recap tracking anonymous peer to peer voip calls on the
play

Recap: Tracking Anonymous Peer-to- Peer VoIP Calls on the Internet - PowerPoint PPT Presentation

Dec 21, 2022 •49 likes •599 views

Recap: Tracking Anonymous Peer-to- Peer VoIP Calls on the Internet Scott E. Coull and Amos Wetherbee April 7, 2006 Encoding a bit Packet flow of n bits 1. Select 2r packets from the first n-d packets 2. at random d is used to prevent

  1. Recap: Tracking Anonymous Peer-to- Peer VoIP Calls on the Internet Scott E. Coull and Amos Wetherbee April 7, 2006

  2. Encoding a bit Packet flow of n bits 1. Select 2r packets from the first n-d packets 2. at random d is used to prevent overflowing the packet flow ! Hence, # ! n ! % d # ! $ 2 "

  3. Encoding a bit Pair each chosen packet with a packet in 3. the flow d packets later Compute the Inter-Packet Delay for each 4. pair: ' & ipd t t ( z , d z d z k k k Gives us the timing difference between the k th ! packet chosen at random and the ( k+d) th

  4. Encoding a bit " Random variables for IPD are independently and identically distributed ( i.i.d. ) ! We select packets independently at random (independence) ! Packets are taken from the same arrival distribution (identically distributed)

  5. Encoding a bit Split the IPDs into two groups of equal size 5. Since our IPDs are i.i.d. we can expect these " groups are similar w.r.t. mean and variance Calculate the midpoint difference between 6. corresponding IPDs across the groups & ipd ipd ' 1 , k , d 2 , k , d Y k , d 2

  6. Encoding a bit Compute the average of the midpoint 7. differences r 1 ) ' Y Y r , d k , d r ' k 1 We want to change this value to be skewed by a ! If we increase ipd 1,k,d and decrease ipd 2,k,d we ! skew the average positively

  7. Encoding a bit: An Example 1000 900 800 Number of Occurrences 700 Y , 600 r d 500 1000 IPD 1,k,d 400 900 300 800 200 Number of Occurrences 100 700 0 600 20 22 24 26 28 30 32 34 36 38 40 500 IPD in Milliseconds 1000 400 900 300 800 200 Number of Occurrences 700 100 600 0 500 -10 -8 -6 -4 -2 0 2 4 6 8 10 IPD 2,k,d 400 IPD in Milliseconds 300 200 100 0 20 22 24 26 28 30 32 34 36 38 40 IPD in Milliseconds

  8. Encoding a bit: An Example 1000 900 800 Number of Occurrences 700 Y , 600 r d 500 1000 IPD 1,k,d 400 900 300 800 200 Number of Occurrences 700 100 600 0 20 22 24 26 28 30 32 34 36 38 40 500 IPD in Milliseconds 400 1000 300 900 200 800 Number of Occurrences 100 700 0 600 -10 -8 -6 -4 -2 0 2 4 6 8 10 500 IPD 2,k,d IPD in Milliseconds 400 300 200 100 0 20 22 24 26 28 30 32 34 36 38 40 IPD in Milliseconds

  9. Reactions: Tracking Anonymous Peer-to- Peer VoIP Calls on the Internet Scott E. Coull and Amos Wetherbee April 7, 2006

  10. Questions " What is the value d ? ! Ensures that we do not overflow the number of packets we have when creating pairings " What is the value r ? ! The number of packets to alter ! The larger the value, the better the chance of recreating the proper distributions " As r increases, we can expect more of them to arrive with little or no jitter ! Also reduces channel capacity as it increases

  11. Questions " How does Skype route calls? ! In some cases Supernodes route traffic, in others it is direct peer-to-peer ! Refer to: " An Experimental Study of the Skype Peer-to-Peer VoIP System (http://iptps06.cs.ucsb.edu/papers/Guha-skype06.pdf) " Silver Needle in the Skype (http://www.secdev.org/conf/skype_BHEU06.pdf)

