13,796 research outputs found
ToR K-Anonymity against deep learning watermarking attacks
It is known that totalitarian regimes often perform surveillance and censorship of their
communication networks. The Tor anonymity network allows users to browse the Internet
anonymously to circumvent censorship filters and possible prosecution. This has made
Tor an enticing target for state-level actors and cooperative state-level adversaries, with
privileged access to network traffic captured at the level of Autonomous Systems(ASs) or
Internet Exchange Points(IXPs).
This thesis studied the attack typologies involved, with a particular focus on traffic
correlation techniques for de-anonymization of Tor endpoints. Our goal was to design a
test-bench environment and tool, based on recently researched deep learning techniques
for traffic analysis, to evaluate the effectiveness of countermeasures provided by recent ap-
proaches that try to strengthen Tor’s anonymity protection. The targeted solution is based
on K-anonymity input covert channels organized as a pre-staged multipath network.
The research challenge was to design a test-bench environment and tool, to launch
active correlation attacks leveraging traffic flow correlation through the detection of in-
duced watermarks in Tor traffic. To de-anonymize Tor connection endpoints, our tool
analyses intrinsic time patterns of Tor synthetic egress traffic to detect flows with previ-
ously injected time-based watermarks.
With the obtained results and conclusions, we contributed to the evaluation of the
security guarantees that the targeted K-anonymity solution provides as a countermeasure
against de-anonymization attacks.Já foi extensamente observado que em vários países governados por regimes totalitários
existe monitorização, e consequente censura, nos vários meios de comunicação utilizados.
O Tor permite aos seus utilizadores navegar pela internet com garantias de privacidade e
anonimato, de forma a evitar bloqueios, censura e processos legais impostos pela entidade
que governa. Estas propriedades tornaram a rede Tor um alvo de ataque para vários
governos e ações conjuntas de várias entidades, com acesso privilegiado a extensas zonas
da rede e vários pontos de acesso à mesma.
Esta tese realiza o estudo de tipologias de ataques que quebram o anonimato da rede
Tor, com especial foco em técnicas de correlação de tráfegos. O nosso objetivo é realizar
um ambiente de estudo e ferramenta, baseada em técnicas recentes de aprendizagem pro-
funda e injeção de marcas de água, para avaliar a eficácia de contramedidas recentemente
investigadas, que tentam fortalecer o anonimato da rede Tor. A contramedida que pre-
tendemos avaliar é baseada na criação de multi-circuitos encobertos, recorrendo a túneis
TLS de entrada, de forma a acoplar o tráfego de um grupo anonimo de K utilizadores. A
solução a ser desenvolvida deve lançar um ataque de correlação de tráfegos recorrendo a
técnicas ativas de indução de marcas de água. Esta ferramenta deve ser capaz de correla-
cionar tráfego sintético de saída de circuitos Tor, realizando a injeção de marcas de água à
entrada com o propósito de serem detetadas num segundo ponto de observação. Aplicada
a um cenário real, o propósito da ferramenta está enquadrado na quebra do anonimato
de serviços secretos fornecidos pela rede Tor, assim como os utilizadores dos mesmos.
Os resultados esperados irão contribuir para a avaliação da solução de anonimato de
K utilizadores mencionada, que é vista como contramedida para ataques de desanonimi-
zação
Blindspot: Indistinguishable Anonymous Communications
Communication anonymity is a key requirement for individuals under targeted
surveillance. Practical anonymous communications also require
indistinguishability - an adversary should be unable to distinguish between
anonymised and non-anonymised traffic for a given user. We propose Blindspot, a
design for high-latency anonymous communications that offers
indistinguishability and unobservability under a (qualified) global active
adversary. Blindspot creates anonymous routes between sender-receiver pairs by
subliminally encoding messages within the pre-existing communication behaviour
of users within a social network. Specifically, the organic image sharing
behaviour of users. Thus channel bandwidth depends on the intensity of image
sharing behaviour of users along a route. A major challenge we successfully
overcome is that routing must be accomplished in the face of significant
restrictions - channel bandwidth is stochastic. We show that conventional
social network routing strategies do not work. To solve this problem, we
propose a novel routing algorithm. We evaluate Blindspot using a real-world
dataset. We find that it delivers reasonable results for applications requiring
low-volume unobservable communication.Comment: 13 Page
Hang With Your Buddies to Resist Intersection Attacks
Some anonymity schemes might in principle protect users from pervasive
network surveillance - but only if all messages are independent and unlinkable.
