The document summarizes various techniques for deanonymizing Tor hidden services through passive and active attacks.
Passive attacks involve observing traffic patterns to fingerprint Tor circuits and identify clients communicating with hidden services. Website fingerprinting is then used to determine the specific hidden service. Active attacks aim to control Tor relays to directly connect with and discover the IP address of a hidden service. The Sniper attack disables all entry guards for a service until the attacker's relay is selected. Configuration leaks from misconfigured hidden services can also expose identifying information.
The document discusses de-anonymization of hidden services on the Tor network. Hidden services allow for anonymous hosting of websites on Tor. De-anonymization seeks to uncover the real IP addresses of hidden services that host illegal activities. The document outlines an active attack method to de-anonymize a hidden service in three phases. The attack injects malicious nodes as relays to eventually control an entry guard node and force the hidden service to select it. This allows the attacker to directly connect to the server and learn its IP address, completing the de-anonymization.
The document discusses key distribution and authentication using symmetric encryption. It describes several options for distributing symmetric keys between two parties, including having a third party select and deliver the key. The most preferable option is using a key distribution center (KDC) that can dynamically provide session keys for encryption between hosts that have been granted permission to communicate. The document then provides details on how Kerberos, a widely used authentication system, implements this approach using a KDC, ticket granting tickets, and service granting tickets to authenticate users and allow secure communication without transmitting plaintext passwords. It also summarizes some of the environmental and technical deficiencies addressed in the updated Kerberos version 5 protocol.
Authentication in wireless - Security in Wireless Protocolsphanleson
The document discusses authentication protocols for wireless devices. It begins by describing the authentication problem and some basic client-server protocols. It then introduces the challenge-response protocol which aims to prevent replay attacks by including a random number in the response. However, this protocol is still vulnerable to man-in-the-middle and reflection attacks. The document proposes improvements like including an identifier in the hashed response to prevent message manipulation attacks. Overall, the document provides an overview of authentication challenges for wireless devices and the development of challenge-response protocols to address these issues.
This document summarizes a research paper on deniable encryption. The paper proposes a receiver-deniable public key encryption scheme with the following properties:
1) It is a one-move scheme that does not require any pre-encryption communication between the sender and receiver.
2) It does not require any pre-shared secrets between parties.
3) It provides strong deniability equivalent to factoring a large composite number.
4) It has no decryption errors.
5) It significantly improves bandwidth efficiency compared to previous schemes.
The proposed scheme uses a mediated RSA infrastructure and relies on oblivious transfer between the receiver and security mediator to enable deniability for the receiver.
The document provides a specification for the Silent Circle Instant Messaging Protocol (SCIMP). SCIMP enables private conversations over instant messaging and draws from related protocols like ZRTP, OTR, and Cryptocat. It provides strong encryption, authentication, and perfect forward secrecy using algorithms approved by NIST like ECCDH, AES, and SHA. The protocol establishes an encrypted session in 3 messages using key continuity and optional voice verification to prevent man-in-the-middle attacks. It then encrypts messages with CCM authenticated encryption.
Message authentication and hash functionomarShiekh1
The document discusses message authentication and hash functions. It covers security requirements including integrity, authentication and non-repudiation. It describes different authentication functions such as message encryption, message authentication codes (MACs), and hash functions. It provides examples of how hash functions work and evaluates the security of hash functions and MACs against brute force and cryptanalytic attacks.
PREVENTION METHOD OF FALSE REPORT GENERATION IN CLUSTER HEADS FOR DYNAMIC EN-...ijcsit
Wireless sensor networks collect data through collaborative communication between sensor nodes. sensor nodes of wireless sensor networks are deployed in open environments. Hence, an attacker can easily compromise the node. An attacker can compromise a node to generate false reports and inject into the network. This causes unnecessary energy consumption in the process of transmitting false alarm messages and false data reports to the system. If the attacker keeps repeatedly attacking thereby causing problems such as reduction in the entire network life or disabling the networks. Yu and Guan proposed a dynamic en-route filtering scheme to detect and drop these false reports before reaching to the Base station. In the dynamic en-route filtering, the energy waste of the intermediate nodes occurs until it is detected early. In this paper, we propose a method to save the energy of the intermediate nodes by searching for the compromised node and blocking the reports generated at that node. When verifying a false report at the verification node, it can know report information. The base station is able to find the cluster of compromised nodes using that information. In particular, the base station can know the location of the node that has been compromised, we can block false alarms and energy losses by blocking reports
generated in that cluster.
The document discusses de-anonymization of hidden services on the Tor network. Hidden services allow for anonymous hosting of websites on Tor. De-anonymization seeks to uncover the real IP addresses of hidden services that host illegal activities. The document outlines an active attack method to de-anonymize a hidden service in three phases. The attack injects malicious nodes as relays to eventually control an entry guard node and force the hidden service to select it. This allows the attacker to directly connect to the server and learn its IP address, completing the de-anonymization.
The document discusses key distribution and authentication using symmetric encryption. It describes several options for distributing symmetric keys between two parties, including having a third party select and deliver the key. The most preferable option is using a key distribution center (KDC) that can dynamically provide session keys for encryption between hosts that have been granted permission to communicate. The document then provides details on how Kerberos, a widely used authentication system, implements this approach using a KDC, ticket granting tickets, and service granting tickets to authenticate users and allow secure communication without transmitting plaintext passwords. It also summarizes some of the environmental and technical deficiencies addressed in the updated Kerberos version 5 protocol.
Authentication in wireless - Security in Wireless Protocolsphanleson
The document discusses authentication protocols for wireless devices. It begins by describing the authentication problem and some basic client-server protocols. It then introduces the challenge-response protocol which aims to prevent replay attacks by including a random number in the response. However, this protocol is still vulnerable to man-in-the-middle and reflection attacks. The document proposes improvements like including an identifier in the hashed response to prevent message manipulation attacks. Overall, the document provides an overview of authentication challenges for wireless devices and the development of challenge-response protocols to address these issues.
This document summarizes a research paper on deniable encryption. The paper proposes a receiver-deniable public key encryption scheme with the following properties:
1) It is a one-move scheme that does not require any pre-encryption communication between the sender and receiver.
2) It does not require any pre-shared secrets between parties.
3) It provides strong deniability equivalent to factoring a large composite number.
4) It has no decryption errors.
5) It significantly improves bandwidth efficiency compared to previous schemes.
The proposed scheme uses a mediated RSA infrastructure and relies on oblivious transfer between the receiver and security mediator to enable deniability for the receiver.
The document provides a specification for the Silent Circle Instant Messaging Protocol (SCIMP). SCIMP enables private conversations over instant messaging and draws from related protocols like ZRTP, OTR, and Cryptocat. It provides strong encryption, authentication, and perfect forward secrecy using algorithms approved by NIST like ECCDH, AES, and SHA. The protocol establishes an encrypted session in 3 messages using key continuity and optional voice verification to prevent man-in-the-middle attacks. It then encrypts messages with CCM authenticated encryption.
