponto de observação. Aplicada
a um cenário real, o propósito da ferramenta está enquadrado na quebra do anonimato
de serviços secretos fornecidos pela rede Tor, assim como os utilizadores dos mesmos.
Os resultados esperados irão contribuir para a avaliação da solução de anonimato de
K utilizadores mencionada, que é vista como contramedida para ataques de desanonimi-
zação
A Taxonomy for and Analysis of Anonymous Communications Networks
Any entity operating in cyberspace is susceptible to debilitating attacks. With cyber attacks intended to gather intelligence and disrupt communications rapidly replacing the threat of conventional and nuclear attacks, a new age of warfare is at hand. In 2003, the United States acknowledged that the speed and anonymity of cyber attacks makes distinguishing among the actions of terrorists, criminals, and nation states difficult. Even President Obama’s Cybersecurity Chief-elect recognizes the challenge of increasingly sophisticated cyber attacks. Now through April 2009, the White House is reviewing federal cyber initiatives to protect US citizen privacy rights. Indeed, the rising quantity and ubiquity of new surveillance technologies in cyberspace enables instant, undetectable, and unsolicited information collection about entities. Hence, anonymity and privacy are becoming increasingly important issues. Anonymization enables entities to protect their data and systems from a diverse set of cyber attacks and preserves privacy. This research provides a systematic analysis of anonymity degradation, preservation and elimination in cyberspace to enhance the security of information assets. This includes discovery/obfuscation of identities and actions of/from potential adversaries. First, novel taxonomies are developed for classifying and comparing well-established anonymous networking protocols. These expand the classical definition of anonymity and capture the peer-to-peer and mobile ad hoc anonymous protocol family relationships. Second, a unique synthesis of state-of-the-art anonymity metrics is provided. This significantly aids an entity’s ability to reliably measure changing anonymity levels; thereby, increasing their ability to defend against cyber attacks. Finally, a novel epistemic-based mathematical model is created to characterize how an adversary reasons with knowledge to degrade anonymity. This offers multiple anonymity property representations and well-defined logical proofs to ensure the accuracy and correctness of current and future anonymous network protocol design
Towards Unconditional Tor-Like Anonymity
We design and evaluate a traffic anonymization protocol for wireless networks, aiming to protect against computationally powerful adversaries. Our protocol builds on recent key-generation techniques, that leverage intrinsic properties of the wireless together with standard coding techniques. We show how to exploit the security properties of such keys to design a Tor-like anonymity network, without making any assumptions about the computational capabilities of an adversary. Our analysis and evaluation on simulated ad-hoc wireless networks, shows that our protocol achieves a level of anonymity comparable to the level of the Tor network
Seeking Anonymity in an Internet Panopticon
Obtaining and maintaining anonymity on the Internet is challenging. The state
of the art in deployed tools, such as Tor, uses onion routing (OR) to relay
encrypted connections on a detour passing through randomly chosen relays
scattered around the Internet. Unfortunately, OR is known to be vulnerable at
least in principle to several classes of attacks for which no solution is known
or believed to be forthcoming soon. Current approaches to anonymity also appear
unable to offer accurate, principled measurement of the level or quality of
anonymity a user might obtain.
Toward this end, we offer a high-level view of the Dissent project, the first
systematic effort to build a practical anonymity system based purely on
foundations that offer measurable and formally provable anonymity properties.
Dissent builds on two key pre-existing primitives - verifiable shuffles and
dining cryptographers - but for the first time shows how to scale such
techniques to offer measurable anonymity guarantees to thousands of
participants. Further, Dissent represents the first anonymity system designed
from the ground up to incorporate some systematic countermeasure for each of
the major classes of known vulnerabilities in existing approaches, including
global traffic analysis, active attacks, and intersection attacks. Finally,
because no anonymity protocol alone can address risks such as software exploits
or accidental self-identification, we introduce WiNon, an experimental
operating system architecture to harden the uses of anonymity tools such as Tor
and Dissent against such attacks.Comment: 8 pages, 10 figure
PREDICTING THE UNKNOWN: MACHINE LEARNING TECHNIQUES FOR VIDEO FINGERPRINTING ATTACKS OVER TOR
In recent years, anonymization services such as Tor have become a popular resource for terrorist organizations and violent extremist groups. These adversaries use Tor to access the Dark Web to distribute video media as a way to recruit, train, and incite violence and acts of terrorism worldwide. This research strives to address this issue by examining and analyzing the use and development of video fingerprinting attacks using deep learning models. These high-performing deep learning models are called Deep Fingerprinting, which is used to predict video patterns with high accuracy in a closed-world setting. We pose ourselves as the adversary by passively observing raw network traffic as a user downloads a short video from YouTube. Based on traffic patterns, we can deduce what video the user was streaming with higher accuracy than previously obtained. In addition, our results include identifying the genre of the video. Our results suggest that an adversary may predict the video a user downloads over Tor with up to 83% accuracy, even when the user applies additional defenses to protect online privacy. By comparing different Deep Fingerprinting models with one another, we can better understand which models perform better from both the attacker and user’s perspective.Lieutenant, United States NavyApproved for public release. Distribution is unlimited
- …