peek a boo i still see you why efficient traffic analysis
play

Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis - PowerPoint PPT Presentation

Aug 17, 2022 •119 likes •576 views

Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State University Joint work with: Scott Coull , RedJack LLC Thomas Ristenpart , University of Wisconsin-Madison Thomas Shrimpton , Portland

  1. Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State University Joint work with: Scott Coull , RedJack LLC Thomas Ristenpart , University of Wisconsin-Madison Thomas Shrimpton , Portland State University 1 Wednesday, May 23, 12

  2. Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail... ...to prevent website fingerprinting. 2 Wednesday, May 23, 12

  3. The client makes a single request for a webpage over an encrypted link. Client Proxy Attacker’s goal is to identify the webpage requested. - only proxy’s IP address revealed Security Intuition: - encryption hides everything else 3 Wednesday, May 23, 12

  4. [Sun et al. ’02] [Lu et al. ’10] But [Bissias et al. ‘05] show otherwise [Chen et al. ’10] [Liberatore and Levine ’06] [Luo et al. ’11] [Herrmann et al. ’09] [Panchenko et al. ’11] [Wright et al. ’09] Client Proxy Attacker learns: • packet timings } • packet lengths • packet directions Enables traffic analysis attacks . 4 Wednesday, May 23, 12

  5. [Liberatore and Levine ’06] Attack Scenario SSH protected link Client Proxy 1. Attacker knows what 2. Attacker knows the finite client software is used. universe of webpages. 3. Attacker has labeled training data. 5 Adversary knows the universe of sites. Wednesday, May 23, 12

  6. [Liberatore and Levine ’06] Attack SSH protected link Client Proxy k=1000 webpages naive Bayes Classifier: (packet direction, packet length) counts Attacker can identify randomly chosen Packet lengths are a webpage with 68% accuracy! damaging side-channel 6 Wednesday, May 23, 12

  7. Countermeasure Client Proxy Example countermeasures: • Pad to MTU • Pad to random-length • “Mice-elephants” padding • Traffic Morphing [Wright et al. ’09] • SSL RFC-compliant padding [SSL 3.0 RFC ’99] • ... 7 Wednesday, May 23, 12

  8. Countermeasure Client Proxy Example countermeasures: • Pad to MTU • Pad to random-length Do these countermeasures • “Mice-elephants” padding prevent TA attacks? • Traffic Morphing [Wright et al. ’09] • SSL RFC-compliant padding [SSL 3.0 RFC ’99] • ... 8 Wednesday, May 23, 12

  9. Prior work does not provide a clear answer No Countermeasure Pad to MTU 68% [LL] 8% [LL] k=1000 # of webpages k=2 9 Wednesday, May 23, 12

  10. Prior work does not provide a clear answer No Countermeasure Pad to MTU 68% [LL] 8% [LL] k=1000 # of webpages k=2 98% [W] 86% [W] 10 Wednesday, May 23, 12

  11. Prior work does not provide a clear answer No Countermeasure Pad to MTU 68% [LL] 8% [LL] k=1000 98% [H] k=775 # of webpages k=2 98% [W] 86% [W] 11 Wednesday, May 23, 12

  12. Prior work does not provide a clear answer No Countermeasure Pad to MTU 68% [LL] 8% [LL] k=1000 What about 98% [H] k=775 other values of k ? # of webpages k=2 98% [W] 86% [W] 12 Wednesday, May 23, 12

  13. Prior work does not provide a clear answer No Countermeasure Pad to MTU 68% [LL] 8% [LL] k=1000 What about 98% [H] k=775 other values of k ? # of webpages Does the data set used impact efficacy? k=2 98% [W] 86% [W] 13 Wednesday, May 23, 12

  14. Prior work does not provide a clear answer No Countermeasure Pad to MTU 68% [LL] 8% [LL] k=1000 What about 98% [H] k=775 What about other other values classification of k ? # of strategies? webpages Does the data set used impact efficacy? k=2 98% [W] 86% [W] 14 Wednesday, May 23, 12

  15. Prior work does not provide a clear answer What about other No Countermeasure Pad to MTU countermeasures? 68% [LL] 8% [LL] k=1000 What about 98% [H] k=775 What about other other values classification of k ? # of strategies? webpages Does the data set used impact efficacy? k=2 98% [W] 86% [W] 15 Wednesday, May 23, 12

