Network communication privacy: traffic masking against traffic analysis

An increasing number of recent experimental works have been demonstrating the supposedly secure channels in the Internet are prone to privacy breaking under many respects, due to traffic features leaking information on the user activity and traffic content. As a matter of example, traffic flow classification at application level, web page identification, language/phrase detection in VoIP communications have all been successfully demonstrated against encrypted channels. In this thesis I aim at understanding if and how complex it is to obfuscate the information leaked by traffic features, namely packet lengths, direction, times. I define a security model that points out what the ideal target of masking is, and then define the optimized and practically implementable masking algorithms, yielding a trade-off between privacy and overhead/complexity of the masking algorithm. Numerical results are based on measured Internet traffic traces. Major findings are that: i) optimized full masking achieves similar overhead values with padding only and in case fragmentation is allowed; ii) if practical realizability is accounted for, optimized statistical masking algorithms attain only moderately better overhead than simple fixed pattern masking algorithms, while still leaking correlation information that can be exploited by the adversary

Adversarial Attacks on Remote User Authentication Using Behavioural Mouse Dynamics

Mouse dynamics is a potential means of authenticating users. Typically, the authentication process is based on classical machine learning techniques, but recently, deep learning techniques have been introduced for this purpose. Although prior research has demonstrated how machine learning and deep learning algorithms can be bypassed by carefully crafted adversarial samples, there has been very little research performed on the topic of behavioural biometrics in the adversarial domain. In an attempt to address this gap, we built a set of attacks, which are applications of several generative approaches, to construct adversarial mouse trajectories that bypass authentication models. These generated mouse sequences will serve as the adversarial samples in the context of our experiments. We also present an analysis of the attack approaches we explored, explaining their limitations. In contrast to previous work, we consider the attacks in a more realistic and challenging setting in which an attacker has access to recorded user data but does not have access to the authentication model or its outputs. We explore three different attack strategies: 1) statistics-based, 2) imitation-based, and 3) surrogate-based; we show that they are able to evade the functionality of the authentication models, thereby impacting their robustness adversely. We show that imitation-based attacks often perform better than surrogate-based attacks, unless, however, the attacker can guess the architecture of the authentication model. In such cases, we propose a potential detection mechanism against surrogate-based attacks.Comment: Accepted in 2019 International Joint Conference on Neural Networks (IJCNN). Update of DO

Real Time Identification of SSH Encrypted Application Flows by Using Cluster Analysis Techniques

Abstract. The identification of application flows is a critical task in order to manage bandwidth requirements of different kind of services (i.e. VOIP, Video, ERP). As network security functions spread, an increasing amount of traffic is natively encrypted due to privacy issues (e.g. VPN). This makes ineffective current traffic classification systems based on ports and payload inspection, e.g. even powerful Deep Packet Inspection is useless to classify application flow carried inside SSH sessions. We have developed a real time traffic classification method based on cluster analysis to identify SSH flows from statistical behavior of IP traffic parameters, such as length, arrival times and direction of packets. In this paper we describe our approach and relevant obtained results. We achieve detection rate up to 99.5 % in classifying SSH flows and accuracy up to 99.88 % for application flows carried within those flows, such as SCP, SFTP and HTTP over SSH

From ideality to practicability in statistical packet features masking

Traffic flow features like packet lengths, direction, gap times have been shown to carry significant information on conveyed the traffic flows they belong to, e. g. enabling application classification with high accuracy and even privacy breaking, even if encryption is used. Such a leakage of user related information can be stopped by modifying the traffic flow features, e.g. for packet lengths by padding, fragmenting or inserting dummy packets. We outline a general approach aiming at full masking of an application layer traffic flow; then, we address the trade-off between information leakage and overhead and we define a practical algorithm to achieve partial traffic masking. Experiments are carried out with traffic, captured on real networks. It turns out that overhead can be substantially reduced if requirements on information leakage are not too strict

Padding and fragmentation for masking packet length statistics

We aim at understanding if and how complex it is to obfuscate traffic features exploited by statistical traffic flow classification tools. We address packet length masking and define perfect masking as an optimization problem, aiming at minimizing overhead. An explicit efficient algorithm is given to compute the optimum masking sequence. Numerical results are provided, based on measured traffic traces. We find that fragmenting requires about the same overhead as padding does. © 2012 Springer-Verlag

Internet Traffic Privacy Enhancement with Masking: Optimization and Tradeoffs

An increasing number of recent experimental works have demonstrated that the supposedly secure channels in the Internet are prone to privacy breaking under many respects, due to packet traffic features leaking information on the user activity and traffic content. We aim at understanding if and how complex it is to obfuscate the information leaked by packet traffic features, namely packet lengths, directions, and times: we call this technique traffic masking. We define a security model that points out what the ideal target of masking is, and then define the optimized traffic masking algorithm that removes any leaking ( full masking). Further, we investigate the tradeoff between traffic privacy protection and masking cost, namely required amount of overhead and realization complexity/feasibility. Numerical results are based on measured Internet traffic traces. Major findings are that: 1) optimized full masking achieves similar overhead values with padding only and in case fragmentation is allowed, and 2) if practical realizability is accounted for, optimized statistical masking attains only moderately better overhead than simple fixed pattern masking does, while still leaking correlation information that can be exploited by the adversary

Investigating the trade-off between overhead and delay for full packet traffic privacy

It has been demonstrated that traffic analysis can disclose information supposedly secured by encrypted channels. Key feature of packetized traffic exploited to that purpose are packet lengths, inter-packet times, direction of packets. This work aims at assessing the overhead and delay implied by traffic masking algorithms that conceal the information leakage exploited by statistical traffic analysis. Traffic masking is obtained by reshaping packet lengths and inter-arrival times in a masking device. It is shown that the overhead-delay trade-off of the masking device is optimized by using circuit like traffic shaping, under the constraint of removing information leakage entirely (full privacy). Numerical examples are provided with real traffic traces both for full privacy and for a relaxed heuristic masking algorithm that leaks some information on packet lengths to mitigate the overhead. © 2013 IEEE

Optimum packet length masking

Application level traffic classification has been addressed in demonstrated recently based on statistical features of packet flows. Among the most significant characteristics is packet length. Even ciphered flows leak information about their content through the sequence of packet length values. There are obvious ways to destroy such side information, e.g. by setting all packet at maximum allowed length. This approach could ential an extremely large overhead, which makes it impractical. There is room to investigate the optimal trade-off between overhead/complexity of packet length masking and suppression of information leakage about flow content through packet length values. In this work we characterize the optimum first order statistical padding technique which guarantees indistinguishability of different application flows. We also discuss how to account for subsequent packet length correlation. Numerical results are shown with reference to real network traffic traces, specifically flows of HTTP, POP3, SSH, and FTP (control session) traffic