  12. Questions " How can we reduce the delay of a packet?! ! Slow all VoIP packets down by a time then allow the ‘reduced delay’ packets to proceed without that delay " Can’t we just check for the same encrypted traffic on both ends? ! Yes – See Detecting Stepping Stones by Zhang & Paxson ! Active monitoring is necessary because it isn’t easy to distinguish VoIP flows

  13. Questions " How do you encode multiple bits into a call? ! Good question; they aren’t specific ! My guess: " Think of n as a window size " Utilize multiple windows of size n ! In their application this is unnecessary

  14. Comments The paper has a fairly good mixture of mathematical reasoning, charts and diagrams, and experimental results. …I really like the idea of a watermark that is built upon the expectation of something and the central limit theorem. When I first read this paper, I almost felt satisfied by the level of analysis performed…But then I read “Capacity Estimation and Auditability of Network Covert Channels”: a work done over 10 years ago.

  15. Comments " Paper fails in defining a practical, real-time algorithm ! How do we buffer the packets? " In fact, the authors claim no buffering is needed ! How can we find the average difference without storing all packets for the call first? ! One possibility: " Perform ‘addition’ and ‘subtraction’ of delay on per packet basis rather than computing the entire distribution

  16. Extensions " Anonymizing networks that add/subtract jitter to inter-arrival times ! Subtracting jitter (i.e. maintaining QoS) is equivalent to quantizing the transmission rate ! Adding jitter is equivalent to randomizing the distribution ! Both can work, but one is better ! Could these work for VoIP? At what point would the call quality suffer?

  17. Extensions " Changes to the watermarking system to accommodate shorter/longer calls more efficiently ! Can we choose an optimal technique based on the call length/type? " Alternate method of watermarking by ‘avoiding’ a specific IPD value ! Use in traceback mechanisms?

  18. Extensions " Leaking RFID key by car engine RPM level at idle " Leaking information through CRT monitor refresh rate " Angular velocity of a Blu-Ray DVD… " <Insert ridiculous source of covert channel here> " Covert channels are everywhere ! Still lots of interesting research to be done

  19. Covert Timing Channels and their Defenses Scott E. Coull April 7, 2006

  20. Revisiting VoIP Tracking

  21. Revisiting VoIP Tracking T Transformed IPD Differences 1000 900 800 Number of Occurrences 700 600 500 400 300 200 100 0 -10 -8 -6 -4 -2 0 2 4 6 8 10 IPD in Milliseconds

  22. Naïve Method of Defense for VoIP T TOR " Sender increases rate of sending to 20ms ! Makes up for the delay introduced by TOR " T adds 2ms delay to encode a ‘1’ bit " Sender chooses some random number of TOR routers to send the packet through ! Thereby introducing ‘random’ delay after T

  23. Naïve Method of Defense for VoIP T TOR Transformed IPD Differences 1000 900 800 Number of Occurrences 700 600 500 400 300 200 100 0 -10 -8 -6 -4 -2 0 2 4 6 8 10 IPD in Milliseconds

  24. Generalizing the Defense " ‘Randomize’ the timing ! Fuzzy Timing – Wei-Ming Hu ! Network Pumps – Kang, Moskowitz, Lee ! Jammers – Giles and Hajek " Detect changes to variance in inter-arrival times ! Detecting IP Timing Channels – Cabuk, Brodley, Shields

  25. Fuzzy Timing " Implemented in VAX security kernel " Software timing channels are easy to audit by the Trusted Computing Base (TCB) ! Randomize timing of scheduled processes ! Check for known modulation techniques " Hardware timing channels are more tricky ! Bus-Contention as timing channel ! Not auditable and not under control of the TCB

  26. Fuzzy Timing " Solution to hardware control problem: ! Add noise to all timing information throughout the system " Need to address clock and I/O interrupts

  27. Fuzzy Timing " For the system clock: ! Set a counter to a random value ! Increment the counter at every 1 microsecond ! Produce an interrupt when the counter overflows ! Accurate system time is kept separately by adding the number of increments, and it updated when the interrupt occurs

  28. Fuzzy Timing " For the I/O clock: ! Need to consider the time the event occurred (downticks) and the time the notification interrupt is sent (upticks) ! Time is ‘fuzzed’ between these two ticks by a uniformly distributed random variable

