toward prevention of traffic analysis fengfeng tu 11/26/01
TRANSCRIPT
Toward Prevention of Traffic Analysis
Fengfeng TuFengfeng Tu
11/26/0111/26/01
Discussion Outline
What is traffic analysis?What is traffic analysis? What are traffic analysis attacks?What are traffic analysis attacks? How to prevent traffic analysis attacks?How to prevent traffic analysis attacks? ProblemsProblems ConclusionConclusion
Traffic Analysis
Monitor the network trafficMonitor the network traffic e.g. log files, webpage hits, etc.e.g. log files, webpage hits, etc.
http://www.http://www.openwebscopeopenwebscope.com/samples/math_.com/samples/math_yaleyale_stats.html_stats.html
Gain useful information from statistical analysisGain useful information from statistical analysis Who communicates with whom, when, how Who communicates with whom, when, how
long, where?long, where? Who is interested in what contents?Who is interested in what contents?
Traffic Analysis Attacks
An adversary is doing traffic analysisAn adversary is doing traffic analysis e.g., earlier versions of SSH protocole.g., earlier versions of SSH protocol
Communication PatternCommunication Pattern Sender-recipient matchingsSender-recipient matchings Traffic volume, traffic shapeTraffic volume, traffic shape DurationDuration
Examples of sensitive infoExamples of sensitive info Possible corporate takeoverPossible corporate takeover Importance of communicating partiesImportance of communicating parties
Anti-Traffic Analysis
AnonymizerAnonymizer AT&T CrowdsAT&T Crowds Onion RoutingOnion Routing
Pentagon hides behind onion wrapsPentagon hides behind onion wraps FreedomFreedom Most are Chaum Mix-likeMost are Chaum Mix-like
Chaum Mixes
David Chaum. “Untraceable Electronic Mail, David Chaum. “Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms”, Return Addresses, and Digital Pseudonyms”, Communication of the ACM, 1981.Communication of the ACM, 1981.
Mix nodes are intermediate Mix nodes are intermediate processors that a message goes processors that a message goes through.through.
Purpose - hide the correspondences Purpose - hide the correspondences between the incoming and outgoing between the incoming and outgoing messages.messages.
How it works?
The message will be sent through a series of mix nodes: The message will be sent through a series of mix nodes: 1, 2, …,d-1, d. The user encrypts the message with node 1, 2, …,d-1, d. The user encrypts the message with node d’s private key, then encrypts the result with (d-1)’s d’s private key, then encrypts the result with (d-1)’s private key and so on.private key and so on.
MIX 1 MIX 2
K2(R2, KY(R0, M), AY), A2
X
K1(R1, K2(R2, KY(R0, M), AY), A2), A1 KY(R0, M), AY
Y
How it works? (Cont’)
The mix nodes receive a certain number of The mix nodes receive a certain number of these messages which they decrypt, these messages which they decrypt, randomly reorder and send to the next noderandomly reorder and send to the next node
The order of outgoing messages changed, The order of outgoing messages changed, so it is nearly impossible to correlate a so it is nearly impossible to correlate a message that comes in with a message that message that comes in with a message that goes out.goes out.
A Mix Node
How it works? (Cont’)
Link-to-link encryption is not sufficient.Link-to-link encryption is not sufficient. Mix nodes are not trusted (insider attacks).Mix nodes are not trusted (insider attacks).
Why do we need random numbers?Why do we need random numbers?
MIX 1X YK1(KY(M), AY), A1 KY(M), AY
Encrypt it with K1 => K1(KY(M), AY)= ?
Characteristics
Sender/Recipient Anonymity - each mix node only Sender/Recipient Anonymity - each mix node only knows the previous and next node in a received knows the previous and next node in a received message’s route.message’s route.
Constant message lengthConstant message length Large message are chopped into short ones with Large message are chopped into short ones with
a specific constant lengtha specific constant length Padding if the message is too smallPadding if the message is too small
Each message is processed by a Mix only onceEach message is processed by a Mix only once
A Simple Example
Problems?
