# Towards provably invisible network flow fingerprints

@article{Soltani2017TowardsPI,
title={Towards provably invisible network flow fingerprints},
author={Ramin Soltani and Dennis L. Goeckel and Donald F. Towsley and Amir Houmansadr},
journal={2017 51st Asilomar Conference on Signals, Systems, and Computers},
year={2017},
pages={258-262}
}
• Published 28 November 2017
• Computer Science
• 2017 51st Asilomar Conference on Signals, Systems, and Computers
Network traffic analysis reveals important information even when messages are encrypted. We consider active traffic analysis via flow fingerprinting by invisibly embedding information into packet timings of flows. In particular, assume Alice wishes to embed fingerprints into flows of a set of network input links, whose packet timings are modeled by Poisson processes, without being detected by a watchful adversary Willie. Bob, who receives the set of fingerprinted flows after they pass through…

## Figures from this paper

Fundamental Limits of Invisible Flow Fingerprinting
• Computer Science
IEEE Transactions on Information Forensics and Security
• 2020
Network flow fingerprinting can be used to de-anonymize communications on anonymity systems such as Tor by linking the ingress and egress segments of anonymized connections by incorporating independent Poisson processes.
Fundamental Limits of Covert Bit Insertion in Packets
• Computer Science
2018 56th Annual Allerton Conference on Communication, Control, and Computing (Allerton)
• 2018
This paper proves that Alice can covertly insert on average $O(c(n)/\sqrt{n})$ bits in a sequence of n packets, where c(n)\$ is the average number of conditional pmf of packet sizes given the history, with a support of at least size two.
Asymptotic Loss in Privacy due to Dependency in Gaussian Traces
• Computer Science
2019 IEEE Wireless Communications and Networking Conference (WCNC)
• 2019
The requirements on anonymization to thwart such statistical matching are established, which demonstrate the significant degree to which knowledge of the pairwise correlation coefficients further significantly aids the adversary in breaking user anonymity.
Fundamental Limits of Covert Packet Insertion
• Computer Science
IEEE Transactions on Communications
• 2020
The fundamental limits for covert communications via packet insertion over packet channels whose packet timings are governed by a renewal process of rate are considered and it is shown that in a stream of packets transmitted by Jack, Alice can covertly insert N packets.
Matching Anonymized and Obfuscated Time Series to Users’ Profiles
• Computer Science, Mathematics
IEEE Transactions on Information Theory
• 2019
It is demonstrated that as the number of users in the network grows, the obfuscation-anonymization plane can be divided into two regions: in the first region, all users have perfect privacy; and, in the second region, no user has privacy.
Privacy of Dependent Users Against Statistical Matching
• Computer Science
IEEE Transactions on Information Theory
• 2020
It is shown that inter-user dependency is disastrous to privacy, and any non-negligible dependency between users significantly reduces the effectiveness of anonymization and obfuscation schemes.
Asymptotic Limits of Privacy in Bayesian Time Series Matching
• Computer Science, Mathematics
2019 53rd Annual Conference on Information Sciences and Systems (CISS)
• 2019
This paper obtains the theoretical bounds on user privacy for situations in which user traces are matchable to sequences of prior behavior, despite anonymization of data time series.
Covert Wireless Communication With Artificial Noise Generation
• Computer Science
IEEE Transactions on Wireless Communications
• 2018
A strategy where the friendly node closest to the adversary, without close coordination with Alice, produces artificial noise is proposed, which allows Alice to reliably and covertly send bits to Bob when other “friendly” nodes distributed according to a two-dimensional Poisson point process are present.
Consumer Life Cycle and Profiling: A Data Mining Perspective
With the development of technology and continuously increasing of the market demand, the concept to produce better merchandises is generated in the companies. Each customer wants an individual
INFORMATION-THEORETIC LIMITS ON STATISTICAL MATCHING WITH APPLICATIONS TO PRIVACY
Information-theorETic limits on information-theoretical limits on STATISTICAL MATCHing with applications to personal data collection and usage are revealed.

## References

SHOWING 1-10 OF 21 REFERENCES
The Need for Flow Fingerprints to Link Correlated Network Flows
• Computer Science
Privacy Enhancing Technologies
• 2013
A non-blind fingerprint, Fancy, is designed and designed that can reliably fingerprint millions of network flows by tagging only as few as tens of packets from each flow, and its performance is evaluated.
TagIt: Tagging Network Flows using Blind Fingerprints
• Computer Science
Proc. Priv. Enhancing Technol.
• 2017
This paper introduces the first blind flow fingerprinting system called TagIt, which works by modulating fingerprint signals into the timing patterns of network flows through slightly delaying packets into secret time intervals only known to the fingerprinting parties.
SWIRL: A Scalable Watermark to Detect Correlated Network Flows
• Computer Science
NDSS
• 2011
SWIRL is the first watermark that is practical to use for large-scale traffic analysis and is robust to packet losses and network jitter, yet it introduces only small delays that are invisible to both benign users and determined adversaries.
RAINBOW: A Robust And Invisible Non-Blind Watermark for Network Flows
• Computer Science
NDSS
• 2009
This work proposes a new, non-blind watermarking scheme called RAINBOW that is able to use delays hundreds of times smaller than existing watermarks by eliminating the interference caused by the flow in the blind case and generates orders of magnitudes lower rates of false errors than passive traffic analysis, while using only a few hundred observed packets.
Tracking anonymous peer-to-peer VoIP calls on the internet
• Computer Science
CCS '05
• 2005
The analysis shows that it only takes several milliseconds time adjustment to make normal VoIP flows highly unique and the embedded watermark could be preserved across the low latency anonymizing network if appropriate redundancy is applied.
Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays
• Computer Science
CCS '03
• 2003
This paper proposes a novel watermark-based correlation scheme that is designed specifically to be robust against timing perturbations, and develops a robust watermark correlation framework that reveals a rather surprising result on the inherent limits of independent and identically distributed random timing perturations over sufficiently long flows.
Covert communications on renewal packet channels
• Computer Science
2016 54th Annual Allerton Conference on Communication, Control, and Computing (Allerton)
• 2016
The recent work introduced the information-theoretic limits for communication by covert users Alice and Bob over packet channels where the packet timings of legitimate users Jack and Steve are governed by a Poisson point process is considered.
Covert communications on Poisson packet channels
• Computer Science
2015 53rd Annual Allerton Conference on Communication, Control, and Computing (Allerton)
• 2015
Using a construction where Alice covertly slows down the packet stream so as to buffer packets to use during a succeeding codeword transmission phase, Alice can covertly and reliably transmit O(λT) covert bits to Bob in time period T over an M/M/1 queue with service rate μ > e · λ.
Covert single-hop communication in a wireless network with distributed artificial noise generation
• Computer Science
2014 52nd Annual Allerton Conference on Communication, Control, and Computing (Allerton)
• 2014
This paper establishes achievability results by considering constructions where the system node closest to the warden produces artificial noise and demonstrates a significant improvement in the throughput achieved covertly, without requiring close coordination between Alice and the noise-generating node.
Detecting Stepping Stones
• Computer Science
USENIX Security Symposium
• 2000
An efficient algorithm for detecting stepping stones by monitoring a site's Internet access link is developed, based on the distinctive characteristics of interactive traffic, and not on connection contents, and hence can be used to find stepping stones even when the traffic is encrypted.