SlideShare a Scribd company logo

Michael Freyberger Sophomore Independent Work

Download as PPT, PDF
Michael Freyberger
Michael Freyberger

This document summarizes research on traffic analysis attacks against anonymity networks and proposed countermeasures. It first provides background on anonymity networks and how traffic analysis can be used to deanonymize users. It then summarizes previous research that used machine learning to classify users' web activity based on packet metadata with over 45% accuracy. The document proposes novel countermeasures that add dummy packets and randomize burst lengths to pad traffic and decrease classification accuracy. Evaluation shows the byte-level fixed burst length countermeasure reduces accuracy to 1.3% but incurs very high overhead, while other approaches provide a better accuracy-overhead tradeoff.

Engineering
1 of 35
Website Traffic Analysis Michael Freyberger and Michael Chang ELE 298 Advisor: Professor Prateek Mittal Princeton University | Electrical Engineering | Class of 2016
Motivation • Anonymity networks are becoming increasingly important • Free network access in oppressed countries is desirable • Prevent marketers from tracking web activity • Current anonymity networks are vulnerable
Basic Communication Client Server
Characteristics of Communication • Information can be readily encrypted • Data transfer is broken down into packets • Packets have a direction and length • Packets have a maximum length called the Maximum Transmission Unit (MTU) • A typical size for the MTU is 1500 bytes 148 1500100 516 660 580 Client Request to Server Server Sends Data to Client
Scenario 1: Possible Attack Client Server Attacker Encrypted Traffic
Scenario 2: Possible Attack with Proxies Client Node 1 Node 3 Node 2 Server Attacker
Current Secure Systems • Cryptographic Security • SSL • HTTPS • Onion Routing Systems • Tor • JonDonym www.torproject.org
Tor Project • 2 Million Users • Pads all data cell units to 512 bytes • Randomly generates 3 proxies www.torproject.org
Traffic Analysis Attacks • Single Attacker • Exploit metadata of the communication • Total Number of Bytes • Packet Lengths and Direction • Packet Bursts Attacker www.torproject.org
Panchenko et al. [1] • Combined packet and burst level approach • Support Vector Machine • Many features utilized, but primary ones: • Total Transmitted Bytes • Number of packets per burst • Count of each packet size • Percentage incoming packets • Achieved accuracy of 47.36% on closed world data set
Cai et al. [2] • Damareau-Levenshtein Edit Distances • Considers natural re-ordering of the packets during information exchange • Features considered • Packet Sizes • Direction of Packets • Classification using SVM (support vector machines)
Dyer et al.[3] • Coarse features contain a lot of information • Total Time • Total Bandwidth • Bursts • Coarse features are difficult to hide • BufLo • High Overhead
Recreating Tests and Running our own • Recreating Cai’s Classifier • Potential Improvements • Damereau-Levenshtein Distance transformation penalties • Burst-level calculations • Recreating Dyer’s Data set • Successful • Data Set Setting retrieved from Tor Nodes • 8510 websites collected at a rate of 85/hour • Linux client machine • Browser: Firefox 2.0
Accuracy and Overhead Calculations •  
Previously Explored Countermeasures • Packet Padding Level Padding • Pad to MTU • Random Padding • Exponential Padding • Sending Dummy Packets • BuFLO - Send fixed length packets at fixed time intervals
Pad to MTU Overhead: 41.7% Overhead: 41% 148 100 516 1500 1500 No Countermeasure: Countermeasure Applied: 1500
Session Random 255 Overhead: 6.5% Overhead: 6.6% 148 100 516 236 604 No Countermeasure: Countermeasure Applied: 188 Parameters: P = 88
Exponential Padding Overhead: 16.5% Overhead: 16.2% 148 100 516 256 1024 No Countermeasure: Countermeasure Applied: 128
Packet Level Countermeasures •Ineffective – cannot decrease accuracy when classification uses top performing classifiers •High Overhead – Cannot decrease accuracy even with maximal overhead •Solution: Must apply countermeasures at the burst level
