82 research outputs found
Evaluation of Anonymized ONS Queries
Electronic Product Code (EPC) is the basis of a pervasive infrastructure for
the automatic identification of objects on supply chain applications (e.g.,
pharmaceutical or military applications). This infrastructure relies on the use
of the (1) Radio Frequency Identification (RFID) technology to tag objects in
motion and (2) distributed services providing information about objects via the
Internet. A lookup service, called the Object Name Service (ONS) and based on
the use of the Domain Name System (DNS), can be publicly accessed by EPC
applications looking for information associated with tagged objects. Privacy
issues may affect corporate infrastructures based on EPC technologies if their
lookup service is not properly protected. A possible solution to mitigate these
issues is the use of online anonymity. We present an evaluation experiment that
compares the of use of Tor (The second generation Onion Router) on a global
ONS/DNS setup, with respect to benefits, limitations, and latency.Comment: 14 page
ATTACK AGAINST ANONYMITY USING CELL COUNTING
Various low-latency anonymous communication systems such as Tor and Anonymizer have been designed to provide anonymity service for users. In order to hide the communication of users, most of the anonymity systems pack the application data into equal-sized cells. Via extensive experiments on Tor, we found that the size of IP packets in the Tor network can be very dynamic because a cell is an application concept and the IP layer may repack cells. Based on this finding, we investigate a new cell-counting-based attack against Tor, which allows the attacker to confirm anonymous communication relationship among users very quickly. In this attack, by marginally varying the number of cells in the target traffic at the malicious exit onion router, the attacker can embed a secret signal into the variation of cell counter of the target traffic. The embedded signal will be carried along with the target traffic and arrive at the malicious entry onion router. Then, an accomplice of the attacker at themalicious entry onion router will detect the embedded signal based on the received cells and confirm the communication relationship among users. We have implemented this attack against Tor, and our experimental data validate its feasibility and effectiveness. There are several unique features of this attack. First, this attack is highly efficient and can confirm very short communication sessions with only tens of cells. Second, this attack is effective, and its detection rate approaches 100% with a very low false positive rate. Third, it is possible to implement the attack in a way that appears to be very difficult for honest participants to detect
Recommended from our members
The online stolen data market: disruption and intervention approaches
This article brings a new taxonomy and collation of intervention and disruption methods that can be applied to the online stolen data market. These online market-places are used to buy and sell identity and financial information, as well as the products and services that enable this economy. This article combines research findings from computer science with criminology to provide a multidisciplinary approach to crimes committed with the use of technology.This work was supported by the Department of Homeland Security (DHS) Science and Technology Directorate, Cyber Security Division (DHSS&T/CSD) Broad Agency Announcement 11.02, the Government of Australia and SPAWAR Systems Center Pacific under contract number N66001-13-C-0131, to A.H.; and the National Institute of Justice, Office of Justice Programs, U.S. Department of Justice under grant number 2010-IJ-CX-1676, 2010, to T. H.This is the author accepted manuscript. The final version is available from Taylor & Francis via http://dx.doi.org/10.1080/17440572.2016.119712
TARANET: Traffic-Analysis Resistant Anonymity at the NETwork layer
Modern low-latency anonymity systems, no matter whether constructed as an
overlay or implemented at the network layer, offer limited security guarantees
against traffic analysis. On the other hand, high-latency anonymity systems
offer strong security guarantees at the cost of computational overhead and long
delays, which are excessive for interactive applications. We propose TARANET,
an anonymity system that implements protection against traffic analysis at the
network layer, and limits the incurred latency and overhead. In TARANET's setup
phase, traffic analysis is thwarted by mixing. In the data transmission phase,
end hosts and ASes coordinate to shape traffic into constant-rate transmission
using packet splitting. Our prototype implementation shows that TARANET can
forward anonymous traffic at over 50~Gbps using commodity hardware
- …