4.5 Article

Novel Packet Size-Based Covert Channel Attacks against Anonymizer

期刊

IEEE TRANSACTIONS ON COMPUTERS
卷 62, 期 12, 页码 2411-2426

出版社

IEEE COMPUTER SOC
DOI: 10.1109/TC.2012.169

关键词

Anonymizer; watermark; TCP dynamics

资金

  1. National Key Basic Research Program of China (973 Program) [2010CB328104, 2011CB302800]
  2. China National High Technology Research and Development Program [2013AA013503]
  3. National Science Foundation of China (NSFC) [61272054, 61202449, 61003257, 61320106007, 61070221, 61070222]
  4. US National Science Foundation (NSF) [CNS-1116644, DUE-0942113, CNS-0958477, CNS-1117175, CNS-0916584, CNS-1065136, CNS-1218876]
  5. General Research Fund of the Hong Kong SAR, China [CityU 114012, CityU 114513]
  6. ShenZhen (China) Basic Research Project [JCYJ20120618115257259]
  7. China Specialized Research Fund for the Doctoral Program of Higher Education [20110092130002]
  8. JScience Research Foundation of Graduate School of Southeast University
  9. Jiangsu Provincial Key Laboratory of Network and Information Security [BM2003201]
  10. Key Laboratory of Computer Network and Information Integration of Ministry of Education of China [93K-9]
  11. Division Of Computer and Network Systems
  12. Direct For Computer & Info Scie & Enginr [0958477] Funding Source: National Science Foundation

向作者/读者索取更多资源

In this paper, we present a study on the anonymity of Anonymizer, a well-known commercial anonymous communication system. We discovered the architecture of Anonymizer and found that the size of web packets in the Anonymizer network can be very dynamic at the client. Motivated by this finding, we investigated a class of novel packet size-based covert channel attacks against Anonymizer. The attacker between a website and the Anonymizer server can manipulate the web packet size and embed secret signal symbols into the target traffic. An accomplice at the user side can sniff the traffic and recognize the secret signal. In this way, the anonymity provided by Anonymizer is compromised. We developed intelligent and robust algorithms to cope with the packet size distortion incurred by Anonymizer and Internet. We developed techniques to make the attack harder to detect: 1) We pick up right packets of web objects to manipulate to preserve the regularity of the TCP packet size dynamics, which can be measured by the Hurst parameter; 2) We adopt the Monte Carlo sampling technique to preserve the distribution of the web packet size despite manipulation. We have implemented the attack over Anonymizer and conducted extensive analytical and experimental evaluations. It is observed that the attack is highly efficient and requires only tens of packets to compromise the anonymous web surfing via Anonymizer. The experimental results are consistent with our theoretical analysis.

作者

我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。

评论

主要评分

4.5
评分不足

次要评分

新颖性
-
重要性
-
科学严谨性
-
评价这篇论文

推荐

暂无数据
暂无数据