Novel Countermeasures • Burst Level Padding – strategically placed Dummy Packets • Burst Level Padding in addition to Packet Level Padding • Random Burst Level Padding • Bursts defined by number of packets or number of bytes • Sending Dummy Packets in one direction – Client to Server
Communication Legend Encrypted Packet from Client to Server Encrypted Packet from Server to Client Encrypted Burst of Packets from Server to Client. Burst Length defined by number of packets in the Burst. Encrypted Burst of Packets from Server to Client. Burst Length defined by number of bytes in the Burst.
Burst Fixed Max Length of 6 Packets Overhead: 2.9% Overhead: 2.9% 148 100 14516 148 6516 638 No Countermeasure: Countermeasure Applied: 100 484 6 638 2 484
Burst Max Length of 6 Packets with Session Random Packet Level Padding Overhead: 9.5% Overhead: 9.4% 148 100 12516 236 6604 638 No Countermeasure: Countermeasure Applied: 188 484 6 572 Parameters: P = 88
Burst Session Random Fixed Max Length Overhead: 11.1% Overhead: 11% 148 100 12516 236 7604 638 No Countermeasure: Countermeasure Applied: 188 484 5 572 Parameters: P = 88 M = 7
Burst Fixed Max Length Advantages Disadvantages •Low Overhead •Effectively mask the bursts when randomness is added •Decreases accuracy of VGN++ from 20.3% •Ineffective without packet level padding as well •Does not increase effectiveness of Session Random 255 with Panchenko classifier
Fixed Burst Lengths at Packet Level Overhead: 113.1% Overhead: 111.8% 148 100 9516 276 5 5644 638 5 No Countermeasure: Countermeasure Applied: Parameters: P = 128 B = 5
148 Fixed Burst Lengths at Byte Level 100 14674516 292 9118 9118660 638 9118 Overhead: 137% Overhead: 138.1% No Countermeasure: Countermeasure Applied: Parameters: P = 144 G = 9118
Burst Fixed Length Advantages Disadvantages •Both implementations achieve low accuracy against VNG++ •Packet level implementation achieves low accuracy against Panchenko •High Byte Overhead– takes more than twice as long for a web page to download •Potential for high latency overhead
Client to Server Dummy Packets Overhead: 37.2% Overhead: 37.6% 148 100 6516 206 4596 712 2 No Countermeasure: Countermeasure Applied: Parameters: P = 80 B = 4 C = 3 100 516 968
Client to Server Dummy Packets Advantages Disadvantages •Low byte level overhead •Possibly take advantage of asymmetric bandwidth •Cannot achieve accuracy results as strong as Server to Client Dummy Packets •Potential for high latency overhead
Summary: Accuracy vs. Overhead Tradeoff Fixed Burst Lengths at Byte Level Fixed Burst Lengths at Packet Level Burst Session Random Fixed Max Length
Conclusion • Introduced Strategic Dummy Packet Placement– Burst Level Padding • Decrease accuracy of most effective countermeasure, Session Random 255, from 16.6% to 6.4% with Burst Fixed Max Length • Slight overhead increase from 6.6% to 11.1% • Decrease accuracy of most effective countermeasure, Session Random 255, from 16.6% to 1.3% with Fixed Burst Lengths at Byte Level • Large overhead increase from 6.6% to 137%
Opportunities for Future Research • Common Characteristics of a Trace: Application of countermeasure on select parts of trace • Taking advantage of “anatomy of a trace” • Taking advantage of User Habits: Eliminating “open-world concerns” and increasing false positives
Acknowledgements • Our advisor, Professor Prateek Mittal • Kevin Dyer, for access to his code base and support in experiment recreations • Xiang Cai, for access to his code base and support in experiment recreations
Citations [1] Andriy Panchenko, Lukas Niessen, Andreas Zinnen, and Thomas Engel. Website Fingerprinting in Onion Routing based Anonymization Networks. In Proceedings of the Workshop on Privacy in the Electronic Society, pages 103–114, October 2011. [2] Xiang Cai, Xincheng Zhang, Brijesh Joshi, and Rob Johnson. Touching from a distance: website fingerprinting attacks and defenses. In ACM CCS, 2012 [3] Kevin P. Dyer, Scott E. Coull, Thomas Ristenpart, and Thomas Shrimpton. Peek-a-boo, i still see you: Why e fficient traff c analysis countermeasures fail. In Proceedings of the 33rd Annual IEEE Symposium on Security and Privacy, 2012.

