1 / 43

Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis

Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis. Charles V. Wright MIT Lincoln Laboratory. Scott E. Coull Johns Hopkins University. Fabian Monrose University of North Carolina. Presented by Yang Gao 11/2/2011. Outline. Potential Hazards

enrico
Download Presentation

Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Traffic Morphing: An Efficient DefenseAgainst Statistical Traffic Analysis Charles V. Wright MIT Lincoln Laboratory Scott E. Coull Johns Hopkins University Fabian Monrose University of North Carolina Presented by Yang Gao 11/2/2011

  2. Outline Potential Hazards Counter measures and Traffic Morphing How it works? Evaluation and Results

  3. Privacy Security

  4. Privacy Security Packet Size and Timing Information Classification Tools Language of a VoIP call Password in SSH Web browsing habits ... Privacy Leakage

  5. How does the attack happen • Webpage browsing • Statistical Identification of Encrypted Web Browsing Traffic (Sun,Q. Stanford University)

  6. Only Objects number and sizes are recorded A 2000 sample from 100,000 WebPages Jaccard’s coefficient Trained classifier

  7. How does the attack happen • Webpage browsing • Statistical Identification of Encrypted Web Browsing Traffic (Sun,Q. Et Stanford University) • Inferring the Source of Encrypted HTTP Connections (Marc Liberatore and Brian Neil Levine UMA) • Identification of Encrypted VoIP Traffic

  8. Results of the Classifiers

  9. Outline Potential Hazards Counter measures and Traffic Morphing How it works? Evaluation and Results

  10. Countermeasures Padding Mimicking Morphing Sending at fixed time intervals(counter the timing analysis)

  11. Comparison

  12. Traffic Morphing morphing morphing

  13. How does the morphing work? NL1 : NL2 = 2 : 1 L1 L1 L2 L2 L1 L2 NL1 : NL2 = 1 : 2

  14. Outline Potential Hazards Counter measures and Traffic Morphing How it works? Evaluation and Results

  15. Traffic Morphing • Goals • Good resemblance in packet size distribution • Less overhead • Steps • Morphing matrix construction

  16. Morphing Matrix Size x1 Size y1 Size xn Size yn 2*n equations and n2 unknowns

  17. How to solve these equations? • We won't solve them directly. • Convex Optimization • Cost Function • Restrictions

  18. Example L1 L1 L2 L2 L1 L2

  19. Example L1 L1 L2 Add more constrains to avoid this situation. Reduce? L2 L1 L2

  20. Steps for Traffic Morphing • Matrix Construction • Select the source process and calculate the probability distribution of the packets size. • Select the target process and calculate the probability distribution of the packets size. • Solve the morphing matrix with optimization method which could minimize the cost while following the restrictions. • Traffic Morphing • Get the packet to send. • set up a random number to select the element in the matrix • Calculate the corresponding packet size. • Padding or reduce the packet size • Transmit the new packet.

  21. Traffic Morphing • Goals • Good resemblance in packet size distribution • Less overhead • Steps • Morphing matrix construction • Additional Morphing Constraints

  22. Pitfall 1 • System is over-specified • Y = AX • Solution: • Multi-level programming • Find Z which is closest to Y • Find A which such that most efficiently maps X to Z • Z=A’X => Minimize( fd(Y,Z) ) • Z=AX => Minimize( f0(A) )

  23. Traffic Morphing • Goals • Good resemblance in packet size distribution • Less overhead • Steps • Morphing matrix construction • Additional Morphing Constraints • Dealing with Large Sample Spaces

  24. Pitfall 2 • Pool Scalability • Pentium 4 2.8G run 1 hr for 80x80 matrix with 6560 constraints • MTU(40~1500) means 1460x1460 Matrix • Solution • Multi-level method • Sub-matrix Morphing

  25. Multi-level method

  26. Traffic Morphing in sum • Goals • Good resemblance in packet size distribution • Less overhead • Steps • Morphing matrix construction • Convex optimization • Additional Morphing Constraints • 2 level Multi-level programming • Dealing with Large Sample Spaces • Sub-matrix Morphing

  27. Outline Potential Hazards Counter measures and Traffic Morphing How it works? Evaluation and Results

  28. Evaluation Encrypted Voice over IP Web Page Identification Defeating Original Classifier Evaluating Indistinguishability

  29. Encrypted Voice over IP Language Identification of Encrypted VoIP Traffic:Alejandra y Roberto or Alice and Bob? Charles V. Wright Lucas Ballard Fabian Monrose Gerald M. Masson from Department of Computer Science Johns Hopkins University

  30. White box encode

  31. Why even the encrypted voice packet will leak information Unigram frequencies of bit rates

  32. 2-gram resemblance

  33. Blackbox

  34. Results for original classifier

  35. Results for Indistinguishablity

  36. Overhead

  37. Web page Identification

  38. Overhead

  39. Practical Considerations • Short Network Sessions • Short of packets generated by source? • Keep generating until reach a distance threshold • Variations in Source Distribution • Packets size difference for training and using? • Divide and conquer • Reduced Packet Sizes • How to deal with the reduced packet size in HTTP • Packing to the next

  40. Traffic Morphing in a nut shell • Resemblance • Morphing Matrix • Convex Optimization • Overhead Minimization • Additional Morphing Constraints • Dealing with Large Sample Spaces • Practical Considerations • Short Network Sessions • Variations in Source Distribution • Reduced Packet Sizes

  41. Conclusion User privacy are vulnerable even under encryption protected. Traffic morphing is effective and robust Traffic morphing is applicable. Traffic morphing is much more efficient than padding.

  42. Discussion deny System call sequence Malicious call combination library accept morphing • The other side of morphing • Anti-intrude-detection. • Mimicry attack

  43. Thank you!

More Related