  29. Fuzzy Timing " Fuzzy timing effects: ! Reduced the channel bandwidth by ‘two orders of magnitude’ ! Resultant bandwidth of less than 10 bits per second (?) " No need to audit the channel ! Makes it difficult to do any timing attacks within the host, including software timing attacks

  30. Network Pumps " Multi-level Secure (MLS) Network: ! High level that contains sensitive information " Only members of the high level can access information within the high level ! Low level that contains information for all users " All members, both low level and high level can access this information " When a high level user gets low level information, they can modulate ACK timing

  31. Network Pumps " The Pump ! An intermediary between high and low level that intercepts messages from low to high and ACKs from high to low

  32. Network Pumps " How it works: ! Lows (L i ) sends to their Receiver queue ! Trusted Low Process (TLP) takes message from Receiver queue and routes it to the proper buffer ACK is sent by Pump to L i when message is placed in buffer " after a random delay ! Trusted High Process (THP) delivers the message to Highs (H i )

  33. Network Pumps " Some considerations: ! The Pump acts as a router so queuing is important " Design allows for max-min fair queuing strategy ! Throughput must also remain unhindered " ACK rate is tied to the retrieval rate of the server from its buffers

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Tracking Anonymous Peer-to-Peer Calls on the Internet Xinyuan Wang, Shiping Chen and Sushil

Tracking Anonymous Peer-to-Peer Calls on the Internet Xinyuan Wang, Shiping Chen and Sushil

232 views • 11 slides
Attacks on Structured Peer-to-Peer Anonymous Communication Systems Theresa Enghardt

Attacks on Structured Peer-to-Peer Anonymous Communication Systems Theresa Enghardt

Motivation Anonymous Communication NISAN Torsk Conclusion Attacks on Structured Peer-to-Peer Anonymous Communication Systems Theresa Enghardt theri@mailbox.tu-berlin.de Seminar Computer Security Technische Universitt Berlin 28 July 2011

390 views • 17 slides
Peer-to-Peer Networks 09 Random Graphs for Peer-to-Peer-Networks Christian Ortolf Technical

Peer-to-Peer Networks 09 Random Graphs for Peer-to-Peer-Networks Christian Ortolf Technical

Peer-to-Peer Networks 09 Random Graphs for Peer-to-Peer-Networks Christian Ortolf Technical Faculty Computer-Networks and Telematics University of Freiburg Peer-to-Peer Networking Facts Hostile environment - Legal situation - Egoistic

882 views • 57 slides
Comparing Hybrid Peer-to-Peer Hybrid peer-to-peer systems Systems Beverly Yang and Hector

Comparing Hybrid Peer-to-Peer Hybrid peer-to-peer systems Systems Beverly Yang and Hector

Comparing Hybrid Peer-to-Peer Hybrid peer-to-peer systems Systems Beverly Yang and Hector Garcia-Molina Pure peer-to-peer systems are hard to scale Gnutella Look at hybrids between p2p and server-client Presented by Marco Barreno Servers

282 views • 6 slides
THE PEER-TO-PEER NETWORK JOHN NEWBERY @jfnewbery github.com/jnewbery THE PEER-TO-PEER NETWORK

THE PEER-TO-PEER NETWORK JOHN NEWBERY @jfnewbery github.com/jnewbery THE PEER-TO-PEER NETWORK

THE PEER-TO-PEER NETWORK JOHN NEWBERY @jfnewbery github.com/jnewbery THE PEER-TO-PEER NETWORK Introduction Types of nodes Message format Control messages Transaction propagation Block propagation THE PEER TO PEER

767 views • 38 slides
Distributed Systems Peer-to-Peer Rik Sarkar James

Distributed Systems Peer-to-Peer Rik Sarkar James

Distributed Systems Peer-to-Peer Rik Sarkar James Cheney University of Edinburgh Spring 2014 Recap: p2p We studied properEes of p2p

340 views • 33 slides
Serverless networking (peer-to-peer computing) Peer-to-peer models Client-server computing

Serverless networking (peer-to-peer computing) Peer-to-peer models Client-server computing