Recommended

Packet Loss Distributions of TCP using Web100
Packet Loss Distributions of TCP using Web100Packet Loss Distributions of TCP using Web100
Packet Loss Distributions of TCP using Web100Zoriel Salado
 
Encrypted traffic malware detection twiml
Encrypted traffic malware detection twimlEncrypted traffic malware detection twiml
Encrypted traffic malware detection twimlmadhucharis
 
ITMSS March 4th NTP DDoS
ITMSS March 4th NTP DDoSITMSS March 4th NTP DDoS
ITMSS March 4th NTP DDoSTony Anastasio
 
Link Capacity Estimation in SDN-based End-hosts
Link Capacity Estimation in SDN-based End-hostsLink Capacity Estimation in SDN-based End-hosts
Link Capacity Estimation in SDN-based End-hostsFarzaneh Pakzad
 
Tunneling vpn security and implementation
Tunneling vpn security and implementationTunneling vpn security and implementation
Tunneling vpn security and implementationMohibullah Saail
 
1766 1770
1766 17701766 1770
1766 1770Editor IJARCET
 
Evaluation of mininet WiFi integration via ns-3
Evaluation of mininet WiFi integration via ns-3Evaluation of mininet WiFi integration via ns-3
Evaluation of mininet WiFi integration via ns-3Farzaneh Pakzad
 
Network tunneling techniques
Network tunneling techniquesNetwork tunneling techniques
Network tunneling techniquesinbroker
 

Recommended

Packet Loss Distributions of TCP using Web100
Packet Loss Distributions of TCP using Web100Packet Loss Distributions of TCP using Web100
Packet Loss Distributions of TCP using Web100Zoriel Salado
 
Encrypted traffic malware detection twiml
Encrypted traffic malware detection twimlEncrypted traffic malware detection twiml
Encrypted traffic malware detection twimlmadhucharis
 
ITMSS March 4th NTP DDoS
ITMSS March 4th NTP DDoSITMSS March 4th NTP DDoS
ITMSS March 4th NTP DDoSTony Anastasio
 
Link Capacity Estimation in SDN-based End-hosts
Link Capacity Estimation in SDN-based End-hostsLink Capacity Estimation in SDN-based End-hosts
Link Capacity Estimation in SDN-based End-hostsFarzaneh Pakzad
 
Tunneling vpn security and implementation
Tunneling vpn security and implementationTunneling vpn security and implementation
Tunneling vpn security and implementationMohibullah Saail
 
1766 1770
1766 17701766 1770
1766 1770Editor IJARCET
 
Evaluation of mininet WiFi integration via ns-3
Evaluation of mininet WiFi integration via ns-3Evaluation of mininet WiFi integration via ns-3
Evaluation of mininet WiFi integration via ns-3Farzaneh Pakzad
 
Network tunneling techniques
Network tunneling techniquesNetwork tunneling techniques
Network tunneling techniquesinbroker
 
Meek and domain fronting public
Meek and domain fronting publicMeek and domain fronting public
Meek and domain fronting publicantitree
 
Network Traffic Anomaly Detection Through Bayes Net
Network Traffic Anomaly Detection Through Bayes NetNetwork Traffic Anomaly Detection Through Bayes Net
Network Traffic Anomaly Detection Through Bayes NetGyan Prakash
 
Lab 04
Lab 04Lab 04
Lab 04Om Thakkar
 
Ba25315321
Ba25315321Ba25315321
Ba25315321IJERA Editor
 
State of Transport Security in the E-Mail Ecosystem at Large
State of Transport Security in the E-Mail Ecosystem at LargeState of Transport Security in the E-Mail Ecosystem at Large
State of Transport Security in the E-Mail Ecosystem at LargeAaron Zauner
 
Pres_FORENSECURE
Pres_FORENSECUREPres_FORENSECURE
Pres_FORENSECURERobert Waziak Jr.
 
