110 likes | 220 Views
VoIP Tracing. Active De-anonymization of Streams. Timing Attacks [LRWW ’04]. “Normal” flows e.g. HTTP, FTP, SSH Think times dominate Very easy to do timing analysis Constant rate flows 10 pkts/sec = 1 pkt. every 0.1 sec All streams look the same Correlations are poor dropped pkts help.
E N D
VoIP Tracing Active De-anonymization of Streams
Timing Attacks [LRWW ’04] • “Normal” flows • e.g. HTTP, FTP, SSH • Think times dominate • Very easy to do timing analysis • Constant rate flows • 10 pkts/sec = 1 pkt. every 0.1 sec • All streams look the same • Correlations are poor • dropped pkts help
VoIP • Similar to constant rate • high rate of pkts (every 20 or 30 ms) • steady flow • no “think times” • Thus • hard to do end-to-end timing analysis
Key Results • ?
A B C X Y Z Trent’s Anonymity Service A Simple Idea
Caveats • VoIP • time-critcal • Why do we care if we degrade the phone service of the terrorists?
Watermarking • No DRM • 1. Alice sells a song online • 2. Mallory & many others buy the song • 3. Mallory puts the song on Kazaa • 4. Alice gets angry • But doesn’t know who did it
Watermarking • DRM • 1. Alice sells a song online • Each copy has a special, hard-to-see, hard-to-remove “stamp” • 2. Mallory & many others buy the song • 3. Mallory puts the song on Kazaa • 4. Alice gets angry • 5. Alice checks the stamp • 6. Mallory goes to jail
Watermarking Packets • Content-based • Embed the stamp in the data • Ideally based on a key • Very hard to remove the stamp • unless you have a key • Cannot change the packet • Why not? • What can you change?
Algorithm • Select about 2r packets at random • independently selected • Select a distance d • Look at delays • between packet x and x+d • Split the 2r delays into two sets • A and B
Algorithm 2 • The differences should be zero • A(i) - B(j) = 0, on average • The actual value is a random variable • distribution: symmetric, centered on 0 • redundancy: number of differences used • Embedding the “stamp” • increase or decrease the average • which one = which bit (0 or 1)