Message authentication and hash functionomarShiekh1
The document discusses message authentication and hash functions. It covers security requirements including integrity, authentication and non-repudiation. It describes different authentication functions such as message encryption, message authentication codes (MACs), and hash functions. It provides examples of how hash functions work and evaluates the security of hash functions and MACs against brute force and cryptanalytic attacks.
PREVENTION METHOD OF FALSE REPORT GENERATION IN CLUSTER HEADS FOR DYNAMIC EN-...ijcsit
Wireless sensor networks collect data through collaborative communication between sensor nodes. sensor nodes of wireless sensor networks are deployed in open environments. Hence, an attacker can easily compromise the node. An attacker can compromise a node to generate false reports and inject into the network. This causes unnecessary energy consumption in the process of transmitting false alarm messages and false data reports to the system. If the attacker keeps repeatedly attacking thereby causing problems such as reduction in the entire network life or disabling the networks. Yu and Guan proposed a dynamic en-route filtering scheme to detect and drop these false reports before reaching to the Base station. In the dynamic en-route filtering, the energy waste of the intermediate nodes occurs until it is detected early. In this paper, we propose a method to save the energy of the intermediate nodes by searching for the compromised node and blocking the reports generated at that node. When verifying a false report at the verification node, it can know report information. The base station is able to find the cluster of compromised nodes using that information. In particular, the base station can know the location of the node that has been compromised, we can block false alarms and energy losses by blocking reports
generated in that cluster.
Dans cette session, Cedric Fournet, chercheur principal à Microsoft Research Cambridge et au Centre de Recherche Commun INRIA-Microsoft Research nous présentera un panorama des types de vulnérabilités classiques de TLS ainsi que le projet "MiTLS" qui leur a permis, en avril 2014, de révéler une vulnérabilité majeure mais n'ayant pas fait l'objet d'attaques jusqu'à sa découverte. MiTLS est une implémentation expérimentale vérifiée mathématiquement de TLS : MiTLS est implémenté en F# et spécifié en F7. MiTLS est une plateforme de recherche et de test permettant de revisiter les attaques connues et régulièrement d'en trouver de nouvelles et donc de renforcer la robustesse du protocole en connexion avec l'IETF. TLS 1.2 (connu aussi comme SSL 3.0) est le protocole de cryptographie le plus répandu pour sécuriser les communications et les échanges sur Internet. Successeur de SSL, TLS est la garantie que vos transactions bancaires sur le web ou que votre messagerie seront bien protégées. TLS est omniprésent : HTTPS, 802.1x, VPNs, files, mail, VoIP… Et pourtant, est-ce que la confiance qu'on lui accorde est bien méritée ? Est-ce que TLS est sûr à 100% ? TLS a une histoire longue de 18 ans de défauts et de correctifs, depuis la logique de sa spécification jusqu'aux multiples implémentations. Son omniprésence au cœur du système de confiance du web rend nécessaire une démarche organisée, rationnelle et préventive de détection de ses vulnérabilités. http://www.mitls.org/wsgi/home http://research.microsoft.com/en-us/projects/f7/
Information and network security 46 digital signature algorithmVaibhav Khanna
The Digital Signature Algorithm (DSA) is a Federal Information Processing Standard for digital signatures, based on the mathematical concept of modular exponentiation and the discrete logarithm problem. DSA is a variant of the Schnorr and ElGamal signature schemes
This document discusses different types of firewalls including packet filtering firewalls, application gateways, circuit gateways, and dynamic packet filters. It describes how each works and their advantages and disadvantages. Packet filtering firewalls use transport layer information to filter packets and are the simplest but least secure. Application gateways use proxies to filter at the application level for specific protocols like HTTP, FTP, and SMTP. Circuit gateways filter at the TCP level. A dynamic packet filter combines these approaches. The document also discusses firewall configuration and limitations, such as not protecting against inside threats.
Twenty years of attacks on the rsa cryptosystemlinzi320
- The document surveys various attacks on the RSA cryptosystem over the past 20 years.
- It describes some elementary attacks, such as using a common modulus for multiple users or blinding signatures, which illustrate improper implementations of RSA.
- It also summarizes Wiener's 1994 attack, which shows that if the private exponent d is too small (less than N1/4), it can be efficiently recovered, breaking the system. The attack uses continued fraction approximations to recover d.
Symmetric encryption and message confidentialityCAS
Symmetric Encryption Principles
Data Encryption Standard
Advanced Encryption Standard
Stream Ciphers and RC4
Cipher Block Modes of Operation
Key Distribution
SSL and TLS provide end-to-end security for applications using TCP. They operate at the transport layer and provide services like data encryption, message integrity, and client/server authentication. The key components are the handshake protocol for negotiating encryption parameters and exchanging keys, the record protocol for fragmenting and encrypting application data, and alert and change cipher spec protocols for signaling errors and key changes. Common algorithms include RSA and Diffie-Hellman for key exchange, RC4, 3DES and AES for encryption, and MD5 or SHA for hashing. Sessions define a connection's cryptographic settings while connections are the actual data streams.
Information and network security 45 digital signature standardVaibhav Khanna
The Digital Signature Standard is a Federal Information Processing Standard specifying a suite of algorithms that can be used to generate digital signatures established by the U.S. National Institute of Standards and Technology in 1994
By carefully measuring the amount of time required to perform private key operations, attackers may be able to find fixed Diffie-Hellman exponents, factor RSA keys, and break other cryptosystems. Against a vulnerable system, the attack is computationally inexpensive and often requires only known ciphertext. Actual systems are potentially at risk, including cryptographic tokens, network-based cryptosystems, and other applications where attackers can make reasonably accurate timing measurements. Techniques for preventing the attack for RSA and Diffie-Hellman are presented. Some cryptosystems will need to be revised to protect against the attack, and new protocols and algorithms may need to incorporate measures to prevent timing attacks.
The document describes various error detection codes including parity, checksums, and cyclic redundancy checks (CRCs). Parity bits detect single bit errors by making the total number of 1s in a data block even or odd. Checksums compute a sum of data bits to detect errors. CRCs treat data as polynomial coefficients, computing a checksum as the remainder of a polynomial division to detect all errors up to the checksum size. The document also discusses how these codes are implemented in communication protocols.
What is cryptography,its types,two algorithms i.e RSA and DES.
explained well and referenced the slide share too to give more precise presentation. Thank you.
This document discusses Message Authentication Codes (MACs). It describes MACs as secret key algorithms that generate a tag to authenticate messages. There are two main types of MACs - cipher-based MACs that use symmetric encryption algorithms like block ciphers, and hash-based MACs that apply hash functions. The document outlines the security properties MACs should provide, such as being difficult to forge tags or recover keys from known message-tag pairs. It also describes common attacks on MACs like key recovery attacks or forging valid message-tag pairs.