Type of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 exampleType of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 exampleHimani Singh
 
Empirically Characterizing the Buffer Behaviour of Real Devices
Empirically Characterizing the Buffer Behaviour of Real DevicesEmpirically Characterizing the Buffer Behaviour of Real Devices
Empirically Characterizing the Buffer Behaviour of Real DevicesJose Saldana
 
Group Communication Techniques in Overlay Networks
Group Communication Techniques in Overlay NetworksGroup Communication Techniques in Overlay Networks
Group Communication Techniques in Overlay NetworksKnut-Helge Vik
 
Capturing Network Traffic into Database
Capturing Network Traffic into Database Capturing Network Traffic into Database
Capturing Network Traffic into Database Tigran Tsaturyan
 
No need for Black Chambers: Testing TLS in the E-Mail Ecosystem at Large (hac...
No need for Black Chambers: Testing TLS in the E-Mail Ecosystem at Large (hac...No need for Black Chambers: Testing TLS in the E-Mail Ecosystem at Large (hac...
No need for Black Chambers: Testing TLS in the E-Mail Ecosystem at Large (hac...Aaron Zauner
 
Low Rate DDoS attack using Improved Robust Random Early Detection
Low Rate DDoS attack using Improved Robust Random Early DetectionLow Rate DDoS attack using Improved Robust Random Early Detection
Low Rate DDoS attack using Improved Robust Random Early DetectionShreeya Shah
 
Mail server
Mail serverMail server
Mail serverMd Parvez Hossain_1925102524
 
Lan network
Lan networkLan network
Lan networkMd Parvez Hossain_1925102524
 
DDoS Attack
DDoS AttackDDoS Attack
DDoS AttackGopi Krishnan S
 
Network Topology Ring
Network Topology Ring Network Topology Ring
Network Topology RingMd Parvez Hossain_1925102524
 
Mitm(man in the middle) ssl proxy attacks
Mitm(man in the middle) ssl proxy attacksMitm(man in the middle) ssl proxy attacks
Mitm(man in the middle) ssl proxy attacksJaeYeoul Ahn
 
Convert Wireshark PCAP Files to Sequence Diagrams
Convert Wireshark PCAP Files to Sequence DiagramsConvert Wireshark PCAP Files to Sequence Diagrams
Convert Wireshark PCAP Files to Sequence DiagramsEventHelix.com Inc.
 
Chapter02
Chapter02Chapter02
Chapter02Muhammad Ahad
 
Chapter02
Chapter02Chapter02
Chapter02Somrak Rungwanlapa
 
Network
NetworkNetwork
NetworkYnon Perek
 
Effective Service Mesh to turbocharge Cloud Resiliency
Effective Service Mesh to turbocharge Cloud ResiliencyEffective Service Mesh to turbocharge Cloud Resiliency
Effective Service Mesh to turbocharge Cloud ResiliencyLiang Gang Yu
 

More Related Content

What's hot

Meek and domain fronting public
Meek and domain fronting publicMeek and domain fronting public
Meek and domain fronting publicantitree
 
Network Traffic Anomaly Detection Through Bayes Net
Network Traffic Anomaly Detection Through Bayes NetNetwork Traffic Anomaly Detection Through Bayes Net
Network Traffic Anomaly Detection Through Bayes NetGyan Prakash
 
State of Transport Security in the E-Mail Ecosystem at Large
State of Transport Security in the E-Mail Ecosystem at LargeState of Transport Security in the E-Mail Ecosystem at Large
State of Transport Security in the E-Mail Ecosystem at LargeAaron Zauner
 
Type of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 exampleType of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 exampleHimani Singh
 
Empirically Characterizing the Buffer Behaviour of Real Devices
Empirically Characterizing the Buffer Behaviour of Real DevicesEmpirically Characterizing the Buffer Behaviour of Real Devices
Empirically Characterizing the Buffer Behaviour of Real DevicesJose Saldana
 