Brute Force AttacksBrute Force Attacks Duration of a communication can be Duration of a communication can be
observed.observed. An extreme case:An extreme case:
Dummy Traffic
All users send messages at all timesAll users send messages at all times All users start and end their communication at All users start and end their communication at
the same timethe same time Long communication is chopped into slicesLong communication is chopped into slices
If a user has nothing to send, it sends random If a user has nothing to send, it sends random numbers indistinguishable from real (encrypted) numbers indistinguishable from real (encrypted) messages.messages.
Reduce delayReduce delay
Problems
Imposing rigid structure on user Imposing rigid structure on user communicationscommunications
Dummy messages waste resourcesDummy messages waste resources Delays at the Mixes.Delays at the Mixes. Cost of nested encryptionCost of nested encryption
Routing Issues
Rerouting or Multi-path routing to improve Rerouting or Multi-path routing to improve network utilizationnetwork utilization Reduce the dummy traffic volumeReduce the dummy traffic volume
5Mbps
5Mbps 5Mbps
5Mbps
Dummy traffic
2.5Mbps
2.5Mbps 2.5Mbps
2.5Mbps
All are real traffic
Rerouting
Host-based reroutingHost-based reroutingi.i. Compute the shortest path for each flowCompute the shortest path for each flowii.ii. Select a flow randomly or according to a Select a flow randomly or according to a
sequence defined in advance.sequence defined in advance.iii.iii. Remove the traffic requirement for that flowRemove the traffic requirement for that flowiv.iv. Reroute flow to reduce an objective function Reroute flow to reduce an objective function
value, with routing paths for all other flows fixedvalue, with routing paths for all other flows fixedv.v. Go to step (ii) until all flows have been examined Go to step (ii) until all flows have been examined
at least once, but no further improvements are at least once, but no further improvements are possiblepossible
Problems
Solving a system of linear inequalitiesSolving a system of linear inequalities Linear programmingLinear programming
The computation is centralized to avoid The computation is centralized to avoid local hot spot problemlocal hot spot problem Too expensive: consider all flowsToo expensive: consider all flows Vulnerable to single-point failureVulnerable to single-point failure
Conclusion
Anonymity and Unobservability are hard to Anonymity and Unobservability are hard to achieve in Internetachieve in Internet
The situation is worse in wireless (ad hoc) The situation is worse in wireless (ad hoc) networksnetworks The media is openThe media is open Link transmission interferenceLink transmission interference Multi-path routing neededMulti-path routing needed Distributed algorithmDistributed algorithm
Literature Research David Chaum. Untraceable Electronic Mail, Return Addresses, and David Chaum. Untraceable Electronic Mail, Return Addresses, and
Digital Pseudonyms. Communication of the ACM, 1981.Digital Pseudonyms. Communication of the ACM, 1981. J. Raymond. Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems.J. Raymond. Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems. O. Berthold, et al. Project “Anonymity and Unobservability in the Internet”. CFP 2000.O. Berthold, et al. Project “Anonymity and Unobservability in the Internet”. CFP 2000. M. Reed, et al. Anonymous Connections and Onion Routing. IEEE Journal on Special M. Reed, et al. Anonymous Connections and Onion Routing. IEEE Journal on Special
Areas in Communications, May 1998Areas in Communications, May 1998 R. Newman, et al. High Level Prevention of Traffic Analysis. 7R. Newman, et al. High Level Prevention of Traffic Analysis. 7 thth Annual Computer Annual Computer
Security and Applications Conference, Dec. 1991.Security and Applications Conference, Dec. 1991. S. Jiang, et al. Routing in Packet Radio Networks to Prevent Traffic Analysis. Proc. of S. Jiang, et al. Routing in Packet Radio Networks to Prevent Traffic Analysis. Proc. of
IEEE Information Assurance and Security Workshop, West Point, NY, June 2000.IEEE Information Assurance and Security Workshop, West Point, NY, June 2000. http://netcamo.cs.tamu.edu/http://netcamo.cs.tamu.edu/