Users in practice often need pseudonymity - sending messages intentionally
linkable to each other but not to the sender - but pseudonymity in dynamic
networks exposes users to intersection attacks. We present Buddies, the first
systematic design for intersection attack resistance in practical anonymity
systems. Buddies groups users dynamically into buddy sets, controlling message
transmission to make buddies within a set behaviorally indistinguishable under
traffic analysis. To manage the inevitable tradeoffs between anonymity
guarantees and communication responsiveness, Buddies enables users to select
independent attack mitigation policies for each pseudonym. Using trace-based
simulations and a working prototype, we find that Buddies can guarantee
non-trivial anonymity set sizes in realistic chat/microblogging scenarios, for
both short-lived and long-lived pseudonyms.Comment: 15 pages, 8 figure
A survey on pseudonym changing strategies for Vehicular Ad-Hoc Networks
The initial phase of the deployment of Vehicular Ad-Hoc Networks (VANETs) has
begun and many research challenges still need to be addressed. Location privacy
continues to be in the top of these challenges. Indeed, both of academia and
industry agreed to apply the pseudonym changing approach as a solution to
protect the location privacy of VANETs'users. However, due to the pseudonyms
linking attack, a simple changing of pseudonym shown to be inefficient to
provide the required protection. For this reason, many pseudonym changing
strategies have been suggested to provide an effective pseudonym changing.
Unfortunately, the development of an effective pseudonym changing strategy for
VANETs is still an open issue. In this paper, we present a comprehensive survey
and classification of pseudonym changing strategies. We then discuss and
compare them with respect to some relevant criteria. Finally, we highlight some
current researches, and open issues and give some future directions
Octopus: A Secure and Anonymous DHT Lookup
Distributed Hash Table (DHT) lookup is a core technique in structured
peer-to-peer (P2P) networks. Its decentralized nature introduces security and
privacy vulnerabilities for applications built on top of them; we thus set out
to design a lookup mechanism achieving both security and anonymity, heretofore
an open problem. We present Octopus, a novel DHT lookup which provides strong
guarantees for both security and anonymity. Octopus uses attacker
identification mechanisms to discover and remove malicious nodes, severely
limiting an adversary's ability to carry out active attacks, and splits lookup
queries over separate anonymous paths and introduces dummy queries to achieve
high levels of anonymity. We analyze the security of Octopus by developing an
event-based simulator to show that the attacker discovery mechanisms can
rapidly identify malicious nodes with low error rate. We calculate the
anonymity of Octopus using probabilistic modeling and show that Octopus can
achieve near-optimal anonymity. We evaluate Octopus's efficiency on Planetlab
with 207 nodes and show that Octopus has reasonable lookup latency and
manageable communication overhead
Conscript Your Friends into Larger Anonymity Sets with JavaScript
We present the design and prototype implementation of ConScript, a framework
for using JavaScript to allow casual Web users to participate in an anonymous
communication system. When a Web user visits a cooperative Web site, the site
serves a JavaScript application that instructs the browser to create and submit
"dummy" messages into the anonymity system. Users who want to send non-dummy
messages through the anonymity system use a browser plug-in to replace these
dummy messages with real messages. Creating such conscripted anonymity sets can
increase the anonymity set size available to users of remailer, e-voting, and
verifiable shuffle-style anonymity systems. We outline ConScript's
architecture, we address a number of potential attacks against ConScript, and
we discuss the ethical issues related to deploying such a system. Our
implementation results demonstrate the practicality of ConScript: a workstation
running our ConScript prototype JavaScript client generates a dummy message for
a mix-net in 81 milliseconds and it generates a dummy message for a
DoS-resistant DC-net in 156 milliseconds.Comment: An abbreviated version of this paper will appear at the WPES 2013
worksho
An Empirical Study of the I2P Anonymity Network and its Censorship Resistance
Tor and I2P are well-known anonymity networks used by many individuals to
protect their online privacy and anonymity. Tor's centralized directory
services facilitate the understanding of the Tor network, as well as the
measurement and visualization of its structure through the Tor Metrics project.
In contrast, I2P does not rely on centralized directory servers, and thus
obtaining a complete view of the network is challenging. In this work, we
conduct an empirical study of the I2P network, in which we measure properties
including population, churn rate, router type, and the geographic distribution
of I2P peers. We find that there are currently around 32K active I2P peers in
the network on a daily basis. Of these peers, 14K are located behind NAT or
firewalls.
Using the collected network data, we examine the blocking resistance of I2P
against a censor that wants to prevent access to I2P using address-based
blocking techniques. Despite the decentralized characteristics of I2P, we
discover that a censor can block more than 95% of peer IP addresses known by a
stable I2P client by operating only 10 routers in the network. This amounts to
severe network impairment: a blocking rate of more than 70% is enough to cause
significant latency in web browsing activities, while blocking more than 90% of
peer IP addresses can make the network unusable. Finally, we discuss the
security consequences of the network being blocked, and directions for
potential approaches to make I2P more resistant to blocking.Comment: 14 pages, To appear in the 2018 Internet Measurement Conference
(IMC'18
- …