Group Communication Techniques in Overlay Networks
Group Communication Techniques in Overlay NetworksGroup Communication Techniques in Overlay Networks
Group Communication Techniques in Overlay NetworksKnut-Helge Vik
 
Capturing Network Traffic into Database
Capturing Network Traffic into Database Capturing Network Traffic into Database
Capturing Network Traffic into Database Tigran Tsaturyan
 
No need for Black Chambers: Testing TLS in the E-Mail Ecosystem at Large (hac...
No need for Black Chambers: Testing TLS in the E-Mail Ecosystem at Large (hac...No need for Black Chambers: Testing TLS in the E-Mail Ecosystem at Large (hac...
No need for Black Chambers: Testing TLS in the E-Mail Ecosystem at Large (hac...Aaron Zauner
 
Low Rate DDoS attack using Improved Robust Random Early Detection
Low Rate DDoS attack using Improved Robust Random Early DetectionLow Rate DDoS attack using Improved Robust Random Early Detection
Low Rate DDoS attack using Improved Robust Random Early DetectionShreeya Shah
 
Mitm(man in the middle) ssl proxy attacks
Mitm(man in the middle) ssl proxy attacksMitm(man in the middle) ssl proxy attacks
Mitm(man in the middle) ssl proxy attacksJaeYeoul Ahn
 
Convert Wireshark PCAP Files to Sequence Diagrams
Convert Wireshark PCAP Files to Sequence DiagramsConvert Wireshark PCAP Files to Sequence Diagrams
Convert Wireshark PCAP Files to Sequence DiagramsEventHelix.com Inc.
 

What's hot (18)

Meek and domain fronting public
Meek and domain fronting publicMeek and domain fronting public
Meek and domain fronting public
 
Network Traffic Anomaly Detection Through Bayes Net
Network Traffic Anomaly Detection Through Bayes NetNetwork Traffic Anomaly Detection Through Bayes Net
Network Traffic Anomaly Detection Through Bayes Net
 
Lab 04
Lab 04Lab 04
Lab 04
 
Ba25315321
Ba25315321Ba25315321
Ba25315321
 
State of Transport Security in the E-Mail Ecosystem at Large
State of Transport Security in the E-Mail Ecosystem at LargeState of Transport Security in the E-Mail Ecosystem at Large
State of Transport Security in the E-Mail Ecosystem at Large
 
Pres_FORENSECURE
Pres_FORENSECUREPres_FORENSECURE
Pres_FORENSECURE
 
Type of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 exampleType of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 example
 
Empirically Characterizing the Buffer Behaviour of Real Devices
Empirically Characterizing the Buffer Behaviour of Real DevicesEmpirically Characterizing the Buffer Behaviour of Real Devices
Empirically Characterizing the Buffer Behaviour of Real Devices
 
Group Communication Techniques in Overlay Networks
Group Communication Techniques in Overlay NetworksGroup Communication Techniques in Overlay Networks
Group Communication Techniques in Overlay Networks
 
Capturing Network Traffic into Database
Capturing Network Traffic into Database Capturing Network Traffic into Database
Capturing Network Traffic into Database
 
No need for Black Chambers: Testing TLS in the E-Mail Ecosystem at Large (hac...
No need for Black Chambers: Testing TLS in the E-Mail Ecosystem at Large (hac...No need for Black Chambers: Testing TLS in the E-Mail Ecosystem at Large (hac...
No need for Black Chambers: Testing TLS in the E-Mail Ecosystem at Large (hac...
 
Low Rate DDoS attack using Improved Robust Random Early Detection
Low Rate DDoS attack using Improved Robust Random Early DetectionLow Rate DDoS attack using Improved Robust Random Early Detection
Low Rate DDoS attack using Improved Robust Random Early Detection
 
Mail server
Mail serverMail server
Mail server
 
Lan network
Lan networkLan network
Lan network
 
DDoS Attack
DDoS AttackDDoS Attack
DDoS Attack
 
Network Topology Ring
Network Topology Ring Network Topology Ring
Network Topology Ring
 
Mitm(man in the middle) ssl proxy attacks
Mitm(man in the middle) ssl proxy attacksMitm(man in the middle) ssl proxy attacks
Mitm(man in the middle) ssl proxy attacks
 