5/7/08 Serverless networking (peer-to-peer computing) Peer-to-peer models Client-server computing servers provide special services to clients clients request service from a server Pure peer-peer computing all systems have equivalent

586 views • 20 slides
Peer-to-Peer Networking and Discovery Technologies Week 6 Whats Peer-to-Peer? A different

Peer-to-Peer Networking and Discovery Technologies Week 6 Whats Peer-to-Peer? A different

Peer-to-Peer Networking and Discovery Technologies Week 6 Whats Peer-to-Peer? A different network architecture than client/server Each peer is both a client and a server Appropriate for applications that dont require a

353 views • 11 slides
NSYNC Network Synchronization for Low-latency Peer-to-Peer Streaming Overlay Construction

NSYNC Network Synchronization for Low-latency Peer-to-Peer Streaming Overlay Construction

NSYNC Network Synchronization for Low-latency Peer-to-Peer Streaming Overlay Construction Shudong Jin Case Western Reserve University NEONet Workshop, March 1, 2006 Peer-to-Peer Streaming Peer-to-peer systems versus client/server systems

292 views • 15 slides
THE POLITICS OF BLOCKCHAIN From Primus Inter Pares to Peer-to-Peer HOW BLOCKCHAIN WORKS In

THE POLITICS OF BLOCKCHAIN From Primus Inter Pares to Peer-to-Peer HOW BLOCKCHAIN WORKS In

THE POLITICS OF BLOCKCHAIN From Primus Inter Pares to Peer-to-Peer HOW BLOCKCHAIN WORKS In peer-to-peer networks, all the operations Peer-to-peer networks Proof-of-work equally rely on each node in the system. Digital signature Registry

328 views • 18 slides
Economics of Peer-to-Peer Markets Jonathan Levin Stanford

Economics of Peer-to-Peer Markets Jonathan Levin Stanford

Economics of Peer-to-Peer Markets Jonathan Levin Stanford University Lear Conference July 25, 2015 1 Internet Marketplaces 2 On-Demand Services 3 Introduction Peer-to-peer

1.02k views • 25 slides
Anonymous Paper-Review System Reporter: Group: Peer

Anonymous Paper-Review System Reporter: Group: Peer

Anonymous Paper-Review System Reporter: Group: Peer review of scholarly papers is seen to be a critical step in the publication of high quality outputs in reputable journals. Defects with the mechanism:

501 views • 20 slides
Peer-to-Peer Computing Peer-to-Peer (P2P) employ distributed resources to perform function in a

Peer-to-Peer Computing Peer-to-Peer (P2P) employ distributed resources to perform function in a

Introduction Peer-to-Peer Computing Peer-to-Peer (P2P) employ distributed resources to perform function in a decentralized manner Resource can be: computing, storage, bandwidth Function can be: computing, data sharing, D.

625 views • 6 slides
5th Grade Peer Ambassadors Parkway Elementary What is a Peer Ambassador? A Peer Ambassador is a

5th Grade Peer Ambassadors Parkway Elementary What is a Peer Ambassador? A Peer Ambassador is a

5th Grade Peer Ambassadors Parkway Elementary What is a Peer Ambassador? A Peer Ambassador is a good role model! She or he proudly represents the 6 pillars of character: Trustworthiness, Respect, Responsibility, Fairness, Caring, Citizenship A

258 views • 7 slides
P2P: Distributed Hash Tables Chord + Routing Geometries Nirvan Tyagi CS 6410 Fall16

P2P: Distributed Hash Tables Chord + Routing Geometries Nirvan Tyagi CS 6410 Fall16

P2P: Distributed Hash Tables Chord + Routing Geometries Nirvan Tyagi CS 6410 Fall16 Peer-to-peer (P2P) Peer-to-peer (P2P) Decentralized! Hard to coordinate with peers joining and leaving Peer-to-peer (P2P) Napster (1999) Peer-to-peer

869 views • 68 slides
Lets Put a Peer Worker on Campus! Keely Phillips, Self Help &amp; Peer Support OPDI

Lets Put a Peer Worker on Campus! Keely Phillips, Self Help &amp; Peer Support OPDI

