3,242 research outputs found
Conscript Your Friends into Larger Anonymity Sets with JavaScript
We present the design and prototype implementation of ConScript, a framework
for using JavaScript to allow casual Web users to participate in an anonymous
communication system. When a Web user visits a cooperative Web site, the site
serves a JavaScript application that instructs the browser to create and submit
"dummy" messages into the anonymity system. Users who want to send non-dummy
messages through the anonymity system use a browser plug-in to replace these
dummy messages with real messages. Creating such conscripted anonymity sets can
increase the anonymity set size available to users of remailer, e-voting, and
verifiable shuffle-style anonymity systems. We outline ConScript's
architecture, we address a number of potential attacks against ConScript, and
we discuss the ethical issues related to deploying such a system. Our
implementation results demonstrate the practicality of ConScript: a workstation
running our ConScript prototype JavaScript client generates a dummy message for
a mix-net in 81 milliseconds and it generates a dummy message for a
DoS-resistant DC-net in 156 milliseconds.Comment: An abbreviated version of this paper will appear at the WPES 2013
worksho
Hang With Your Buddies to Resist Intersection Attacks
Some anonymity schemes might in principle protect users from pervasive
network surveillance - but only if all messages are independent and unlinkable.
Users in practice often need pseudonymity - sending messages intentionally
linkable to each other but not to the sender - but pseudonymity in dynamic
networks exposes users to intersection attacks. We present Buddies, the first
systematic design for intersection attack resistance in practical anonymity
systems. Buddies groups users dynamically into buddy sets, controlling message
transmission to make buddies within a set behaviorally indistinguishable under
traffic analysis. To manage the inevitable tradeoffs between anonymity
guarantees and communication responsiveness, Buddies enables users to select
independent attack mitigation policies for each pseudonym. Using trace-based
simulations and a working prototype, we find that Buddies can guarantee
non-trivial anonymity set sizes in realistic chat/microblogging scenarios, for
both short-lived and long-lived pseudonyms.Comment: 15 pages, 8 figure
TARANET: Traffic-Analysis Resistant Anonymity at the NETwork layer
Modern low-latency anonymity systems, no matter whether constructed as an
overlay or implemented at the network layer, offer limited security guarantees
against traffic analysis. On the other hand, high-latency anonymity systems
offer strong security guarantees at the cost of computational overhead and long
delays, which are excessive for interactive applications. We propose TARANET,
an anonymity system that implements protection against traffic analysis at the
network layer, and limits the incurred latency and overhead. In TARANET's setup
phase, traffic analysis is thwarted by mixing. In the data transmission phase,
end hosts and ASes coordinate to shape traffic into constant-rate transmission
using packet splitting. Our prototype implementation shows that TARANET can
forward anonymous traffic at over 50~Gbps using commodity hardware
Practical Traffic Analysis Attacks on Secure Messaging Applications
Instant Messaging (IM) applications like Telegram, Signal, and WhatsApp have
become extremely popular in recent years. Unfortunately, such IM services have
been targets of continuous governmental surveillance and censorship, as these
services are home to public and private communication channels on socially and
politically sensitive topics. To protect their clients, popular IM services
deploy state-of-the-art encryption mechanisms. In this paper, we show that
despite the use of advanced encryption, popular IM applications leak sensitive
information about their clients to adversaries who merely monitor their
encrypted IM traffic, with no need for leveraging any software vulnerabilities
of IM applications. Specifically, we devise traffic analysis attacks that
enable an adversary to identify administrators as well as members of target IM
channels (e.g., forums) with high accuracies. We believe that our study
demonstrates a significant, real-world threat to the users of such services
given the increasing attempts by oppressive governments at cracking down
controversial IM channels.
We demonstrate the practicality of our traffic analysis attacks through
extensive experiments on real-world IM communications. We show that standard
countermeasure techniques such as adding cover traffic can degrade the
effectiveness of the attacks we introduce in this paper. We hope that our study
will encourage IM providers to integrate effective traffic obfuscation
countermeasures into their software. In the meantime, we have designed and
deployed an open-source, publicly available countermeasure system, called
IMProxy, that can be used by IM clients with no need for any support from IM
providers. We have demonstrated the effectiveness of IMProxy through
experiments
An Innovative Approach Towards Applying Chaum Mixing to SMS
Currently there are few user-friendly applications for anonymous communication across multiple platforms, leaving data that is often both personal and private vulnerable to malicious activity. Mobile devices such as smartphones are prime candidates for such an application as they are pervasive and have standardized communication protocols. Through the application of mixing techniques, these devices can provide anonymity for groups of individuals numbering 30 to 40 members. In this work, a Chaum mix inspired, smartphone based network that uses the Short Message Service (SMS) is described first in theory and then in implementation. This system leverages both techniques used by current anonymity networks as well as knowledge gained from current and past research to make messages private and untraceable. The work addresses previously published attacks to anonymous systems through current and innovative mitigation technique
On Privacy of Encrypted Speech Communications
Silence suppression, an essential feature of speech communications over the Internet, saves bandwidth by disabling voice packet transmissions when silence is detected. However, silence suppression enables an adversary to recover talk patterns from packet timing. In this paper, we investigate privacy leakage through the silence suppression feature. More specifically, we propose a new class of traffic analysis attacks to encrypted speech communications with the goal of detecting speakers of encrypted speech communications. These attacks are based on packet timing information only and the attacks can detect speakers of speech communications made with different codecs. We evaluate the proposed attacks with extensive experiments over different type of networks including commercial anonymity networks and campus networks. The experiments show that the proposed traffic analysis attacks can detect speakers of encrypted speech communications with high accuracy based on traces of 15 minutes long on average
- …