Information and network security 44 direct digital signaturesVaibhav Khanna
The Direct Digital Signature is only include two parties one to send message and other one to receive it. According to direct digital signature both parties trust each other and knows there public key. The message are prone to get corrupted and the sender can declines about the message sent by him any time
Key Distribution Problem in advanced operating systemMerlin Florrence
The document discusses the key distribution problem in cryptography. When two entities want to securely communicate, they must obtain matching encryption and decryption keys. There are different approaches to key distribution, including a centralized approach where a single Key Distribution Center (KDC) maintains secret keys for each user, and a fully distributed approach without a central authority. The centralized approach is simple to implement but relies on a single point of failure.
SECURITY PRACTICE & SYSTEM SECURITY
Authentication applications – Kerberos – X.509 Authentication services – Internet Firewalls for Trusted System: Roles of Firewalls – Firewall related terminology- Types of Firewalls – Firewall designs – SET for E-Commerce Transactions. Intruder – Intrusion detection system – Virus and related threats – Countermeasures – Firewalls design principles – Trusted systems – Practical implementation of
cryptography and security.
This document provides an overview of asymmetric cryptography, including its history and key concepts. It discusses how asymmetric cryptography uses key pairs, with one key kept private and one shared publicly. Common asymmetric algorithms are described such as RSA, Diffie-Hellman, El Gamal, and Elliptic Curve Cryptography. The document also covers hashing, message authentication codes, digital signatures, and key management considerations.
Sniffing is a technique used to capture network traffic for the purposes of hacking or troubleshooting. A sniffer program collects all data passing through a network interface. In passive sniffing on a hub, all data is broadcast to all devices. Active sniffing on a switch requires tricks like MAC flooding or ARP spoofing to redirect traffic. The Dsniff toolset includes programs for sniffing protocols like HTTP, HTTPS, SSH, and DNS. It can reveal passwords and spoof sites. Defenses include using encrypted protocols and static ARP tables, and paying attention to browser/client warnings.
The document discusses denial of service (DoS) and distributed denial of service (DDoS) attacks. It describes different types of DoS attacks such as sending malformed packets to exploit protocol or application flaws. It notes that DDoS attacks involve aggregating malicious traffic from many zombie machines to flood the victim with packets. Most defense methods focus on mitigating bandwidth consumption from packet flooding. However, attackers may also directly target applications to exhaust computational resources. The document proposes an acknowledgment-based port hopping protocol for secure communication between a sender and receiver that is resistant to such attacks.
Speedy ip trace back(sipt) for identifying sadhanSadan Kumar
The document proposes a new method called Speedy IP Traceback (SIPT) to identify denial-of-service attacks. SIPT works by having routers insert the media access control (MAC) address of the client and the router's IP address into packets. This allows the destination to identify the attacker's boundary router and MAC address, tracing the attack path. Traditionally, mechanisms like ingress filtering, link testing, and packet marking have been used but have not kept pace with evolving attacks. SIPT provides a more direct way to find the router connected to the attacker.
Dans cette session, Cedric Fournet, chercheur principal à Microsoft Research Cambridge et au Centre de Recherche Commun INRIA-Microsoft Research nous présentera un panorama des types de vulnérabilités classiques de TLS ainsi que le projet "MiTLS" qui leur a permis, en avril 2014, de révéler une vulnérabilité majeure mais n'ayant pas fait l'objet d'attaques jusqu'à sa découverte. MiTLS est une implémentation expérimentale vérifiée mathématiquement de TLS : MiTLS est implémenté en F# et spécifié en F7. MiTLS est une plateforme de recherche et de test permettant de revisiter les attaques connues et régulièrement d'en trouver de nouvelles et donc de renforcer la robustesse du protocole en connexion avec l'IETF. TLS 1.2 (connu aussi comme SSL 3.0) est le protocole de cryptographie le plus répandu pour sécuriser les communications et les échanges sur Internet. Successeur de SSL, TLS est la garantie que vos transactions bancaires sur le web ou que votre messagerie seront bien protégées. TLS est omniprésent : HTTPS, 802.1x, VPNs, files, mail, VoIP… Et pourtant, est-ce que la confiance qu'on lui accorde est bien méritée ? Est-ce que TLS est sûr à 100% ? TLS a une histoire longue de 18 ans de défauts et de correctifs, depuis la logique de sa spécification jusqu'aux multiples implémentations. Son omniprésence au cœur du système de confiance du web rend nécessaire une démarche organisée, rationnelle et préventive de détection de ses vulnérabilités. http://www.mitls.org/wsgi/home http://research.microsoft.com/en-us/projects/f7/
Information and network security 46 digital signature algorithmVaibhav Khanna
The Digital Signature Algorithm (DSA) is a Federal Information Processing Standard for digital signatures, based on the mathematical concept of modular exponentiation and the discrete logarithm problem. DSA is a variant of the Schnorr and ElGamal signature schemes
This document discusses different types of firewalls including packet filtering firewalls, application gateways, circuit gateways, and dynamic packet filters. It describes how each works and their advantages and disadvantages. Packet filtering firewalls use transport layer information to filter packets and are the simplest but least secure. Application gateways use proxies to filter at the application level for specific protocols like HTTP, FTP, and SMTP. Circuit gateways filter at the TCP level. A dynamic packet filter combines these approaches. The document also discusses firewall configuration and limitations, such as not protecting against inside threats.
Twenty years of attacks on the rsa cryptosystemlinzi320
- The document surveys various attacks on the RSA cryptosystem over the past 20 years.
- It describes some elementary attacks, such as using a common modulus for multiple users or blinding signatures, which illustrate improper implementations of RSA.
- It also summarizes Wiener's 1994 attack, which shows that if the private exponent d is too small (less than N1/4), it can be efficiently recovered, breaking the system. The attack uses continued fraction approximations to recover d.
Symmetric encryption and message confidentialityCAS
Symmetric Encryption Principles
Data Encryption Standard
Advanced Encryption Standard
Stream Ciphers and RC4
Cipher Block Modes of Operation
Key Distribution
SSL and TLS provide end-to-end security for applications using TCP. They operate at the transport layer and provide services like data encryption, message integrity, and client/server authentication. The key components are the handshake protocol for negotiating encryption parameters and exchanging keys, the record protocol for fragmenting and encrypting application data, and alert and change cipher spec protocols for signaling errors and key changes. Common algorithms include RSA and Diffie-Hellman for key exchange, RC4, 3DES and AES for encryption, and MD5 or SHA for hashing. Sessions define a connection's cryptographic settings while connections are the actual data streams.
Information and network security 45 digital signature standardVaibhav Khanna
The Digital Signature Standard is a Federal Information Processing Standard specifying a suite of algorithms that can be used to generate digital signatures established by the U.S. National Institute of Standards and Technology in 1994
By carefully measuring the amount of time required to perform private key operations, attackers may be able to find fixed Diffie-Hellman exponents, factor RSA keys, and break other cryptosystems. Against a vulnerable system, the attack is computationally inexpensive and often requires only known ciphertext. Actual systems are potentially at risk, including cryptographic tokens, network-based cryptosystems, and other applications where attackers can make reasonably accurate timing measurements. Techniques for preventing the attack for RSA and Diffie-Hellman are presented. Some cryptosystems will need to be revised to protect against the attack, and new protocols and algorithms may need to incorporate measures to prevent timing attacks.