Convert Wireshark PCAP Files to Sequence Diagrams
Convert Wireshark PCAP Files to Sequence DiagramsConvert Wireshark PCAP Files to Sequence Diagrams
Convert Wireshark PCAP Files to Sequence Diagrams
 

Similar to Michael Freyberger Sophomore Independent Work

Effective Service Mesh to turbocharge Cloud Resiliency
Effective Service Mesh to turbocharge Cloud ResiliencyEffective Service Mesh to turbocharge Cloud Resiliency
Effective Service Mesh to turbocharge Cloud ResiliencyLiang Gang Yu
 
Deceptive Speed: How to Fix Fast, Unstable Wi-Fi
Deceptive Speed: How to Fix Fast, Unstable Wi-FiDeceptive Speed: How to Fix Fast, Unstable Wi-Fi
Deceptive Speed: How to Fix Fast, Unstable Wi-FiNETSCOUT
 
Enterprise campus networks
Enterprise campus networksEnterprise campus networks
Enterprise campus networksKishor Satpathy
 
2018 FRSecure CISSP Mentor Program- Session 7
2018 FRSecure CISSP Mentor Program- Session 72018 FRSecure CISSP Mentor Program- Session 7
2018 FRSecure CISSP Mentor Program- Session 7FRSecure
 
CN Module 5 part 2 2022.pdf
CN Module 5 part 2 2022.pdfCN Module 5 part 2 2022.pdf
CN Module 5 part 2 2022.pdfMayankRaj687571
 
network basics
network basicsnetwork basics
network basicsAvin Ash
 
8. TDM Mux_Demux.pdf
8. TDM Mux_Demux.pdf8. TDM Mux_Demux.pdf
8. TDM Mux_Demux.pdfTabrezahmed39
 
Globecom 2015: Adaptive Raptor Carousel for 802.11
Globecom 2015: Adaptive Raptor Carousel for 802.11Globecom 2015: Adaptive Raptor Carousel for 802.11
Globecom 2015: Adaptive Raptor Carousel for 802.11Andrew Nix
 
Presentazione-Prelaurea_Alessandro-Nuzzi.pptx
Presentazione-Prelaurea_Alessandro-Nuzzi.pptxPresentazione-Prelaurea_Alessandro-Nuzzi.pptx
Presentazione-Prelaurea_Alessandro-Nuzzi.pptxAlessandroNuzzi1
 
Presentazione Prelaurea - Alessandro Nuzzi.pdf
Presentazione Prelaurea - Alessandro Nuzzi.pdfPresentazione Prelaurea - Alessandro Nuzzi.pdf
Presentazione Prelaurea - Alessandro Nuzzi.pdfAlessandroNuzzi1
 
Kubernetes meetup: Networking for Microservices
Kubernetes meetup: Networking for MicroservicesKubernetes meetup: Networking for Microservices
Kubernetes meetup: Networking for MicroservicesSukhesh Halemane
 

Similar to Michael Freyberger Sophomore Independent Work (20)

Chapter02
Chapter02Chapter02
Chapter02
 
Chapter02
Chapter02Chapter02
Chapter02
 
Network
NetworkNetwork
Network
 
Effective Service Mesh to turbocharge Cloud Resiliency
Effective Service Mesh to turbocharge Cloud ResiliencyEffective Service Mesh to turbocharge Cloud Resiliency
Effective Service Mesh to turbocharge Cloud Resiliency
 
Deceptive Speed: How to Fix Fast, Unstable Wi-Fi
Deceptive Speed: How to Fix Fast, Unstable Wi-FiDeceptive Speed: How to Fix Fast, Unstable Wi-Fi
Deceptive Speed: How to Fix Fast, Unstable Wi-Fi
 
Enterprise campus networks
Enterprise campus networksEnterprise campus networks
Enterprise campus networks
 
2018 FRSecure CISSP Mentor Program- Session 7
2018 FRSecure CISSP Mentor Program- Session 72018 FRSecure CISSP Mentor Program- Session 7
2018 FRSecure CISSP Mentor Program- Session 7
 