  16. Our work 1. Comprehensive evaluation of traffic analysis countermeasures. No countermeasure works in the LL setting. 2. In-depth analysis of traffic features Coarse features (e.g., time, bandwidth) enable high-accuracy attacks despite countermeasures 16 Wednesday, May 23, 12

  17. Our work 1. Comprehensive evaluation of traffic analysis countermeasures. No countermeasure works in the LL setting. 2. In-depth analysis of traffic features Coarse features (e.g., time, bandwidth) enable high-accuracy attacks despite countermeasures Pessimistic conclusion: efficient countermeasures can’t hide “coarse” features. 17 Wednesday, May 23, 12

  18. Our Comprehensive Analysis 5 padding schemes 9 countermeasures 2 TLS/SSH “inspired” padding schemes 2 versions of traffic morphing [Liberatore and Levine] naive Bayes, Jaccard [Wright et al.] naive Bayes 6 classifiers [Lu et al.] edit distance [Herrmann et al.] multinomial naive-Bayes [Panchenko et al.] support vector machine 10 “universe” sizes k=2,4,8,16,32,64,128,256,512,775 Liberatore and Levine (2000 websites) 2 data sets Herrmann et al. (775 websites) 18 Wednesday, May 23, 12

  19. The countermeasures • Session Random 255 • Packet Random 255 • Linear Padding • Exponential Padding • Mice-Elephants Padding • Pad to MTU • Packet Random MTU • Traffic Morphing • Direct Target Sampling 19 Wednesday, May 23, 12

  20. The countermeasures • Session Random 255 • Packet Random 255 • Linear Padding Every packet on the wire is padded to a • Exponential Padding fixed length. • Mice-Elephants Padding • Pad to MTU • Packet Random MTU • Traffic Morphing • Direct Target Sampling 20 Wednesday, May 23, 12

  21. The countermeasures • Session Random 255 • Packet Random 255 • Linear Padding Every packet on the wire is padded to a • Exponential Padding fixed length. • Mice-Elephants Padding • Pad to MTU [Wright et al. ’09] - Pads packets • Packet Random MTU - Chops packets • Traffic Morphing - Sends dummy packets • Direct Target Sampling - Mimics packet-length distributions 21 Wednesday, May 23, 12

  22. Some representative results Classifier accuracy at k =512 None Pad to MTU Traffic Morphing Herrmann et al. 99% 2% 3% Liberatore and Levine 97% 41% 17% Panchenko et al. 96% 82% 81% 22 Wednesday, May 23, 12

  23. Some representative results Classifier accuracy at k =512 None Pad to MTU Traffic Morphing Herrmann et al. 99% 2% 3% Liberatore and Levine 97% 41% 17% Panchenko et al. 96% 82% 81% Best performer with no countermeasure applied. 23 Wednesday, May 23, 12

  24. Some representative results Classifier accuracy at k =512 None Pad to MTU Traffic Morphing Herrmann et al. 99% 2% 3% 41% 17% Liberatore and Levine 97% Panchenko et al. 96% 82% 81% Best performer with no Best performer with countermeasure applied. countermeasures applied. 24 Wednesday, May 23, 12

  25. Under the hood of the [Panchenko ’11] classifier Pad to MTU 82% at k=512 Traffic Morphing 81% at k=512 25 Wednesday, May 23, 12

  26. Under the hood of the [Panchenko ’11] classifier Support vector machine Features used: Packet lengths upstream WHY? Packet lengths downstream Burst bandwidth upstream Burst bandwidth downstream HTML marker downstream Number markers upstream Number markers downstream Total bytes transmitted upstream Total bytes transmitted downstream Percentage of downstream packets Total number of packets upstream Pad to MTU 82% at k=512 Total number of packets downstream Occurring packet lengths downstream Traffic Morphing 81% at k=512 Occurring packet lengths upstream 26 Wednesday, May 23, 12

  27. Under the hood of the [Panchenko ’11] classifier X Support vector machine Features used: Packet lengths upstream WHY? Packet lengths downstream Burst bandwidth upstream Burst bandwidth downstream ? HTML marker downstream Number markers upstream Number markers downstream Total bytes transmitted upstream Total bytes transmitted downstream Percentage of downstream packets Total number of packets upstream Pad to MTU 82% at k=512 Total number of packets downstream Occurring packet lengths downstream Traffic Morphing 81% at k=512 Occurring packet lengths upstream 27 Wednesday, May 23, 12