The document describes various error detection codes including parity, checksums, and cyclic redundancy checks (CRCs). Parity bits detect single bit errors by making the total number of 1s in a data block even or odd. Checksums compute a sum of data bits to detect errors. CRCs treat data as polynomial coefficients, computing a checksum as the remainder of a polynomial division to detect all errors up to the checksum size. The document also discusses how these codes are implemented in communication protocols.
What is cryptography,its types,two algorithms i.e RSA and DES.
explained well and referenced the slide share too to give more precise presentation. Thank you.
This document discusses Message Authentication Codes (MACs). It describes MACs as secret key algorithms that generate a tag to authenticate messages. There are two main types of MACs - cipher-based MACs that use symmetric encryption algorithms like block ciphers, and hash-based MACs that apply hash functions. The document outlines the security properties MACs should provide, such as being difficult to forge tags or recover keys from known message-tag pairs. It also describes common attacks on MACs like key recovery attacks or forging valid message-tag pairs.
Information and network security 44 direct digital signaturesVaibhav Khanna
The Direct Digital Signature is only include two parties one to send message and other one to receive it. According to direct digital signature both parties trust each other and knows there public key. The message are prone to get corrupted and the sender can declines about the message sent by him any time
Key Distribution Problem in advanced operating systemMerlin Florrence
The document discusses the key distribution problem in cryptography. When two entities want to securely communicate, they must obtain matching encryption and decryption keys. There are different approaches to key distribution, including a centralized approach where a single Key Distribution Center (KDC) maintains secret keys for each user, and a fully distributed approach without a central authority. The centralized approach is simple to implement but relies on a single point of failure.
SECURITY PRACTICE & SYSTEM SECURITY
Authentication applications – Kerberos – X.509 Authentication services – Internet Firewalls for Trusted System: Roles of Firewalls – Firewall related terminology- Types of Firewalls – Firewall designs – SET for E-Commerce Transactions. Intruder – Intrusion detection system – Virus and related threats – Countermeasures – Firewalls design principles – Trusted systems – Practical implementation of
cryptography and security.
This document provides an overview of asymmetric cryptography, including its history and key concepts. It discusses how asymmetric cryptography uses key pairs, with one key kept private and one shared publicly. Common asymmetric algorithms are described such as RSA, Diffie-Hellman, El Gamal, and Elliptic Curve Cryptography. The document also covers hashing, message authentication codes, digital signatures, and key management considerations.
Sniffing is a technique used to capture network traffic for the purposes of hacking or troubleshooting. A sniffer program collects all data passing through a network interface. In passive sniffing on a hub, all data is broadcast to all devices. Active sniffing on a switch requires tricks like MAC flooding or ARP spoofing to redirect traffic. The Dsniff toolset includes programs for sniffing protocols like HTTP, HTTPS, SSH, and DNS. It can reveal passwords and spoof sites. Defenses include using encrypted protocols and static ARP tables, and paying attention to browser/client warnings.
The document discusses denial of service (DoS) and distributed denial of service (DDoS) attacks. It describes different types of DoS attacks such as sending malformed packets to exploit protocol or application flaws. It notes that DDoS attacks involve aggregating malicious traffic from many zombie machines to flood the victim with packets. Most defense methods focus on mitigating bandwidth consumption from packet flooding. However, attackers may also directly target applications to exhaust computational resources. The document proposes an acknowledgment-based port hopping protocol for secure communication between a sender and receiver that is resistant to such attacks.
Speedy ip trace back(sipt) for identifying sadhanSadan Kumar
The document proposes a new method called Speedy IP Traceback (SIPT) to identify denial-of-service attacks. SIPT works by having routers insert the media access control (MAC) address of the client and the router's IP address into packets. This allows the destination to identify the attacker's boundary router and MAC address, tracing the attack path. Traditionally, mechanisms like ingress filtering, link testing, and packet marking have been used but have not kept pace with evolving attacks. SIPT provides a more direct way to find the router connected to the attacker.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Wireless networks are vulnerable to various security issues including passive attacks, active attacks, and layer-specific attacks. Passive attacks involve attackers collecting information without disrupting network performance, while active attacks such as blackhole attacks, wormhole attacks, and SYN flooding attacks actively disrupt network operations. Attacks can target different layers, with examples being jamming at the physical layer or resource exhaustion attacks at the MAC layer. A variety of techniques are needed to secure wireless networks, including encryption, authentication, intrusion detection, and resilient routing protocols.
AN INTRODUCTION TO NETWORK ADDRESS SHUFFLINGSreelekshmi S
This document introduces network address shuffling as a technique of moving target defense (MTD) to enhance cybersecurity. It describes MTD as automatically changing system attributes to make the attack surface unpredictable for adversaries. Network address shuffling specifically aims to periodically change IP addresses and port numbers. The document outlines various techniques for network address shuffling including MT6D, OF-RHM, RHM, and discusses key considerations for implementing an effective and practical shuffling method such as ensuring unpredictability, determining shuffling frequency, and security of the shuffling rules.
ASSURED NEIGHBOR BASED COUNTER PROTOCOL ON MAC-LAYER PROVIDING SECURITY IN MO...cscpconf
In this paper, we have taken out the concern of security on a Medium Access Control layer
implementing Assured Neighbor based Security Protocol to provide the authentication,
confidentiality and taking in consideration High speed transmission by providing security in
parallel manner in both Routing and Link Layer of Mobile Ad hoc Networks. We basically
divide the protocol into two different segments as the first portion concentrates, based on
Routing layer information; we implement the scheme for the detection and isolation of the
malicious nodes. The trust counter for each node is maintained which actively increased and
decreased considering the trust value for the packet forwarding. The threshold level is defined differencing the malicious and non malicious nodes. If the value of the node in trust counter lacks below the threshold value then the node is considered as malicious. The second part focus on providing the security in the link layer, the security is provided using CTR (Counter) approach for authentication and encryption. Hence simulating the results in NS-2, we come to conclude that the proposed protocol can attain high packet delivery over various intruders while attaining low delays and overheads.
This document summarizes a protocol for dynamically updating and verifying neighbor positions in mobile ad hoc networks (MANETs) in an adversarial environment. The protocol uses a 4-step message exchange to discover neighbors and verify their claimed positions through distance calculations. Nodes are classified as verified, faulty, or unverifiable. When nodes enter or leave communication range, they send messages to update their positions. The protocol is robust to adversarial attacks due to its ability to detect faulty nodes through symmetry and multilateration tests during verification. It also dynamically updates neighbor positions with low overhead as nodes move in the network.
Detection of application layer ddos attack using hidden semi markov model (20...Mumbai Academisc
This document discusses a proposed scheme to detect application layer distributed denial of service (App-DDoS) attacks using hidden semi-Markov models. It begins by describing how current techniques have difficulty distinguishing App-DDoS attacks from normal flash crowds based on traffic characteristics alone. The proposed scheme aims to capture spatial-temporal patterns during normal flash crowds using an Access Matrix, and then uses a hidden semi-Markov model to analyze dynamics of the Access Matrix and detect anomalies indicating potential App-DDoS attacks. It argues this approach can more effectively identify if traffic surges are caused by attackers or normal users compared to existing detection systems.
