Towards Provably Invisible Network Flow Fingerprints

Network traffic analysis reveals important information even when messages are encrypted. We consider active traffic analysis via flow fingerprinting by invisibly embedding information into packet timings of flows. In particular, assume Alice wishes to embed fingerprints into flows of a set of network input links, whose packet timings are modeled by Poisson processes, without being detected by a watchful adversary Willie. Bob, who receives the set of fingerprinted flows after they pass through the network modeled as a collection of independent and parallel $M/M/1$ queues, wishes to extract Alice's embedded fingerprints to infer the connection between input and output links of the network. We consider two scenarios: 1) Alice embeds fingerprints in all of the flows; 2) Alice embeds fingerprints in each flow independently with probability $p$. Assuming that the flow rates are equal, we calculate the maximum number of flows in which Alice can invisibly embed fingerprints while having those fingerprints successfully decoded by Bob. Then, we extend the construction and analysis to the case where flow rates are distinct, and discuss the extension of the network model

Anonymous Networking amidst Eavesdroppers

The problem of security against timing based traffic analysis in wireless networks is considered in this work. An analytical measure of anonymity in eavesdropped networks is proposed using the information theoretic concept of equivocation. For a physical layer with orthogonal transmitter directed signaling, scheduling and relaying techniques are designed to maximize achievable network performance for any given level of anonymity. The network performance is measured by the achievable relay rates from the sources to destinations under latency and medium access constraints. In particular, analytical results are presented for two scenarios: For a two-hop network with maximum anonymity, achievable rate regions for a general m x 1 relay are characterized when nodes generate independent Poisson transmission schedules. The rate regions are presented for both strict and average delay constraints on traffic flow through the relay. For a multihop network with an arbitrary anonymity requirement, the problem of maximizing the sum-rate of flows (network throughput) is considered. A selective independent scheduling strategy is designed for this purpose, and using the analytical results for the two-hop network, the achievable throughput is characterized as a function of the anonymity level. The throughput-anonymity relation for the proposed strategy is shown to be equivalent to an information theoretic rate-distortion function

Covert Bits Through Queues

We consider covert communication using a queuing timing channel in the presence of a warden. The covert message is encoded using the inter-arrival times of the packets, and the legitimate receiver and the warden observe the inter-departure times of the packets from their respective queues. The transmitter and the legitimate receiver also share a secret key to facilitate covert communication. We propose achievable schemes that obtain non-zero covert rate for both exponential and general queues when a sufficiently high rate secret key is available. This is in contrast to other channel models such as the Gaussian channel or the discrete memoryless channel where only $\mathcal{O}(\sqrt{n})$ covert bits can be sent over $n$ channel uses, yielding a zero covert rate.Comment: To appear at IEEE CNS, October 201

Challenges in the Implementation and Simulation for Wireless Side-Channel based on Intentionally Corrupted FCS

AbstractWe report on the challenges faced in the implementation and simulation of a side-channel communication based on frames with an intentionally corrupted Frame Check Sequence (FCS). Systematically corrupted FCSs can be used to enable covert communications between nodes that share the same algorithm for deciphering the FCS. In order to assess the possibility in detecting this side-channel communication it is necessary to have the ability to simulate it as well as to implement it on actual devices. Nearly all simulators drop corrupted frames before they reach their destination, making it impossible to simulate any side-channel communication based on intentionally corrupted FCS. We present an example of the modifications required to prevent this as applied to a well-known simulator called Sinalgo. We also discuss problems encountered when trying to intentionally corrupt the FCS on actual devices