456 research outputs found
Non-blind watermarking of network flows
Linking network flows is an important problem in intrusion detection as well
as anonymity. Passive traffic analysis can link flows but requires long periods
of observation to reduce errors. Active traffic analysis, also known as flow
watermarking, allows for better precision and is more scalable. Previous flow
watermarks introduce significant delays to the traffic flow as a side effect of
using a blind detection scheme; this enables attacks that detect and remove the
watermark, while at the same time slowing down legitimate traffic. We propose
the first non-blind approach for flow watermarking, called RAINBOW, that
improves watermark invisibility by inserting delays hundreds of times smaller
than previous blind watermarks, hence reduces the watermark interference on
network flows. We derive and analyze the optimum detectors for RAINBOW as well
as the passive traffic analysis under different traffic models by using
hypothesis testing. Comparing the detection performance of RAINBOW and the
passive approach we observe that both RAINBOW and passive traffic analysis
perform similarly good in the case of uncorrelated traffic, however, the
RAINBOW detector drastically outperforms the optimum passive detector in the
case of correlated network flows. This justifies the use of non-blind
watermarks over passive traffic analysis even though both approaches have
similar scalability constraints. We confirm our analysis by simulating the
detectors and testing them against large traces of real network flows
Towards Provably Invisible Network Flow Fingerprints
Network traffic analysis reveals important information even when messages are
encrypted. We consider active traffic analysis via flow fingerprinting by
invisibly embedding information into packet timings of flows. In particular,
assume Alice wishes to embed fingerprints into flows of a set of network input
links, whose packet timings are modeled by Poisson processes, without being
detected by a watchful adversary Willie. Bob, who receives the set of
fingerprinted flows after they pass through the network modeled as a collection
of independent and parallel queues, wishes to extract Alice's embedded
fingerprints to infer the connection between input and output links of the
network. We consider two scenarios: 1) Alice embeds fingerprints in all of the
flows; 2) Alice embeds fingerprints in each flow independently with probability
. Assuming that the flow rates are equal, we calculate the maximum number of
flows in which Alice can invisibly embed fingerprints while having those
fingerprints successfully decoded by Bob. Then, we extend the construction and
analysis to the case where flow rates are distinct, and discuss the extension
of the network model
Steganography: a Class of Algorithms having Secure Properties
Chaos-based approaches are frequently proposed in information hiding, but
without obvious justification. Indeed, the reason why chaos is useful to tackle
with discretion, robustness, or security, is rarely elucidated. This research
work presents a new class of non-blind information hidingalgorithms based on
some finite domains iterations that are Devaney's topologically chaotic. The
approach is entirely formalized and reasons to take place into the mathematical
theory of chaos are explained. Finally, stego-security and chaos security are
consequently proven for a large class of algorithms.Comment: 4 pages, published in Seventh International Conference on Intelligent
Information Hiding and Multimedia Signal Processing, IIH-MSP 2011, Dalian,
China, October 14-16, 201
Steganography: a class of secure and robust algorithms
This research work presents a new class of non-blind information hiding
algorithms that are stego-secure and robust. They are based on some finite
domains iterations having the Devaney's topological chaos property. Thanks to a
complete formalization of the approach we prove security against watermark-only
attacks of a large class of steganographic algorithms. Finally a complete study
of robustness is given in frequency DWT and DCT domains.Comment: Published in The Computer Journal special issue about steganograph
DeMarking: A Defense for Network Flow Watermarking in Real-Time
The network flow watermarking technique associates the two communicating
parties by actively modifying certain characteristics of the stream generated
by the sender so that it covertly carries some special marking information.
Some curious users communicating with the hidden server as a Tor client may
attempt de-anonymization attacks to uncover the real identity of the hidden
server by using this technique. This compromises the privacy of the anonymized
communication system. Therefore, we propose a defense scheme against flow
watermarking. The scheme is based on deep neural networks and utilizes
generative adversarial networks to convert the original Inter-Packet Delays
(IPD) into new IPDs generated by the model. We also adopt the concept of
adversarial attacks to ensure that the detector will produce an incorrect
classification when detecting these new IPDs. This approach ensures that these
IPDs are considered "clean", effectively covering the potential watermarks.
This scheme is effective against time-based flow watermarking techniques
- …