1 / 21

Toward Prevention of Traffic Analysis

Toward Prevention of Traffic Analysis. Fengfeng Tu 11/26/01. Discussion Outline. What is traffic analysis? What are traffic analysis attacks? How to prevent traffic analysis attacks? Problems Conclusion. Traffic Analysis. Monitor the network traffic e.g. log files, webpage hits, etc.

Download Presentation

Toward Prevention of Traffic Analysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Toward Prevention of Traffic Analysis Fengfeng Tu 11/26/01

  2. Discussion Outline • What is traffic analysis? • What are traffic analysis attacks? • How to prevent traffic analysis attacks? • Problems • Conclusion

  3. Traffic Analysis • Monitor the network traffic • e.g. log files, webpage hits, etc. • http://www.openwebscope.com/samples/math_yale_stats.html • Gain useful information from statistical analysis • Who communicates with whom, when, how long, where? • Who is interested in what contents?

  4. Traffic Analysis Attacks • An adversary is doing traffic analysis • e.g., earlier versions of SSH protocol • Communication Pattern • Sender-recipient matchings • Traffic volume, traffic shape • Duration • Examples of sensitive info • Possible corporate takeover • Importance of communicating parties

  5. Anti-Traffic Analysis • Anonymizer • AT&T Crowds • Onion Routing • Pentagon hides behind onion wraps • Freedom • Most are Chaum Mix-like

  6. Chaum Mixes • David Chaum. “Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms”, Communication of the ACM, 1981. • Mix nodes are intermediate processors that a message goes through. • Purpose - hide the correspondences between the incoming and outgoing messages.

  7. How it works? • The message will be sent through a series of mix nodes: 1, 2, …,d-1, d. The user encrypts the message with node d’s private key, then encrypts the result with (d-1)’s private key and so on. K1(R1, K2(R2, KY(R0, M), AY), A2), A1 KY(R0, M), AY MIX 1 MIX 2 X Y K2(R2, KY(R0, M), AY), A2

  8. How it works? (Cont’) • The mix nodes receive a certain number of these messages which they decrypt, randomly reorder and send to the next node • The order of outgoing messages changed, so it is nearly impossible to correlate a message that comes in with a message that goes out.

  9. A Mix Node

  10. How it works? (Cont’) • Link-to-link encryption is not sufficient. • Mix nodes are not trusted (insider attacks). • Why do we need random numbers? MIX 1 X Y K1(KY(M), AY), A1 KY(M), AY Encrypt it with K1 => K1(KY(M), AY) = ?

  11. Characteristics • Sender/Recipient Anonymity - each mix node only knows the previous and next node in a received message’s route. • Constant message length • Large message are chopped into short ones with a specific constant length • Padding if the message is too small • Each message is processed by a Mix only once

  12. A Simple Example

  13. Problems? • Brute Force Attacks • Duration of a communication can be observed. • An extreme case:

  14. Dummy Traffic • All users send messages at all times • All users start and end their communication at the same time • Long communication is chopped into slices • If a user has nothing to send, it sends random numbers indistinguishable from real (encrypted) messages. • Reduce delay

  15. Problems • Imposing rigid structure on user communications • Dummy messages waste resources • Delays at the Mixes. • Cost of nested encryption

  16. Routing Issues • Rerouting or Multi-path routing to improve network utilization • Reduce the dummy traffic volume 2.5Mbps 5Mbps 2.5Mbps 5Mbps 2.5Mbps 2.5Mbps 5Mbps 5Mbps All are real traffic Dummy traffic

  17. Rerouting • Host-based rerouting • Compute the shortest path for each flow • Select a flow randomly or according to a sequence defined in advance. • Remove the traffic requirement for that flow • Reroute flow to reduce an objective function value, with routing paths for all other flows fixed • Go to step (ii) until all flows have been examined at least once, but no further improvements are possible

  18. Problems • Solving a system of linear inequalities • Linear programming • The computation is centralized to avoid local hot spot problem • Too expensive: consider all flows • Vulnerable to single-point failure

  19. Conclusion • Anonymity and Unobservability are hard to achieve in Internet • The situation is worse in wireless (ad hoc) networks • The media is open • Link transmission interference • Multi-path routing needed • Distributed algorithm

  20. Literature Research • David Chaum. Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. Communication of the ACM, 1981. • J. Raymond. Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems. • O. Berthold, et al. Project “Anonymity and Unobservability in the Internet”. CFP 2000. • M. Reed, et al. Anonymous Connections and Onion Routing. IEEE Journal on Special Areas in Communications, May 1998 • R. Newman, et al. High Level Prevention of Traffic Analysis. 7th Annual Computer Security and Applications Conference, Dec. 1991. • S. Jiang, et al. Routing in Packet Radio Networks to Prevent Traffic Analysis. Proc. of IEEE Information Assurance and Security Workshop, West Point, NY, June 2000. • http://netcamo.cs.tamu.edu/

More Related