This document discusses a statistical approach for classifying and identifying different types of Distributed Denial of Service (DDoS) attacks using the UCLA dataset. It first introduces DDoS attacks and their increasing prevalence. It then discusses related work on DDoS attack detection. The document outlines the architecture of DDoS attacks and describes some common types like SYN flooding and ACK flooding attacks. The proposed system is described which involves collecting packets, extracting features, using a packet classification algorithm to initially classify attacks, then using a K-Nearest Neighbors classifier for more accurate results. Finally, the system aims to classify and identify specific types of DDoS attacks from the network traffic analysis.
This document discusses a statistical approach for classifying and identifying DDoS attacks using the UCLA dataset. It proposes extracting features from network traffic such as packet count, average packet size, time interval variance, and packet size variance. A packet classification algorithm first classifies packets as normal or attacks. For uncertain cases, a K-NN classifier is used. Then the types of DDoS attacks, including flooding and scanning attacks, are identified based on the feature values. The proposed approach is evaluated using the UCLA dataset and shows mathematical calculations for feature extraction. In conclusion, the statistical approach and packet classification algorithm are effective for classifying common DDoS flooding and scanning attacks.
what is transport layer what are the typical attacks in transport l.pdfbrijeshagarwa329898l
what is transport layer? what are the typical attacks in transport layer? what are the controls that
are employed in the layer to minimize the attack or vulnerability that leads to the attack? cite
references
Solution
Transport Layer:-
In computer networking, the transport layer is a conceptual division of methods in the layered
architecture of protocols in the network stack in the Internet Protocol Suite and the Open
Systems Interconnection (OSI). The protocols of the layerprovide host-to-host communication
services for applications.
Typical attacks in transport layer:-
1. SESSION HIJACKING: Session Hijacking is commonly known as TCP session Hijacking is a
way of taking over a secure/ unsecure web user session by secretly obtaining user’s session ID
and pretending to be the authorized user for accessing the data. How it works and types: Session
hijacking works by taking advantage of the fact that most communications are protected (by
providing credentials) at session setup, but not thereafter. These attacks generally fall into three
categories: Man-in-the-middle (MITM), Blind Hijack, and Session Theft. In MITM attacks, an
attacker intercepts all communications between two hosts. With communications between a
client and server now flowing through the attacker, he or she is free to modify their content.
Protocols that rely on the exchange of public keys to protect communications are often the target
of these types of attacks. In blind hijacking, an attacker injects data such as malicious commands
into intercepted communications between two hosts commands like “net.exe local group
administrators /add Evil Attacker”. This is called blind hijacking because the attacker can only
inject data into the communications stream; he or she cannot see the response to that data (such
as “The command completed successfully.”) Essentially, the blind hijack attacker is shooting
data in the dark, but as you will see shortly, this method of hijacking is still very effective. In a
session theft attack, the attacker neither intercepts nor injects data into existing communications
between two hosts. Instead, the attacker creates new sessions or uses old ones. This type of
session hijacking is most common at the application level, especially Web applications. Main
features are: -URL (Uniform resource locator) -Cookies -Session ID The cookies stores the
previous records of the users and the URL logs can give the current visited site, a hacker take
benefits from it and hacks user’s session ID through it, after doing that it pretends to be the
authorized user and accesses the data. A cookie usually is a piece of text sent by a server to the
web client and sent back unchanged by the client, each time it access the data. 1.1 Methods used
to perform session hijacking: 1.1.1IP Spoofing: It basically means taking identity of someone
else to perform some task, in this the attacker pretends to be the authorized user and access some
confidential information, not only this, the.
Exclusion of Denial of Service Attack using Graph Theory in MANETSIRJET Journal
This document proposes a method to detect and prevent denial of service (DoS) attacks in mobile ad hoc networks using a trust-based mechanism. It involves calculating trust values for each node based on their behavior and activity, including the number of routing packets sent and received. Nodes with low trust values that are suspected of attacks will be isolated from the network. The method was tested in an ad hoc network simulation using NS-2 and showed improved performance metrics like higher packet delivery ratio, lower delay, jitter and dropping ratio compared to a network under DoS attack. This demonstrates that the trust-based mechanism can effectively detect DoS attackers and secure routing in the mobile ad hoc network.
The document discusses various reconnaissance and access attacks against Cisco networks, as well as countermeasures. It covers passive sniffing, port scans, ping sweeps, password attacks, trust exploitation, IP spoofing, DHCP/ARP attacks, and DoS/DDoS attacks. Defenses include switched networks, encryption, firewall rules, DHCP snooping, dynamic ARP inspection, rate limiting, and storm control.
Monitoring of traffic over the victim under tcp syn flood in a laneSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
The document discusses various tools and techniques used by threat actors to carry out attacks. It describes categories of tools like password crackers, wireless hacking tools, network scanning tools, and packet crafting tools. It also covers categories of attacks such as eavesdropping, data modification, IP spoofing, password-based attacks, and denial-of-service attacks. Additionally, it discusses IP vulnerabilities, TCP and UDP vulnerabilities, and common exploits targeting enterprise services like HTTP, email, databases, and client-side scripting.
Session hijacking involves an attacker taking over an existing TCP connection between two machines by predicting sequence numbers and spoofing IP addresses. The document discusses the difference between spoofing and hijacking, the steps an attacker takes to hijack a session including predicting sequence numbers and killing the original connection, types of session hijacking techniques, and tools that can be used for session hijacking like Juggernaut, Hunt, IP Watcher, and T-Sight. It also provides countermeasures like using encryption, secure protocols, limiting connections, and educating employees.
Increasing network efficiency by preventing attacks at access layereSAT Publishing House
This document discusses increasing network efficiency by preventing attacks at the access layer. It describes common attacks like MAC address flooding, DHCP starvation, and DHCP spoofing that switches are vulnerable to. It then provides configurations for switch port security, DHCP snooping, and disabling unused ports to mitigate these attacks. These configurations aim to secure access layer switches and prevent malicious users from overloading the network.
Detection and analysis_of_syn_flood_ddosOleh Stupak
1. The document describes how to simulate a SYN flood DDoS attack using tools like GNS3, Virtual Machine Manager, Hping on the attacker system, and Wireshark on the victim system.
2. In the attack, the attacker generates a large number of TCP packets with different spoofed IP addresses and the SYN flag set, targeting a single victim IP. This overwhelms the victim's network queue.
3. Analyzing the network traffic on the victim using Wireshark shows a huge number of incoming TCP SYN packets but no ACK packets, indicating the attack and the victim system resetting half-open connections as the queue fills.
