1 / 11

Invisible Traceback in the Internet

Invisible Traceback in the Internet. Reference Wei Yu, Xinwen Fu,  Steve Graham, Dong Xuan and Wei Zhao, DSSS-Based Flow Marking Technique for Invisible Traceback , in Proc. of IEEE Symposium on Security and Privacy (Oakland), May  2007, pp18-32 . Traceback. Traceback in the Internet.

landry
Download Presentation

Invisible Traceback in the Internet

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Invisible Traceback in the Internet • Reference • Wei Yu, Xinwen Fu,  Steve Graham, Dong Xuan and Wei Zhao, DSSS-Based Flow Marking Technique for Invisible Traceback, in Proc. of IEEE Symposium on Security and Privacy (Oakland), May  2007, pp18-32

  2. Traceback

  3. Traceback in the Internet • Internet has brought convenience to our everyday lives • However, it has also become a breeding ground for a variety of crimes • Network forensics has become part of legal surveillance • We study flow marking for a fundamental network-based forensic technique,traceback

  4. Problem Definition Network Sender Receiver • Suspect Sender is sending traffic through encrypted and anonymous channel, how can Investigators trace who is the receiver?

  5. Sniffer Interferer Investigator HQ The investigators know that Sender communicates with Receiver Traffic Confirmation by Flow Marking • Investigators want to know if Sender and Receiver are communicating Sender Receiver Anonymous Channel

  6. Issues in Flow Marking • Traceback accuracy • Periodic pattern ok? • Traceback secrecy • Traceback without conscience of suspects DSSS-based technique for accuracy and secrecy in traceback!

  7. Basic Direct Sequence Spread Spectrum (DSSS) • A pseudo-noise code is used for spreading a signal and despreading the spread signal Interferer Sniffer rb dr Spreading Despreading Original Signal dt Recovered Signal tb noisy channel cr ct PN Code PN Code

  8. Tc (chip) NcTc Example – Spreading and Despreading • Signal dt: 1 -1 • DSSS code ct: 1 1 1 -1 1 -1 -1 • Spread signal tb=dt.ct=1 1 1 -1 1 -1 -1 -1 -1 -1 +1 -1 1 1 • One symbol is “represented” by 7 chips • PN code is random and not visible in time and frequency domains • Despreading is the reverse process of spreading +1 dt t -1 tb t +1 t ct -1

  9. Mark Generation by Interferer Original Signal dt • Choose a random signal • Obtain the spread signal • Modulate a target traffic flow by appropriate interference • Chip +1: without interference • Chip -1: with interference • Low interference favors traceback secrecy ct PN Code tb Flow Modulator tx Internet rx = spread signal + noise

  10. Mark Recognition by Sniffer rx = spread signal + noise • Sample received traffic to derive traffic rate time series • Use high-pass filter to remove direct component by Fast Fourier Transform (FFT) • Despreading by local DSSS code • Use low-pass filter to remove high-frequency noise • Make decision • Recovered signal == Original signal? High-pass Filter rx’ cr PN Code rb Low-pass Filter Decision Rule

  11. Thank you ! Questions?

More Related