Towards provably invisible network flow fingerprints

  title={Towards provably invisible network flow fingerprints},
  author={Ramin Soltani and Dennis L. Goeckel and Donald F. Towsley and Amir Houmansadr},
  journal={2017 51st Asilomar Conference on Signals, Systems, and Computers},
Network traffic analysis reveals important information even when messages are encrypted. We consider active traffic analysis via flow fingerprinting by invisibly embedding information into packet timings of flows. In particular, assume Alice wishes to embed fingerprints into flows of a set of network input links, whose packet timings are modeled by Poisson processes, without being detected by a watchful adversary Willie. Bob, who receives the set of fingerprinted flows after they pass through… 

Figures from this paper

Fundamental Limits of Invisible Flow Fingerprinting
Network flow fingerprinting can be used to de-anonymize communications on anonymity systems such as Tor by linking the ingress and egress segments of anonymized connections by incorporating independent Poisson processes.
Fundamental Limits of Covert Bit Insertion in Packets
This paper proves that Alice can covertly insert on average $O(c(n)/\sqrt{n})$ bits in a sequence of n packets, where c(n)$ is the average number of conditional pmf of packet sizes given the history, with a support of at least size two.
Asymptotic Loss in Privacy due to Dependency in Gaussian Traces
The requirements on anonymization to thwart such statistical matching are established, which demonstrate the significant degree to which knowledge of the pairwise correlation coefficients further significantly aids the adversary in breaking user anonymity.
Fundamental Limits of Covert Packet Insertion
The fundamental limits for covert communications via packet insertion over packet channels whose packet timings are governed by a renewal process of rate are considered and it is shown that in a stream of packets transmitted by Jack, Alice can covertly insert N packets.
Matching Anonymized and Obfuscated Time Series to Users’ Profiles
It is demonstrated that as the number of users in the network grows, the obfuscation-anonymization plane can be divided into two regions: in the first region, all users have perfect privacy; and, in the second region, no user has privacy.
Privacy of Dependent Users Against Statistical Matching
It is shown that inter-user dependency is disastrous to privacy, and any non-negligible dependency between users significantly reduces the effectiveness of anonymization and obfuscation schemes.
Asymptotic Limits of Privacy in Bayesian Time Series Matching
This paper obtains the theoretical bounds on user privacy for situations in which user traces are matchable to sequences of prior behavior, despite anonymization of data time series.
Covert Wireless Communication With Artificial Noise Generation
A strategy where the friendly node closest to the adversary, without close coordination with Alice, produces artificial noise is proposed, which allows Alice to reliably and covertly send bits to Bob when other “friendly” nodes distributed according to a two-dimensional Poisson point process are present.
Consumer Life Cycle and Profiling: A Data Mining Perspective
With the development of technology and continuously increasing of the market demand, the concept to produce better merchandises is generated in the companies. Each customer wants an individual
Information-theorETic limits on information-theoretical limits on STATISTICAL MATCHing with applications to personal data collection and usage are revealed.


The Need for Flow Fingerprints to Link Correlated Network Flows
A non-blind fingerprint, Fancy, is designed and designed that can reliably fingerprint millions of network flows by tagging only as few as tens of packets from each flow, and its performance is evaluated.
TagIt: Tagging Network Flows using Blind Fingerprints
This paper introduces the first blind flow fingerprinting system called TagIt, which works by modulating fingerprint signals into the timing patterns of network flows through slightly delaying packets into secret time intervals only known to the fingerprinting parties.
SWIRL: A Scalable Watermark to Detect Correlated Network Flows
SWIRL is the first watermark that is practical to use for large-scale traffic analysis and is robust to packet losses and network jitter, yet it introduces only small delays that are invisible to both benign users and determined adversaries.
RAINBOW: A Robust And Invisible Non-Blind Watermark for Network Flows
This work proposes a new, non-blind watermarking scheme called RAINBOW that is able to use delays hundreds of times smaller than existing watermarks by eliminating the interference caused by the flow in the blind case and generates orders of magnitudes lower rates of false errors than passive traffic analysis, while using only a few hundred observed packets.
Tracking anonymous peer-to-peer VoIP calls on the internet
The analysis shows that it only takes several milliseconds time adjustment to make normal VoIP flows highly unique and the embedded watermark could be preserved across the low latency anonymizing network if appropriate redundancy is applied.
Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays
This paper proposes a novel watermark-based correlation scheme that is designed specifically to be robust against timing perturbations, and develops a robust watermark correlation framework that reveals a rather surprising result on the inherent limits of independent and identically distributed random timing perturations over sufficiently long flows.
Covert communications on renewal packet channels
The recent work introduced the information-theoretic limits for communication by covert users Alice and Bob over packet channels where the packet timings of legitimate users Jack and Steve are governed by a Poisson point process is considered.
Covert communications on Poisson packet channels
Using a construction where Alice covertly slows down the packet stream so as to buffer packets to use during a succeeding codeword transmission phase, Alice can covertly and reliably transmit O(λT) covert bits to Bob in time period T over an M/M/1 queue with service rate μ > e · λ.
Covert single-hop communication in a wireless network with distributed artificial noise generation
This paper establishes achievability results by considering constructions where the system node closest to the warden produces artificial noise and demonstrates a significant improvement in the throughput achieved covertly, without requiring close coordination between Alice and the noise-generating node.
Detecting Stepping Stones
An efficient algorithm for detecting stepping stones by monitoring a site's Internet access link is developed, based on the distinctive characteristics of interactive traffic, and not on connection contents, and hence can be used to find stepping stones even when the traffic is encrypted.