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODELgerogepatton
As digital technology becomes more deeply embedded in power systems, protecting the communication
networks of Smart Grids (SG) has emerged as a critical concern. Distributed Network Protocol 3 (DNP3)
represents a multi-tiered application layer protocol extensively utilized in Supervisory Control and Data
Acquisition (SCADA)-based smart grids to facilitate real-time data gathering and control functionalities.
Robust Intrusion Detection Systems (IDS) are necessary for early threat detection and mitigation because
of the interconnection of these networks, which makes them vulnerable to a variety of cyberattacks. To
solve this issue, this paper develops a hybrid Deep Learning (DL) model specifically designed for intrusion
detection in smart grids. The proposed approach is a combination of the Convolutional Neural Network
(CNN) and the Long-Short-Term Memory algorithms (LSTM). We employed a recent intrusion detection
dataset (DNP3), which focuses on unauthorized commands and Denial of Service (DoS) cyberattacks, to
train and test our model. The results of our experiments show that our CNN-LSTM method is much better
at finding smart grid intrusions than other deep learning algorithms used for classification. In addition,
our proposed approach improves accuracy, precision, recall, and F1 score, achieving a high detection
accuracy rate of 99.50%.
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECTjpsjournal1
The rivalry between prominent international actors for dominance over Central Asia's hydrocarbon
reserves and the ancient silk trade route, along with China's diplomatic endeavours in the area, has been
referred to as the "New Great Game." This research centres on the power struggle, considering
geopolitical, geostrategic, and geoeconomic variables. Topics including trade, political hegemony, oil
politics, and conventional and nontraditional security are all explored and explained by the researcher.
Using Mackinder's Heartland, Spykman Rimland, and Hegemonic Stability theories, examines China's role
in Central Asia. This study adheres to the empirical epistemological method and has taken care of
objectivity. This study analyze primary and secondary research documents critically to elaborate role of
china’s geo economic outreach in central Asian countries and its future prospect. China is thriving in trade,
pipeline politics, and winning states, according to this study, thanks to important instruments like the
Shanghai Cooperation Organisation and the Belt and Road Economic Initiative. According to this study,
China is seeing significant success in commerce, pipeline politics, and gaining influence on other
governments. This success may be attributed to the effective utilisation of key tools such as the Shanghai
Cooperation Organisation and the Belt and Road Economic Initiative.
Embedded machine learning-based road conditions and driving behavior monitoringIJECEIAES
Car accident rates have increased in recent years, resulting in losses in human lives, properties, and other financial costs. An embedded machine learning-based system is developed to address this critical issue. The system can monitor road conditions, detect driving patterns, and identify aggressive driving behaviors. The system is based on neural networks trained on a comprehensive dataset of driving events, driving styles, and road conditions. The system effectively detects potential risks and helps mitigate the frequency and impact of accidents. The primary goal is to ensure the safety of drivers and vehicles. Collecting data involved gathering information on three key road events: normal street and normal drive, speed bumps, circular yellow speed bumps, and three aggressive driving actions: sudden start, sudden stop, and sudden entry. The gathered data is processed and analyzed using a machine learning system designed for limited power and memory devices. The developed system resulted in 91.9% accuracy, 93.6% precision, and 92% recall. The achieved inference time on an Arduino Nano 33 BLE Sense with a 32-bit CPU running at 64 MHz is 34 ms and requires 2.6 kB peak RAM and 139.9 kB program flash memory, making it suitable for resource-constrained embedded systems.
Low power architecture of logic gates using adiabatic techniquesnooriasukmaningtyas
The growing significance of portable systems to limit power consumption in ultra-large-scale-integration chips of very high density, has recently led to rapid and inventive progresses in low-power design. The most effective technique is adiabatic logic circuit design in energy-efficient hardware. This paper presents two adiabatic approaches for the design of low power circuits, modified positive feedback adiabatic logic (modified PFAL) and the other is direct current diode based positive feedback adiabatic logic (DC-DB PFAL). Logic gates are the preliminary components in any digital circuit design. By improving the performance of basic gates, one can improvise the whole system performance. In this paper proposed circuit design of the low power architecture of OR/NOR, AND/NAND, and XOR/XNOR gates are presented using the said approaches and their results are analyzed for powerdissipation, delay, power-delay-product and rise time and compared with the other adiabatic techniques along with the conventional complementary metal oxide semiconductor (CMOS) designs reported in the literature. It has been found that the designs with DC-DB PFAL technique outperform with the percentage improvement of 65% for NOR gate and 7% for NAND gate and 34% for XNOR gate over the modified PFAL techniques at 10 MHz respectively.
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressionsVictor Morales
K8sGPT is a tool that analyzes and diagnoses Kubernetes clusters. This presentation was used to share the requirements and dependencies to deploy K8sGPT in a local environment.
International Conference on NLP, Artificial Intelligence, Machine Learning an...gerogepatton
International Conference on NLP, Artificial Intelligence, Machine Learning and Applications (NLAIM 2024) offers a premier global platform for exchanging insights and findings in the theory, methodology, and applications of NLP, Artificial Intelligence, Machine Learning, and their applications. The conference seeks substantial contributions across all key domains of NLP, Artificial Intelligence, Machine Learning, and their practical applications, aiming to foster both theoretical advancements and real-world implementations. With a focus on facilitating collaboration between researchers and practitioners from academia and industry, the conference serves as a nexus for sharing the latest developments in the field.
ACEP Magazine edition 4th launched on 05.06.2024Rahul
This document provides information about the third edition of the magazine "Sthapatya" published by the Association of Civil Engineers (Practicing) Aurangabad. It includes messages from current and past presidents of ACEP, memories and photos from past ACEP events, information on life time achievement awards given by ACEP, and a technical article on concrete maintenance, repairs and strengthening. The document highlights activities of ACEP and provides a technical educational article for members.
7. About HS
● Hidden services are the websites located inside
the Tor Networks, which receive inbound
connection only through Tor.
● They provide server anonymity in addition to
Tor-default client one.
● They protect the location of the server hosting
the service and provide encryption at every hop
from a client to the hidden service.
7
8. Set up
● HS chooses some relays as Introduction Point (IP) that
will be used to receive inbound connections from clients,
building simple tor circuits to them.
Server
DB
Client
Onion Proxy
8
9. Set up (cont’d)
● HS creates an hidden service descriptor containing its:
○ public key
○ Introduction Points
signed with its private key.
● It sends the descriptor to a directory (HSDir).
● An onion address xyz.onion, where xyz is first 80 bits of the
hashed (SHA1) public key, is generated and sent to HSDir.
9
10. Client connection
● Client queries the HSDir with the onion address, obtaining
HS descriptor.
● Chooses a Rendezvous Point (RP), builds a circuit to it
and communicates a one-time secret (auth cookie).
10
11. Client connection (2)
● Client establishes a connection to one of the IPs and sends it
an introduce message signed with HS public key containing:
○ RP address
○ One-time secret
11
12. Client connection (3)
● HS decrypts the message and builds a connection to the
RP providing the one-time secret
12
13. Client connection (4)
● RP verifies the one-time secret and notifies the eventual
success of connection to the client.
● Now client and service can communicate through the RP.