  28. Under the hood of the [Panchenko ’11] classifier X Support vector machine Features used: Packet lengths upstream WHY? Packet lengths downstream Burst bandwidth upstream Burst bandwidth downstream ? HTML marker downstream Number markers upstream Number markers downstream Total bytes transmitted upstream Total bytes transmitted downstream Percentage of downstream packets Total number of packets upstream Pad to MTU 82% at k=512 Total number of packets downstream Occurring packet lengths downstream Traffic Morphing 81% at k=512 Occurring packet lengths upstream 28 Wednesday, May 23, 12

  29. Digging deeper: Understanding the features 1. Identify “coarse” feature. Time Bandwidth Burst Bandwidth 2. Implement a feature-specific classifier. 3. Run classifier against all countermeasures. 29 Wednesday, May 23, 12

  30. “Coarse” Traffic Features with Pad to MTU None Pad to MTU None Pad to MTU time 2.8s 2.8s time 5.2s 5.2s bandwidth bandwidth 277KB 347KB 1794KB 2560KB bursts 13 13 bursts 107 107 30 Wednesday, May 23, 12

  31. Feature: Time Elapsed Useful for small values of k “Pad to MTU” 5% at k=512 31 Wednesday, May 23, 12

  32. Feature: Bandwidth More robust to large values k than the time classifier Still a “coarse” measurement “Pad to MTU” 42% at k=512 32 Wednesday, May 23, 12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis

using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis

Website Fingerprinting using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis Wiki says What is Traffic Analysis Wiki says Process of intercepting and examining messages in order to deduce

1.15k views • 41 slides
Energy Efficient GO-PEEK Hybrid Membrane Process for Post-combustion CO 2 Capture DOE Contract No.

Energy Efficient GO-PEEK Hybrid Membrane Process for Post-combustion CO 2 Capture DOE Contract No.

Energy Efficient GO-PEEK Hybrid Membrane Process for Post-combustion CO 2 Capture DOE Contract No. DE-FE0026383 Shiguang Li, Travis Pyrzynski, James S. Zhou, Howard Meyer, Gas Technology Institute (GTI) Miao Yu, University of South Carolina (USC)

610 views • 32 slides
Interactive traffic analysis and Interactive traffic analysis and visualization with Wisconsin

Interactive traffic analysis and Interactive traffic analysis and visualization with Wisconsin

Interactive traffic analysis and Interactive traffic analysis and visualization with Wisconsin Netpy visualization with Wisconsin Netpy Cristian Estan, Garret Magin University of Wisconsin-Madison USENIX LISA, 19 December 2005 Traffic

345 views • 18 slides
Mt. San Jacinto College Student Health Center Kay Peek, DBA, RN, MSHCM, PHN C. Grant Peek, MD,

Mt. San Jacinto College Student Health Center Kay Peek, DBA, RN, MSHCM, PHN C. Grant Peek, MD,

Mt. San Jacinto College Student Health Center Kay Peek, DBA, RN, MSHCM, PHN C. Grant Peek, MD, ABEM, CAEP The Chancellors office and the Ed. Code have provided extensive guidance in reference to Student Health Services for California

293 views • 13 slides
1 THE ANALYSIS OF TRAFFIC SAFETY THE ANALYSIS OF TRAFFIC SAFETY 3. Classification of stop

1 THE ANALYSIS OF TRAFFIC SAFETY THE ANALYSIS OF TRAFFIC SAFETY 3. Classification of stop

AGENDA AGENDA 1. The role and significance of public transport and tram transport in urban areas 2. Goal and stages of the study 1 THE ANALYSIS OF TRAFFIC SAFETY THE ANALYSIS OF TRAFFIC SAFETY 3. Classification of stop stations at tram stops

169 views • 4 slides
Traffic Classifier Real Time Classification and Analysis of T1/E1 Traffic 818 West Diamond Avenue

Traffic Classifier Real Time Classification and Analysis of T1/E1 Traffic 818 West Diamond Avenue

Traffic Classifier Real Time Classification and Analysis of T1/E1 Traffic 818 West Diamond Avenue - Third Floor, Gaithersburg, MD 20878 Phone: (301) 670-4784 Fax: (301) 670-9187 Email: info@gl.com Website: http://www.gl.com 1 1 Traffic

228 views • 11 slides
ICmyNet.Flow: NetFlow based traffic investigation analysis traffic investigation, analysis, and