Lets Put a Peer Worker on Campus! Keely Phillips, Self Help &amp; Peer Support OPDI Conference, October 2018 About Self Help &amp; Peer Support Peer Navigator Services at Conestoga College A full-time Peer Navigator will provide:

579 views • 16 slides
Interference Localisation Methods using Direct Position Determination Concept Joon Wayn Cheong

Interference Localisation Methods using Direct Position Determination Concept Joon Wayn Cheong

Interference Localisation Methods using Direct Position Determination Concept Joon Wayn Cheong Andrew Dempster Introduction GNSS signals are A network of phased inherently weak array sensors tuned to the GNSS band can Spurious

338 views • 19 slides
Testing GNSS Systems and Devices David Pearce Simplifying the integration of Position,

Testing GNSS Systems and Devices David Pearce Simplifying the integration of Position,

Testing GNSS Systems and Devices David Pearce Simplifying the integration of Position, Navigation, and Timing technologies into mission-critical systems. High-End Commercial Apps Military / Aerospace Datacenters UAVs

630 views • 25 slides
Study On Deep Water Exit Speed Prediction Of Torpedo Countermeasure Decoys UDT 2020 Paper Study

Study On Deep Water Exit Speed Prediction Of Torpedo Countermeasure Decoys UDT 2020 Paper Study

UDT 2020 Study On Deep Water Exit Speed Prediction Of Torpedo Countermeasure Decoys UDT 2020 Paper Study on deep water exit speed prediction of torpedo countermeasure decoys Diren ABAT [1] , mer BATMAZ [2] Defense Systems Technologies Division

69 views • 5 slides
Confusion / dilution countermeasure #UDT2019 Objective Two types of anti torpedo countermeasure

Confusion / dilution countermeasure #UDT2019 Objective Two types of anti torpedo countermeasure

Confusion / dilution countermeasure #UDT2019 Objective Two types of anti torpedo countermeasure exist : Hard kill countermeasure The aim is to home in, on torpedo and to destroy or disabling torpedo by blast or physically smashing into.

168 views • 14 slides
ELECTRONIC WARFARE LESSONS LEARNED FROM THE ANTITERRORIST OPERATION ON THE EASTERN UKRAINE Major

ELECTRONIC WARFARE LESSONS LEARNED FROM THE ANTITERRORIST OPERATION ON THE EASTERN UKRAINE Major

GENERAL STAFF ARMED FORCES OF UKRAINE ELECTRONIC WARFARE LESSONS LEARNED FROM THE ANTITERRORIST OPERATION ON THE EASTERN UKRAINE Major General Borys KREMENETSKYI Defence and Air Attache, Embassy of Ukraine to the UK Electronic Warfare (EW)

607 views • 31 slides
Statistical Signal and Array Processing Harry L. Van Trees University Professor Emeritus

Statistical Signal and Array Processing Harry L. Van Trees University Professor Emeritus

Statistical Signal and Array Processing Harry L. Van Trees University Professor Emeritus Kristine L. Bell Applied &amp; Engineering Statistics May 19, 2006 1 Objectives Apply statistical signal processing techniques to important new

407 views • 16 slides
Stupid Pluto Tricks with the ADALM-PLUTO FOSDEM 2018 ROBIN GETZ MICHAEL HENNERICH 02/04/2018

Stupid Pluto Tricks with the ADALM-PLUTO FOSDEM 2018 ROBIN GETZ MICHAEL HENNERICH 02/04/2018

Stupid Pluto Tricks with the ADALM-PLUTO FOSDEM 2018 ROBIN GETZ MICHAEL HENNERICH 02/04/2018 Agenda Analog Devices and Education Introduction to the ADALM-PLUTO Software support Libiio Supported applications Building

783 views • 35 slides
Current Projects T Improving Performance of Classical IP between APIC adapter cards T High Speed

Current Projects T Improving Performance of Classical IP between APIC adapter cards T High Speed

Status Report -- Gigabit Kits Oakland University Gigabit Netw ork Technology Workshop July 10-11, 2000 Current Projects T Improving Performance of Classical IP between APIC adapter cards T High Speed DMA Tests with the APIC adapter cards T

442 views • 14 slides

More recommend