On traffic analysis attacks and countermeasures

Security and privacy have gained more and more attention with the rapid growth and public acceptance of the Internet as a means of communication and information dissemination. Security and privacy of a computing or network system may be compromised by a variety of well-crafted attacks. In this dissertation, we address issues related to security and privacy in computer network systems. Specifically, we model and analyze a special group of network attacks, known as traffic analysis attacks, and develop and evaluate their countermeasures. Traffic analysis attacks aim to derive critical information by analyzing traffic over a network. We focus our study on two classes of traffic analysis attacks: link-load analysis attacks and flow-connectivity analysis attacks. Our research has made the following conclusions: 1. We have found that an adversary may effectively discover link load by passively analyzing selected statistics of packet inter-arrival times of traffic flows on a network link. This is true even if some commonly used countermeasures (e.g., link padding) have been deployed. We proposed an alternative effective countermeasure to counter this passive traffic analysis attack. Our extensive experimental results indicated this to be an effective approach. 2. Our newly proposed countermeasure may not be effective against active traffic analysis attacks, which an adversary may also use to discover the link load. We developed methodologies in countering these kinds of active attacks. 3. To detect the connectivity of a flow, an adversary may embed a recognizable pattern of marks into traffic flows by interference. We have proposed new countermeasures based on the digital filtering technology. Experimental results have demonstrated the effectiveness of our method. From our research, it is obvious that traffic analysis attacks present a serious challenge to the design of a secured computer network system. It is the objective of this study to develop robust but cost-effective solutions to counter link-load analysis attacks and flow-connectivity analysis attacks. It is our belief that our methodology can provide a solid foundation for studying the entire spectrum of traffic analysis attacks and their countermeasures

Greigite formed in early Pleistocene lacustrine sediments from the Heqing Basin, southwest China, and its paleoenvironmental implications

The ferrimagnetic iron sulfide greigite (Fe3S4) occurs widely in sulfidic lacustrine and marine sedimentary environments. Knowledge of its formation and persistence is important for both magnetostratigraphic and paleoenvironmental studies. Although the formation mechanism of greigite has been widely demonstrated, the sedimentary environments associated with greigite formation in lakes, especially on relatively long timescales, are poorly understood. A long and continuous sequence of Pleistocene lacustrine sediments was recovered in the Heqing drill core from southwestern China, which provides an outstanding record of continental climate and environment. Integrated magnetic, geochemical, and paleoclimatic analysis of the lacustrine sequence provides an opportunity to improve our understanding of the environmental controls on greigite formation. Rock magnetic and scanning electron microscope analyses of selected samples from the core reveal that greigite is present in the lower part of the core (part 1, 665.8-372.5 m). Greigite occurs throughout this interval and is the dominant magnetic mineral, irrespective of the climatic state. The magnetic susceptibility (chi) record, which is mainly controlled by the concentration of greigite, matches well with variations in the Indian Summer Monsoon (ISM) index and total organic carbon (TOC) content, with no significant time lag. This indicates that the greigite formed during early diagenesis. In greigite-bearing intervals, with the chi increase, B-c value increase and tends to be stable at about 50 mT. Therefore, we suggest that chi values could estimate the variation of greigite concentration approximately in the Heqing core. Greigite favored more abundant in terrigenous-rich and organic poor layers associated with weak summer monsoon which are characterized by high chi values, high Fe content, high Rb/Sr ratio and low TOC content. Greigite enhancement can be explained by variations in terrigenous inputs. Our studies demonstrate that, not only the greigite formation, but also its concentration changes could be useful for studying climatic and environmental variability in sulfidic environments

SBVLC:Secure Barcode-based Visible Light Communication for Smartphones

2D barcodes have enjoyed a significant penetration rate in mobile applications. This is largely due to the extremely low barrier to adoption – almost every camera-enabled smartphone can scan 2D barcodes. As an alternative to NFC technology, 2D barcodes have been increasingly used for security-sensitive mobile applications including mobile payments and personal identification. However, the security of barcode-based communication in mobile applications has not been systematically studied. Due to the visual nature, 2D barcodes are subject to eavesdropping when they are displayed on the smartphone screens. On the other hand, the fundamental design principles of 2D barcodes make it difficult to add security features. In this paper, we propose SBVLC - a secure system for barcode-based visible light communication (VLC) between smartphones. We formally analyze the security of SBVLC based on geometric models and propose physical security enhancement mechanisms for barcode communication by manipulating screen view angles and leveraging user-induced motions. We then develop three secure data exchange schemes that encode information in barcode streams. These schemes are useful in many security-sensitive mobile applications including private information sharing, secure device pairing, and contactless payment. SBVLC is evaluated through extensive experiments on both Android and iOS smartphones

Analytical and Empirical Analysis of Countermeasures to Traffic Analysis Attacks

This paper studies countermeasures to traffic analysis attacks. A common strategy for such countermeasures is traffic padding. We consider systems where payload traffic may be padded to have either constant inter-arrival times or variable inter-arrival times for their packets. The adversary applies statistical recognition techniques to detect the payload traffic rates and may use statistical measures, such as sample mean, sample variance, or sample entropy, to perform such a detection. We evaluate quantitatively the ability of the adversary to make a correct detection. We derive closed-form formulas for the detection rate based on analytical models we establish. Extensive experiments were carried out to validate the system performance predicted by the analytical method. Based on the systematic evaluations, we develop design guidelines that allow a manager to properly configure a system in order to minimize the detection rate.

