Law enforcement agencies need the ability to conduct electronic surveillance to combat crime, terrorism, or other malicious activities exploiting the Internet. However, the proliferation of anonymous communication systems on the Internet has posed significant challenges to providing such traceback capability. In this paper, we develop a new class of flow marking technique for invisible traceback based on Direct Sequence Spread Spectrum (DSSS), utilizing a Pseudo-Noise (PN) code. By interfering with a sender's traffic and marginally varying its rate, an investigator can embed a secret spread spectrum signal into the sender's traffic. The embedded signal is carried along with the traffic from the sender to the receiver, so the investigator can recognize the corresponding communication relationship, tracing the messages despite the use of anonymous networks. The secret PN code makes it difficult for others to detect the presence of such embedded signals, so the traceback, while available to investigators is, effectively invisible. We demonstrate a practical flow marking system which requires no training, and can achieve both high detection and low false positive rates. Using a combination of analytical modeling, simulations, and experiments on Tor (a popular Internet anonymous communication system), we demonstrate the effectiveness of the DSSS-based flow mark- *
Searchable symmetric encryption (SSE) has been widely applied in the encrypted database for queries in practice. Although SSE is powerful and feature-rich, it is always plagued by information leaks. Some recent attacks point out that forward privacy which disallows leakage from update operations, now becomes a basic requirement for any newly designed SSE schemes. However, the subsequent search operations can still leak a significant amount of information. To further strengthen security, we extend the definition of forward privacy and propose the notion of "forward search privacy". Intuitively, it requires search operations over newly added documents do not leak any information about past queries. The enhanced security notion poses new challenges to the design of SSE. We address the challenges by developing the hidden pointer technique (HPT) and propose a new SSE scheme called Khons, which satisfies our security notion (with the original forward privacy notion) and is also efficient. We implemented Khons and our experiment results on large dataset (wikipedia) show that it is more efficient than existing SSE schemes with forward privacy.
Radiation greatly exceeding blackbody between two objects separated by microscale distances has attracted great interest. However, challenges in reaching such a small separation between two plates have so far prevented studies below a separation distance of about 25 nm. Here, we report a study of radiation enhancement in the near-field regime of less than 10 nm between two parallel plates. We make use of bulk, rigid plates to approach small separation distances without the adverse snap-in effect, develop embedded temperature sensors to allow near-zero separation, and employ advanced sensing method to level the plates and approach and maintain small separations. Our findings agree with theoretical predictions between parallel surfaces with separations down to 7 nm where an 18000 times enhancement in radiation between two quartz plates is observed. Our method can also be used to explore heat transfer between other materials and can possibly be extended to smaller separation gaps.
Abstract-Tor is a real-world, circuit-based low-latency anonymous communication network, supporting TCP applications on the Internet. In this paper, we present a new class of attack, the replay attack, against Tor. Compared with other existing attacks, the replay attack can confirm communication relationships quickly and accurately and poses a serious threat against Tor. In this attack, a malicious entry onion router duplicates cells of a stream from a sender. The original cell and duplicate cell traverse middle onion routers and arrive at an exit onion router along a circuit. Since Tor uses the counter mode AES (AES-CTR) for encryption of cells, the duplicate cell disrupts the normal counter at middle and exit onion routers and the decryption at the exit onion router incurs cell recognition errors. If an accomplice of the attacker at the entry onion router controls the exit onion router and detects such decryption errors, the communication relationship between the sender and receiver will be discovered. The replay attack can also be used as a denial of service attack. We implement the replay attack on Tor and our experiments validate the feasibility and effectiveness of the attack. We also present guidelines to defending against the replay attack.
Tor is a popular low-latency anonymous communication system. It is, however, currently abused in various ways. Tor exit routers are frequently troubled by administrative and legal complaints. To gain an insight into such abuse, we designed and implemented a novel system, TorWard, for the discovery and systematic study of malicious traffic over Tor. The system can avoid legal and administrative complaints and allows the investigation to be performed in a sensitive environment such as a university campus. An IDS (Intrusion Detection System) is used to discover and classify malicious traffic. We performed comprehensive analysis and extensive real-world experiments to validate the feasibility and effectiveness of TorWard. Our results show that around 10% Tor traffic can trigger IDS alerts. Malicious traffic includes P2P traffic, malware traffic (e.g., botnet traffic), DoS (Denial-of-Service) attack traffic, spam, and others. Around 200 known malware have been identified. To mitigate the abuse of Tor, we implemented a defense system, which processes IDS alerts, tears down and blocks suspect connections. To facilitate forensic traceback of malicious traffic, we implemented a dualtone multi-frequency signaling based approach to correlate botnet traffic at Tor entry routers and that at exit routers. We carried out theoretical analysis and extensive real-world experiments to validate the feasibility and effectiveness of TorWard for discovery, blocking, and traceback of malicious traffic.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.