ICmyNet.Flow: NetFlow based traffic investigation analysis traffic investigation, analysis, and

ICmyNet.Flow: NetFlow based traffic investigation analysis traffic investigation, analysis, and reporting Slavko Gajin slavko.gajin@ rcub.bg.ac.rs AMRES Academic Network of Serbia RCUB - Belgrade University Computer Center ETF

641 views • 46 slides
Network Traffic Characterization Srinidhi Varadarajan Traffic Analysis: Introduction

Network Traffic Characterization Srinidhi Varadarajan Traffic Analysis: Introduction

Network Traffic Characterization Srinidhi Varadarajan Traffic Analysis: Introduction Youve just invented the greatest protocol does everything including tying your shoelaces. What now? Need to know how it performs. Is it

510 views • 13 slides
High Speed Traffic Analysis for High-Speed Traffic Analysis for Security: Challenges &

High Speed Traffic Analysis for High-Speed Traffic Analysis for Security: Challenges &

High Speed Traffic Analysis for High-Speed Traffic Analysis for Security: Challenges & Approaches Security: Challenges & Approaches C-DAC Asia-Pacific Advanced Network 32 nd Meeting, India Habitat Centre, New Delhi APAN 32nd Meeting,

647 views • 28 slides
Traffic Analysis The Most Powerful and Least Understood Attack Methods Raven Alder, Riccardo

Traffic Analysis The Most Powerful and Least Understood Attack Methods Raven Alder, Riccardo

Traffic Analysis The Most Powerful and Least Understood Attack Methods Raven Alder, Riccardo Bettati, Jon Callas, Nick Matthewson 1 What is Traffic Analysis? Signals intelligence that ignores content Information for analysis is the

355 views • 14 slides
my.SWISSTRAFFIC Automated Traffic Collection & Analysis FULLY AUTOMATED TRAFFIC DATA

my.SWISSTRAFFIC Automated Traffic Collection & Analysis FULLY AUTOMATED TRAFFIC DATA

my.SWISSTRAFFIC Automated Traffic Collection & Analysis FULLY AUTOMATED TRAFFIC DATA COLLECTION AND ANALYTICS There is a high demand for reliable Traffic Data but Static data single-purpose data Invasive costly deployment &

404 views • 18 slides
ANALYSIS ETI2506 Sunday, 23 October 2016 1 WHERE ARE WE IN THE CURRICULUM? 2 GOAL OF TRAFFIC

ANALYSIS ETI2506 Sunday, 23 October 2016 1 WHERE ARE WE IN THE CURRICULUM? 2 GOAL OF TRAFFIC

IN INTRODUCTION TO TRAFFIC ANALYSIS ETI2506 Sunday, 23 October 2016 1 WHERE ARE WE IN THE CURRICULUM? 2 GOAL OF TRAFFIC ANALYSIS 1. Except for user terminals, the telephone network is composed of a variety of common 45 Trunks equipment

385 views • 17 slides
Internet Traffic: Analysis, Modeling with real-world aspects Pierre B ORGNAT CNRS ENS Lyon,

Internet Traffic: Analysis, Modeling with real-world aspects Pierre B ORGNAT CNRS ENS Lyon,

Traffic Measurement Analysis & Robust Methods Modeling Anomaly Detection Traffic Classification Conclusion + Internet Traffic: Analysis, Modeling with real-world aspects Pierre B ORGNAT CNRS ENS Lyon, Laboratoire de Physique (UMR

716 views • 60 slides
Road traffic safety analysis at U-turns on Thai highways using Traffic Conflict Technique at

Road traffic safety analysis at U-turns on Thai highways using Traffic Conflict Technique at

A presentation on Road traffic safety analysis at U-turns on Thai highways using Traffic Conflict Technique at ICTCT workshop 2014 Karlsruhe, Germany 16 th Oct 2014 Presented by: Inder Pal MEEL ipmeel@gmail.com 2014-10-16 Contents

417 views • 29 slides
Towards Efficient Cellular Traffic Offloading via Dynamic MPTCP Path Configuration with SDN Qi

Towards Efficient Cellular Traffic Offloading via Dynamic MPTCP Path Configuration with SDN Qi

Towards Efficient Cellular Traffic Offloading via Dynamic MPTCP Path Configuration with SDN Qi Qi Zhao Zhao , Muhao Chen, Pengyuan Du, Tuan Le and Mario Gerla Department of Computer Science, UCLA 2/19/2019 @ ICNC 2019 Outline Introduction