Correlation-Based Traffic Analysis Attacks on Anonymity Networks

In this paper, we address attacks that exploit the timing behavior of TCP and other protocols and applications in low-latency anonymity networks. Mixes have been used in many anonymous communication systems and are supposed to provide countermeasures to defeat traffic analysis attacks. In this paper, we focus on a particular class of traffic analysis attacks, flow-correlation attacks, by which an adversary attempts to analyze the network traffic and correlate the traffic of a flow over an input link with that over an output link. Two classes of correlation methods are considered, namely time-domain methods and frequency-domain methods. Based on our threat model and known strategies in existing mix networks, we perform extensive experiments to analyze the performance of mixes. We find that all but a few batching strategies fail against flow-correlation attacks, allowing the adversary to either identify ingress and egress points of a flow or to reconstruct the path used by the flow. Counterintuitively, some batching strategies are actually detrimental against attacks. The empirical results provided in this paper give an indication to designers of Mix networks about appropriate configurations and mechanisms to be used to counter flow-correlation attacks

Correlation-Based Traffic Analysis Attacks on Anonymity Networks

In this paper, we address attacks that exploit the timing behavior of TCP and other protocols and applications in low-latency anonymity networks. Mixes have been used in many anonymous communication systems and are supposed to provide countermeasures to defeat traffic analysis attacks. In this paper, we focus on a particular class of traffic analysis attacks, flow-correlation attacks, by which an adversary attempts to analyze the network traffic and correlate the traffic of a flow over an input link with that over an output link. Two classes of correlation methods are considered, namely time-domain methods and frequency-domain methods. Based on our threat model and known strategies in existing mix networks, we perform extensive experiments to analyze the performance of mixes. We find that all but a few batching strategies fail against flow-correlation attacks, allowing the adversary to either identify ingress and egress points of a flow or to reconstruct the path used by the flow. Counterintuitively, some batching strategies are actually detrimental against attacks. The empirical results provided in this paper give an indication to designers of Mix networks about appropriate configurations and mechanisms to be used to counter flow-correlation attacks

The Effect of Consistency on Short-Term Memory for Scenes

Which is more detectable, the change of a consistent or an inconsistent object in a scene? This question has been debated for decades. We noted that the change of objects in scenes might simultaneously be accompanied with gist changes. In the present study we aimed to examine how the alteration of gist, as well as the consistency of the changed objects, modulated change detection. In Experiment 1, we manipulated the semantic content by either keeping or changing the consistency of the scene. Results showed that the changes of consistent and inconsistent scenes were equally detected. More importantly, the changes were more accurately detected when scene consistency changed than when the consistency remained unchanged, regardless of the consistency of the memory scenes. A phase-scrambled version of stimuli was adopted in Experiment 2 to decouple the possible confounding effect of low-level factors. The results of Experiment 2 demonstrated that the effect found in Experiment 1 was indeed due to the change of high-level semantic consistency rather than the change of low-level physical features. Together, the study suggests that the change of consistency plays an important role in scene short-term memory, which might be attributed to the sensitivity to the change of semantic content

Late Miocene magnetostratigraphy of Jianzha Basin in the northeastern margin of the Tibetan Plateau and changes in the East Asian summer monsoon

Jianzha Basin is located in the northeastern Tibetan Plateau (NETP) and contains a thick sequence of Cenozoic sediments that are an archive of information about the growth of the Tibetan Plateau and the evolution of the arid environment of the interior of Asia. Here, we present magnetostratigraphic and palaeoenvironmental records from a 361-m-thick sequence of Late Cenozoic eolian Red Clay and intercalated fluviolacustrine deposits in the Jianzha Basin. The magnetostratigraphic results show that the sediments have recorded a continuous geomagnetic polarity sequence from C5r.3r to C3r, spanning the interval from 11.8 to 5.8Ma in the Late Miocene. There are two intervals of rapidly fluctuating sedimentation rates between similar to 10 and similar to 6Ma, which we interpret as a response to a series of uplifts and expansions to the north and to the east in the NETP. The fluctuations in Rb/Sr ratio and magnetic susceptibility before similar to 8.57Ma reflect intensified East Asian summer monsoon (EASM) precipitation which resulted from the growth of the NETP. From similar to 8.57 to similar to 7.21Ma, the EASM was impacted by global cooling and ice build-up in the Northern Hemisphere in addition to the uplift of the Tibetan Plateau (TP) in the Late Miocene. From similar to 8.57 to similar to 7.21Ma, there is a lack of coherency between the fluctuations in MS and Rb/Sr ratio; however, subsequently, there is significant coherency between the Rb/Sr ratio and the deep-sea oxygen isotope record present. This suggests that from similar to 8.57Ma, the eolian Red Clay sediments in the Jianzha Basin were significantly affected by the addition of dust derived from the deforming and uplifting areas of the TP