Bryan Graham scite author profile

Abstract. In this paper, we address issues related to flow correlation attacks and the corresponding countermeasures in mix networks. Mixes have been used in many anonymous communication systems and are supposed to provide countermeasures that can defeat various traffic analysis attacks. In this paper, we focus on a particular class of traffic analysis attack, flow correlation attacks, by which an adversary attempts to analyze the network traffic and correlate the traffic of a flow over an input link at a mix with that over an output link of the same mix. Two classes of correlation methods are considered, namely time-domain methods and frequency-domain methods. Based on our threat model and known strategies in existing mix networks, we perform extensive experiments to analyze the performance of mixes. We find that a mix with any known batching strategy may fail against flow correlation attacks in the sense that for a given flow over an input link, the adversary can correctly determine which output link is used by the same flow. We also investigated methods that can effectively counter the flow correlation attack and other timing attacks. The empirical results provided in this paper give an indication to designers of Mix networks about appropriate configurations and alternative mechanisms to be used to counter flow correlation attacks.

show abstract

On Flow Marking Attacks in Wireless Anonymous Communication Networks

Fu¹,

Zhu²,

Graham³

et al. 2007

j ubiq comp intell

View full text Add to dashboard Cite

show abstract

Analytical and empirical analysis of countermeasures to traffic analysis attacks

Graham

Bettati

et al. 2003

View full text Add to dashboard Cite

show abstract

On countermeasures to traffic analysis attacks

Graham

Bettati

et al.

View full text Add to dashboard Cite

Absfrucf-This paper makes three contributions. First, we propose Shannon's perfect secrecy theory as a foundation for developing countermeasures to traffic analysis attacks on information security systems. A system violating the perfect secrecy conditions can leak mission critical information. Second, we suggest statistical pattern recognition as a fundamental technology to test an information system's security. This technology can cover a large category of testing approaches because of statistical pattern recognition's maturity and abundant techniques. Third, researchers have proposed traffic padding as countermeasures to traffic analysis attacks. By applying the proposed information assurance testing framework, we find that constant rate traffic padding does not satisfy Shannon's perfect secrecy conditions because of its implementation mechanism. We design a variant rate traffic padding strategy as an alternative, which is validated by both theoretical analysis and empirical results.

show abstract

Empirical and Theoretical Evaluation of Active Probing Attacks and Their Countermeasures

Graham

Xuan

et al. 2004

View full text Add to dashboard Cite

Abstract.A variety of remote sensing attacks allow adversaries to break flow confidentiality and gather mission-critical information in distributed systems. Such attacks are easily supplemented by active probing attacks, where additional workload (e.g., ping packets) is injected into the victim system. This paper presents statistical pattern recognition as a fundamental technology to evaluate the effectiveness of active probing attacks. Our theoretical analysis and empirical results show that even if sophisticated approaches of link padding are used, sample entropy of probing packets' round trip time is an effective and robust feature statistic to discover the user payload traffic rate, which is important for maintaining anonymous communication. Extensive experiments on local network, campus network, and the Internet were carried out to validate the system security predicted by the theoretical analysis. We give some guidelines to reduce the effectiveness of such active probing attacks.

show abstract

Correlation-Based Traffic Analysis Attacks on Anonymity Networks

Zhu

Graham

et al. 2010

IEEE Trans. Parallel Distrib. Syst.

View full text Add to dashboard Cite

In this paper, we address attacks that exploit the timing behavior of TCP and other protocols and applications in low-latency anonymity networks. Mixes have been used in many anonymous communication systems and are supposed to provide countermeasures to defeat traffic analysis attacks. In this paper, we focus on a particular class of traffic analysis attacks, flowcorrelation attacks, by which an adversary attempts to analyze the network traffic and correlate the traffic of a flow over an input link with that over an output link. Two classes of correlation methods are considered, namely time-domain methods and frequency-domain methods. Based on our threat model and known strategies in existing mix networks, we perform extensive experiments to analyze the performance of mixes. We find that all but a few batching strategies fail against flow-correlation attacks, allowing the adversary to either identify ingress and egress points of a flow or to reconstruct the path used by the flow. Counterintuitively, some batching strategies are actually detrimental against attacks. The empirical results provided in this paper give an indication to designers of Mix networks about appropriate configurations and mechanisms to be used to counter flow-correlation attacks.

show abstract

Using Covert Channels to Evaluate the Effectiveness of Flow Confidentiality Measures

Graham

Zhu

et al.

View full text Add to dashboard Cite

show abstract

On Flow Marking Attacks in Wireless Anonymous Communication Networks

Zhu

Graham

et al.

View full text Add to dashboard Cite

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Bryan Graham

On Flow Correlation Attacks and Countermeasures in Mix Networks

On Flow Marking Attacks in Wireless Anonymous Communication Networks

Analytical and empirical analysis of countermeasures to traffic analysis attacks

On countermeasures to traffic analysis attacks

Empirical and Theoretical Evaluation of Active Probing Attacks and Their Countermeasures

Correlation-Based Traffic Analysis Attacks on Anonymity Networks

Using Covert Channels to Evaluate the Effectiveness of Flow Confidentiality Measures

On Flow Marking Attacks in Wireless Anonymous Communication Networks

Contact Info

Product

Resources

About