6 research outputs found
Nori: Concealing the Concealed Identifier in 5G
IMSI catchers have been a long standing and serious privacy problem in pre-5G
mobile networks. To tackle this, 3GPP introduced the Subscription Concealed
Identifier (SUCI) and other countermeasures in 5G. In this paper, we analyze
the new SUCI mechanism and discover that it provides very poor anonymity when
used with the variable length Network Specific Identifiers (NSI), which are
part of the 5G standard. When applied to real-world name length data, we see
that SUCI only provides 1-anonymity, meaning that individual subscribers can
easily be identified and tracked. We strongly recommend 3GPP and GSMA to
standardize and recommend the use of a padding mechanism for SUCI before
variable length identifiers get more commonly used. We further show that the
padding schemes, commonly used for network traffic, are not optimal for padding
of identifiers based on real names. We propose a new improved padding scheme
that achieves much less message expansion for a given -anonymity.Comment: 9 pages, 8 figures, 1 tabl
Padding Ain't Enough: Assessing the Privacy Guarantees of Encrypted DNS
DNS over TLS (DoT) and DNS over HTTPS (DoH) encrypt DNS to guard user privacy
by hiding DNS resolutions from passive adversaries. Yet, past attacks have
shown that encrypted DNS is still sensitive to traffic analysis. As a
consequence, RFC 8467 proposes to pad messages prior to encryption, which
heavily reduces the characteristics of encrypted traffic. In this paper, we
show that padding alone is insufficient to counter DNS traffic analysis. We
propose a novel traffic analysis method that combines size and timing
information to infer the websites a user visits purely based on encrypted and
padded DNS traces. To this end, we model DNS sequences that capture the
complexity of websites that usually trigger dozens of DNS resolutions instead
of just a single DNS transaction. A closed world evaluation based on the Alexa
top-10k websites reveals that attackers can deanonymize at least half of the
test traces in 80.2% of all websites, and even correctly label all traces for
32.0% of the websites. Our findings undermine the privacy goals of
state-of-the-art message padding strategies in DoT/DoH. We conclude by showing
that successful mitigations to such attacks have to remove the entropy of
inter-arrival timings between query responses
Analytics over Encrypted Traffic and Defenses
Encrypted traffic flows have been known to leak information about their underlying content through statistical properties such as packet lengths and timing. While traffic fingerprinting attacks exploit such information leaks and threaten user privacy by disclosing website visits, videos streamed, and user activity on messaging platforms, they can also be helpful in network management and intelligence services.
Most recent and best-performing such attacks are based on deep learning models. In this thesis, we identify multiple limitations in the currently available attacks and defenses against them. First, these deep learning models do not provide any insights into their decision-making process. Second, most attacks that have achieved very high accuracies are still limited by unrealistic assumptions that affect their practicality. For example, most attacks assume a closed world setting and focus on traffic classification after event completion. Finally, current state-of-the-art defenses still incur high overheads to provide reasonable privacy, which limits their applicability in real-world applications.
In order to address these limitations, we first propose an inline traffic fingerprinting attack based on variable-length sequence modeling to facilitate real-time analytics. Next, we attempt to understand the inner workings of deep learning-based attacks with the dual goals of further improving attacks and designing efficient defenses against such attacks. Then, based on the observations from this analysis, we propose two novel defenses against traffic fingerprinting attacks that provide privacy under more realistic constraints and at lower bandwidth overheads. Finally, we propose a robust framework for open set classification that targets network traffic with this added advantage of being more suitable for deployment in resource-constrained in-network devices