13
15. Types and Goals of Attacks
Active Passive Misconfiguration
Types
The adversary injects
malicious nodes in the tor
network and eventually
obtain the control of the
HS entry guard with the
possibility of disabling
benign relays
The adversary observes
traffic looking for
temporal and structural
identifying patterns
allowing him to discover
the relays involved in the
communication.
The administrator of the HS
injects unintentionally
identifying information in
either/both configuration
files or/and hidden service
content.
Goals
Deanonymize the hidden
service’s IP through
attacker controlled relays.
Deanonymize first the
clients involved in HS
communications and then
the specific HSs targeted
by these ones.
Deanonymize the owner
identity (identity leaks) or
the IP address of the hidden
server (location leaks).
15
16. References
● Misconfiguration Attacks
○ “CARONTE: Detecting Location Leaks for
Deanonymizing Tor Hidden Services” , Matic, et al., 2015
● Passive Attacks
○ “Circuit Fingerprinting Attacks: Passive Deanonymization
of Tor Hidden Services” , Kwon, et al., 2015
○ “POSTER: Fingerprinting Tor Hidden Services” , Mitseva,
et al., 2016
● Active Attacks
○ “Protocol-level Hidden Server Discovery” , Ling et al.,
2013
○ “The Sniper Attack: Anonymously Deanonymizing and
Disabling the Tor Network” , Jansen et al., 2014
16
19. Protocol Level Attack
Attacker controls a client, a rendezvous point and some other relays
of the Tor network. Furthermore, it has a central server where its
nodes store relevant events of the connection.
General idea:
Since only entry nodes of the server knows its location (IP address) the
attacker consists in trying several attempts of connections to the HS
until this chooses an entry guard controlled by the attacker.
Desired scenario:
“Protocol-level Hidden Server Discovery” , Ling et al., 2013
19
20. Attack phases
● Phase 1
client continues to create circuits to the HS until one of
attacker’s entry nodes sees a particular combination of cells.
● Phase 2
The attacker starts a testing phase on the previous entry
point to understand if it is the actual entry guard of the HS,
manipulating a cell in the Rendezvous Point.
● Phase 3
He concludes the test checking temporal correlation of
events triggered by his nodes.
If the presumably identified entry router is chosen by the
hidden server, he can locate it accordingly.
20
21. Phase 1
● The client continues to
establish new connections with
HS and recording every kind of
cell in the central server.
● It repeats this loop until one of
its entry point sees the
following combination of cells
However…
This doesn’t imply that our entry
point was chosen by THAT
particular HS, but just by some HS.
21
22. Phase 2
● In this phase the attacker want to be sure its relay is chosen
as HS entry guard.
● When the client is about to establish the conversation with the
server, it automatically sends a begin cell.
● The RP without even decrypting, it modifies 1 bit of the cell so
that the server will not understand its content. Note that it
works because the integrity check is performed ONLY at HS.
● The above triggers a destroy cell to be sent back to the client
to tear down the complete circuit.
● Every attackers relay is waiting for this cell and, if it arrives,
reports it to the central server (including the timestamp)
22
24. Phase 3
● The central server check the following
○ Both RP and entry node trigger a Destroy event
○ Timeliness of them is consistent: given Tb the timing of
the begin cell and Te the timing of the destroy cell at RP
and Td the timing of the destroy cell at entry point. If
Tb < Td < Te
timing of event is consistent
● This implies the attacker controls an HS entry guard so…
he is directly connected with the server
and consequently it knows its location
24
25. Sniper Attack
It is based on a DoS attack towards HS critical Tor relays. Attacker controls just
a client and at least one relay (GA).
General idea:
The attacker wants GA to be chosen as HS entry guard in order to identify the
server location (as in the previous attack). To do that he needs first to disable
ALL the HS entry guards until GA is chosen to be one of them.
So keeps building a normal Tor connection to the HS until GA is directly
connected to HS entry guard. At this point the attacker disables it performing a
Sniper Attack. When GA becomes the HS entry guard it knows the HS location.
“The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network” , Jansen
et al., 2014
25
26. Phase 1: Identify guards
● Adversary keeps building Tor circuits to the HS until GA is directly
connected to HS entry guard. For these circuits, the adversary can
directly observe the guards’ identities.
● To understand he is in this situation, he perform a simple
request/response with the server. This implies RP sends a pattern
of 50 PADDING cells to HS followed by a DESTROY cell.
● If GA observes a pattern of 2 cells (used to build the circuit) on a
rendezvous circuit FROM a hidden service and 52 cells on the same
circuit TO the hidden service (50 + 2 to build the circuit), followed
by a DESTROY cell shortly after one is sent by the rendezvous, it
concludes that GA is directly connected a guard of H.
26
27. Phase 2: Disable guards
● Once HS’s guards have been identified, the adversary builds a
custom circuits by selecting targets as circuit entries and uses
Sniper Attack to kill them.
● This can be done by repeatedly sending SENDMEs cells and
blocking reading of packets in node GA.
27
28. Phase 3: Test for Guard Selection
● By repeating Sniper attack many times, the attacker eventually
ends up in making the HS choose its relay GA as an entry guard.
● To determine if his guard GA was selected by HS, he uses
techniques very similar to those used to identify guards in Phase 1.
● Since now the attacker controls an HS entry guard…
he is directly connected with the server
and consequently it knows its location
28
30. “
Goal:
“Deanonymize the clients involved in HS
communications and then the specific HSs
addressed by these firsts, exploiting circuit
and traffic fingerprinting techniques”.
30
31. Circuit Fingerprinting Attack
General idea:
Since each circuit has unique
structural and temporal
characteristics, attacker can
look at Tor traffic and classify
observed circuits, looking at
those particular characteristics.
Once client-HS circuits are
identified, Web Site
Fingerprinting techniques
employing traffic characteristics
are used to identify the receiver
HS that is so deanonymized.
“Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services” ,
Kwon, et al., 2015
Attacker uses traffic fingerprinting techniques to identify Tor circuits,
so he can determine the user's’ involvement with hidden services.
31
32. Attack phases
● Phase 1: Circuit Fingerprinting Attack
Client-HS connection employs different circuits: HS-IP,
Client-IP, HS-RP and Client-RP. The aim of this phase is
classify these different circuits with fingerprint techniques.
● Phase 2: Website fingerprinting (WF) Attack
Attacker can perform website fingerprinting (WF) attacks
to deanonymize the hidden service clients and servers with
the information of the phase 1.
