Towards provably invisible network flow fingerprints

@article{Soltani2017TowardsPI,
  title={Towards provably invisible network flow fingerprints},
  author={Ramin Soltani and Dennis L. Goeckel and Donald F. Towsley and Amir Houmansadr},
  journal={2017 51st Asilomar Conference on Signals, Systems, and Computers},
  year={2017},
  pages={258-262}
}
Network traffic analysis reveals important information even when messages are encrypted. We consider active traffic analysis via flow fingerprinting by invisibly embedding information into packet timings of flows. In particular, assume Alice wishes to embed fingerprints into flows of a set of network input links, whose packet timings are modeled by Poisson processes, without being detected by a watchful adversary Willie. Bob, who receives the set of fingerprinted flows after they pass through… 

Figures from this paper

Fundamental Limits of Invisible Flow Fingerprinting
TLDR
Network flow fingerprinting can be used to de-anonymize communications on anonymity systems such as Tor by linking the ingress and egress segments of anonymized connections by incorporating independent Poisson processes.
Fundamental Limits of Covert Bit Insertion in Packets
TLDR
This paper proves that Alice can covertly insert on average $O(c(n)/\sqrt{n})$ bits in a sequence of n packets, where c(n)$ is the average number of conditional pmf of packet sizes given the history, with a support of at least size two.
Asymptotic Loss in Privacy due to Dependency in Gaussian Traces
TLDR
The requirements on anonymization to thwart such statistical matching are established, which demonstrate the significant degree to which knowledge of the pairwise correlation coefficients further significantly aids the adversary in breaking user anonymity.
Fundamental Limits of Covert Packet Insertion
TLDR
The fundamental limits for covert communications via packet insertion over packet channels whose packet timings are governed by a renewal process of rate are considered and it is shown that in a stream of packets transmitted by Jack, Alice can covertly insert N packets.
Matching Anonymized and Obfuscated Time Series to Users’ Profiles
TLDR
It is demonstrated that as the number of users in the network grows, the obfuscation-anonymization plane can be divided into two regions: in the first region, all users have perfect privacy; and, in the second region, no user has privacy.
Privacy of Dependent Users Against Statistical Matching
TLDR
It is shown that inter-user dependency is disastrous to privacy, and any non-negligible dependency between users significantly reduces the effectiveness of anonymization and obfuscation schemes.
Asymptotic Limits of Privacy in Bayesian Time Series Matching
TLDR
This paper obtains the theoretical bounds on user privacy for situations in which user traces are matchable to sequences of prior behavior, despite anonymization of data time series.
Covert Wireless Communication With Artificial Noise Generation
TLDR
A strategy where the friendly node closest to the adversary, without close coordination with Alice, produces artificial noise is proposed, which allows Alice to reliably and covertly send bits to Bob when other “friendly” nodes distributed according to a two-dimensional Poisson point process are present.
Consumer Life Cycle and Profiling: A Data Mining Perspective
With the development of technology and continuously increasing of the market demand, the concept to produce better merchandises is generated in the companies. Each customer wants an individual
INFORMATION-THEORETIC LIMITS ON STATISTICAL MATCHING WITH APPLICATIONS TO PRIVACY
TLDR
Information-theorETic limits on information-theoretical limits on STATISTICAL MATCHing with applications to personal data collection and usage are revealed.

References

SHOWING 1-10 OF 21 REFERENCES
The Need for Flow Fingerprints to Link Correlated Network Flows
TLDR
A non-blind fingerprint, Fancy, is designed and designed that can reliably fingerprint millions of network flows by tagging only as few as tens of packets from each flow, and its performance is evaluated.
TagIt: Tagging Network Flows using Blind Fingerprints
TLDR
This paper introduces the first blind flow fingerprinting system called TagIt, which works by modulating fingerprint signals into the timing patterns of network flows through slightly delaying packets into secret time intervals only known to the fingerprinting parties.
SWIRL: A Scalable Watermark to Detect Correlated Network Flows
TLDR
SWIRL is the first watermark that is practical to use for large-scale traffic analysis and is robust to packet losses and network jitter, yet it introduces only small delays that are invisible to both benign users and determined adversaries.
RAINBOW: A Robust And Invisible Non-Blind Watermark for Network Flows
TLDR
This work proposes a new, non-blind watermarking scheme called RAINBOW that is able to use delays hundreds of times smaller than existing watermarks by eliminating the interference caused by the flow in the blind case and generates orders of magnitudes lower rates of false errors than passive traffic analysis, while using only a few hundred observed packets.
Tracking anonymous peer-to-peer VoIP calls on the internet
TLDR
The analysis shows that it only takes several milliseconds time adjustment to make normal VoIP flows highly unique and the embedded watermark could be preserved across the low latency anonymizing network if appropriate redundancy is applied.
Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays
TLDR
This paper proposes a novel watermark-based correlation scheme that is designed specifically to be robust against timing perturbations, and develops a robust watermark correlation framework that reveals a rather surprising result on the inherent limits of independent and identically distributed random timing perturations over sufficiently long flows.
Covert communications on renewal packet channels
TLDR
The recent work introduced the information-theoretic limits for communication by covert users Alice and Bob over packet channels where the packet timings of legitimate users Jack and Steve are governed by a Poisson point process is considered.
Covert communications on Poisson packet channels
TLDR
Using a construction where Alice covertly slows down the packet stream so as to buffer packets to use during a succeeding codeword transmission phase, Alice can covertly and reliably transmit O(λT) covert bits to Bob in time period T over an M/M/1 queue with service rate μ > e · λ.
Covert single-hop communication in a wireless network with distributed artificial noise generation
TLDR
This paper establishes achievability results by considering constructions where the system node closest to the warden produces artificial noise and demonstrates a significant improvement in the throughput achieved covertly, without requiring close coordination between Alice and the noise-generating node.
Detecting Stepping Stones
TLDR
An efficient algorithm for detecting stepping stones by monitoring a site's Internet access link is developed, based on the distinctive characteristics of interactive traffic, and not on connection contents, and hence can be used to find stepping stones even when the traffic is encrypted.
...
1
2
3
...