483 views • 22 slides
Space-Code Bloom Filter for Efficient Traffic Flow Measurement Abhishek Kumar, Jun (Jim) Xu

Space-Code Bloom Filter for Efficient Traffic Flow Measurement Abhishek Kumar, Jun (Jim) Xu

Space-Code Bloom Filter for Efficient Traffic Flow Measurement Abhishek Kumar, Jun (Jim) Xu Networking and Telecommunications Group College of Computing Georgia Institute of Technology {akumar,jx}@cc.gatech.edu Li (Erran) Li Bell Laboratories

281 views • 15 slides
Perfect Secrecy Chester Rebeiro IIT Madras CR STINSON : chapter 2 Encryption K K untrusted

Perfect Secrecy Chester Rebeiro IIT Madras CR STINSON : chapter 2 Encryption K K untrusted

Perfect Secrecy Chester Rebeiro IIT Madras CR STINSON : chapter 2 Encryption K K untrusted communication link Alice Bob E D #%AR3Xf34^$ Attack at Dawn!! decryption encryption (ciphertext) Plaintext Plaintext Attack at

831 views • 50 slides
Perfect Secrecy A cryptosystem is unconditionally secure if it cannot be broken, even with

Perfect Secrecy A cryptosystem is unconditionally secure if it cannot be broken, even with

Perfect Secrecy A cryptosystem is unconditionally secure if it cannot be broken, even with infinite computational resources. (There are other (weaker) types of security; well talk about those later.) A cryptosystem is unconditionally secure

642 views • 4 slides
High complexity GStreamer pipelines Buzztard / Audio / Gstreamer Stefan Sauer

High complexity GStreamer pipelines Buzztard / Audio / Gstreamer Stefan Sauer

High complexity GStreamer pipelines Buzztard / Audio / Gstreamer Stefan Sauer <ensonic@hora-obscura.de>, 24.10.2011 What is buzztard? What is buzztard? ? NO NO We're getting We're getting there there Short history Short history

1.07k views • 38 slides
Cryptography Autumn 2018 Tadayoshi (Yoshi) Kohno yoshi@cs.Washington.edu Thanks to Dan Boneh,

Cryptography Autumn 2018 Tadayoshi (Yoshi) Kohno yoshi@cs.Washington.edu Thanks to Dan Boneh,

CSE 484 / CSE M 584: Computer Security and Privacy Cryptography Autumn 2018 Tadayoshi (Yoshi) Kohno yoshi@cs.Washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Ada Lerner, John Manferdelli, John Mitchell, Franziska Roesner,

349 views • 20 slides
General Background Data Asia General Formulary and Cost 7 essential opioids Codeine Morphine,

General Background Data Asia General Formulary and Cost 7 essential opioids Codeine Morphine,

The international collaborative project to evaluate the availability and accessibility of opioids for the management of cancer pain in Africa, Asia, Latin America and Middle East Preliminary results for peer review: ASIA Nathan I Cherny

1.23k views • 23 slides
Peer Sharing Webinar: Pain Management Oversight Committee Date: June 16, 2015 Presenters: Dr.

Peer Sharing Webinar: Pain Management Oversight Committee Date: June 16, 2015 Presenters: Dr.

Peer Sharing Webinar: Pain Management Oversight Committee Date: June 16, 2015 Presenters: Dr. Robert Moore, Partnership HealthPlan of California Dr. Jennifer Wilson, Clinic Ole Dr. David Canton, Shasta Community Health Center Audio

468 views • 13 slides
Kicking the complexity habit Dan North @tastapod Kicking the complexity habit Dan North

Kicking the complexity habit Dan North @tastapod Kicking the complexity habit Dan North

Kicking the complexity habit Dan North @tastapod Kicking the complexity habit Dan North @tastapod Kicking complexity Dan North @tastapod Complexity Dan North @tastapod It really shouldnt be this difficult @tastapod Know

195 views • 16 slides
The Many Flavors of Palate Surgery Which One is Best? Edward M. Weaver, MD, MPH University

The Many Flavors of Palate Surgery Which One is Best? Edward M. Weaver, MD, MPH University

The Many Flavors of Palate Surgery Which One is Best? Edward M. Weaver, MD, MPH University of Washington Harborview Medical Center Seattle VA Medical Center Acknowledgments This material is the result of work supported in part by the

742 views • 43 slides

More recommend