32
33. Phase 1: Circuit Fingerprinting Attack
● We can distinguish 4 circuits:
○ HS - Introduction Point
○ Client - Introduction Point
○ Client - Rendezvous Point
○ HS - Rendezvous Point
33
34. Phase 1: observations
● Streams for different HS for the same client are not multiplexed in
the same circuit (i.e. single RP/entry points is exploited for each)
● General circuits have different structure with respect to HS circuits
(i.e. they do not employ RP and IP) and so different construction
patterns, especially for client-RP circuits
● HS-IP circuits are long-lived (they need to stay up to accept
incoming connection from clients), conversely from client-IP
(short-lived) and general circuits (small duration on average)
● Incoming-Outgoing cells patterns, useful in identifying:
○ Client-IP (3 out + >3 in) and HS-IP circuits (>3 out = >3 in)
○ HS-RP (out >> in) because they serve content, conversely to
client-RP (in >> out) sending small request and getting content
34
35. Phase 1: features and algorithms
● From the previous observation, we can derive the features:
○ Duration of activity: the time circuits are up
○ The number of incoming and outgoing cells
○ Circuit construction sequences toward the RP
● Tree-based and k-NN classifiers are used for circuit classification
35
36. Phase 2: Website Fingerprinting Attack
● Hidden service deanonymization through website fingerprinting
using as features:
○ General traffic features as transmission size and time and
number of incoming and outgoing cells in the transmission
○ Packet ordering, so the location of each outgoing cell
○ Bursts, so the number of consecutive cells of the same type
both for incoming/outgoing traffic
and performing WF in both
○ open world (i.e. looking at ALL the possible HSs) and
○ closed world (i.e. restricting the list to plausible HSs) settings.
Conclusion:
through website fingerprinting, the contacted HS is identified.
36
37. Circuit fingerprinting attack: problem
● Streams for different HS for the same client are not multiplexed in
the same circuit (i.e. single RP/entry points is exploited for each)
● General circuits have different structure with respect to HS circuits
(i.e. they do not employ RP and IP) and so different construction
patterns, especially for client-RP circuits
● HS-IP circuits are long-lived (they need to stay up to accept
incoming connection from clients), conversely from client-IP
(short-lived) and general circuits (small duration on average)
● Incoming-Outgoing cells patterns, useful in identifying:
○ Client-IP (3 out + >3 in) and HS-IP circuits (>3 out = >3 in)
○ HS-RP (out >> in) because they serve content, conversely to
client-RP (in >> out) sending small request and getting content
37
38. Circuit fingerprinting attack: problem (cont’d)
● Streams for different HS for the same client are not multiplexed in
the same circuit (i.e. single RP/entry points is exploited for each)
● General circuits have different structure with respect to HS circuits
(i.e. they do not employ RP and IP) and so different construction
patterns, especially for client-RP circuits
● HS-IP circuits are long-lived (they need to stay up to accept
incoming connection from clients), conversely from client-IP
(short-lived) and general circuits (small duration on average)
● Incoming-Outgoing cells patterns, useful in identifying:
○ Client-IP (3 out + >3 in) and HS-IP circuits (>3 out = >3 in)
○ HS-RP (out >> in) because they serve content, conversely to
client-RP (in >> out) sending small request and getting content
38
No longer true!!
39. POSTER Fingerprinting
● Try to detect an HS communication with circuit fingerprints (FPs):
this exploits the fact that an HS connection leaks the information
that multiple entry nodes are used
● FPs are computed based on statistics computed on:
○ the number of entry nodes
○ chronological sequence of incoming/outgoing cells.
The more the fingerprints, the higher the classification capabilities
● An SVM-based classifier is trained with a 10-fold cross-validation
scheme to detect:
○ Unknown HS (open-world), if all the 8 FPs are used
○ Known HS (closed-world), if just one FP is user
with high recall and precision (greater than 95%).
“POSTER: Fingerprinting Tor Hidden Services” , Mitseva, et al., 2016
39
42. Caronte
Caronte is an automated tool based on finding location leaks.
The input is the onion address(es) of the interested hidden service(s).
General idea:
Leak are discovered in the content or configuration of a hidden
service finding some candidate identity (e.g., phone numbers
embedded in a page) or candidate Internet endpoint (e.g., an IP
address or DNS domain in an error page).
Then, candidates are validated looking if the IP and the onion
address lead to the same service.
Location leaks: information in the content or configuration of a
hidden service that gives away its location. Location leaks are
introduced by the hidden service administrators and cannot be
centrally fixed by the Tor project.
“CARONTE: Detecting Location Leaks for Deanonymizing Tor Hidden Services ,
Matic, et al., 2015
42
44. Phase 1: Exploration
● Caronte visits:
○ root page of HS
○ all HTML resources in root page (/xyz)
○ a random resource to trigger an error page that may leak
information placed there by the administrator.
● For each previous URL, Caronte visits and stores:
○ both with HTTP and HTTPS (to get its certificate)
○ with two Host header values (the onion address and a
random onion address).
An hosting server can contain more than one public service besides
the hidden one. Requesting a random address may push the server
to return the default (public) site leaking information.
44
45. Phase 2: Candidate selection
The next step is to extract a list of candidates for each onion URL:
● Internet endpoints
Pages may contain URLs, email and IP addresses. If URLs contain
very popular DNS domains (checked in a public list of popular
domains), they are discarded, otherwise they are kept.
● Unique strings
These are:
○ Identifiers i.e. Google Analytics and AdSense id, Bitcoin wallets
○ Titles of pages, often distinctive
They are looked up in search engines to return Internet sites
where they have observed, to date back their DNS domains and
to use them as candidate, if they are not popular.
45
46. Phase 2: Candidate selection (cont’d)
● HTTPS certificates
Caronte extracts from certificates:
○ Subject’s Common Name (SCN) and Subject’s Alternative
Name (SAN) that contain IP addresses and/or DNS domains.
○ SHA1 of DER format certificate and then searches it in
SONAR database (that keeps certificates seen on the
Internet) to retrieve the IPs that have used them.
○ the public key and searches in SONAR certificates containing
the same key and repeats the same process of above.
Additionally it searches in SONAR for any certificate whose SCN
or SAN contains an onion address.
● The output is a set of candidate pair <onion address, endpoint>.
46
47. Phase 3: Validation
● For every pair <onion address,
endpoint> it checks similarities
between the candidate and
one of the hidden service
page.
● If the similarity is high then the
candidate is actually a DNS
domain or IP address of the
hidden service. Default error
pages or recurrent ones are
excluded from this check.
● Validation is divided in two
steps and 7 checks:
○ Server similarity
○ Body similarity
47
48. Intentional Similarities
Leaks can be intentional.
Example: Facebook wants to make its hidden service public.
How can we check intentional similarities?
There are three methods:
● Onion address is compared with the endpoint. If their
longest common substring is larger or equal to 4 it means
that the onion address was obtained by brute forcing the
first 80 bits SHA1 in the generation process.
Example: www.facebook.com & facebookcorewwwi.onion
● Check if the endpoint contains the onion address of the HS
● Check if titles of HS pages embeds the internet endpoint.
48
49. Thanks!
ANY QUESTIONS?
49
You can find us on LinkedIn:
Andrea Bissoli: https://www.linkedin.com/in/andrea-bissoli-537768116/
Fabrizio Farinacci: https://www.linkedin.com/in/fabrizio-farinacci-496679116/
Andrea Prosseda: https://www.linkedin.com/in/andrea-prosseda-2b8651116/
Sara Veterini:
https://www.linkedin.com/in/sara-veterini-667684116/