Kafka at scale facebook israel
Kafka at scale facebook israelKafka at scale facebook israel
Kafka at scale facebook israel
 
Sky x technology
Sky x technologySky x technology
Sky x technology
 
CN Module 5 part 2 2022.pdf
CN Module 5 part 2 2022.pdfCN Module 5 part 2 2022.pdf
CN Module 5 part 2 2022.pdf
 
lecture04.ppt
lecture04.pptlecture04.ppt
lecture04.ppt
 
network basics
network basicsnetwork basics
network basics
 
8. TDM Mux_Demux.pdf
8. TDM Mux_Demux.pdf8. TDM Mux_Demux.pdf
8. TDM Mux_Demux.pdf
 
Transport layer services
Transport layer servicesTransport layer services
Transport layer services
 
WEEK-01.pdf
WEEK-01.pdfWEEK-01.pdf
WEEK-01.pdf
 
Globecom 2015: Adaptive Raptor Carousel for 802.11
Globecom 2015: Adaptive Raptor Carousel for 802.11Globecom 2015: Adaptive Raptor Carousel for 802.11
Globecom 2015: Adaptive Raptor Carousel for 802.11
 
Presentazione-Prelaurea_Alessandro-Nuzzi.pptx
Presentazione-Prelaurea_Alessandro-Nuzzi.pptxPresentazione-Prelaurea_Alessandro-Nuzzi.pptx
Presentazione-Prelaurea_Alessandro-Nuzzi.pptx
 
Presentazione Prelaurea - Alessandro Nuzzi.pdf
Presentazione Prelaurea - Alessandro Nuzzi.pdfPresentazione Prelaurea - Alessandro Nuzzi.pdf
Presentazione Prelaurea - Alessandro Nuzzi.pdf
 
Chapter04
Chapter04Chapter04
Chapter04
 
Kubernetes meetup: Networking for Microservices
Kubernetes meetup: Networking for MicroservicesKubernetes meetup: Networking for Microservices
Kubernetes meetup: Networking for Microservices
 

Recently uploaded

Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Suman Mia
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxwendy cai
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxupamatechverse
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxpranjaldaimarysona
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSSIVASHANKAR N
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...ranjana rawat
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations120cr0395
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝soniya singh
 
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptxthe ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptxhumanexperienceaaa
 

Recently uploaded (20)

Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptx
 
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
 
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptxthe ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
 

Michael Freyberger Sophomore Independent Work

  • 1. Website Traffic Analysis Michael Freyberger and Michael Chang ELE 298 Advisor: Professor Prateek Mittal Princeton University | Electrical Engineering | Class of 2016
  • 2. Motivation • Anonymity networks are becoming increasingly important • Free network access in oppressed countries is desirable • Prevent marketers from tracking web activity • Current anonymity networks are vulnerable
  • 4. Characteristics of Communication • Information can be readily encrypted • Data transfer is broken down into packets • Packets have a direction and length • Packets have a maximum length called the Maximum Transmission Unit (MTU) • A typical size for the MTU is 1500 bytes 148 1500100 516 660 580 Client Request to Server Server Sends Data to Client
  • 5. Scenario 1: Possible Attack Client Server Attacker Encrypted Traffic
  • 6. Scenario 2: Possible Attack with Proxies Client Node 1 Node 3 Node 2 Server Attacker
  • 7. Current Secure Systems • Cryptographic Security • SSL • HTTPS • Onion Routing Systems • Tor • JonDonym www.torproject.org
  • 8. Tor Project • 2 Million Users • Pads all data cell units to 512 bytes • Randomly generates 3 proxies www.torproject.org
  • 9. Traffic Analysis Attacks • Single Attacker • Exploit metadata of the communication • Total Number of Bytes • Packet Lengths and Direction • Packet Bursts Attacker www.torproject.org
  • 10. Panchenko et al. [1] • Combined packet and burst level approach • Support Vector Machine • Many features utilized, but primary ones: • Total Transmitted Bytes • Number of packets per burst • Count of each packet size • Percentage incoming packets • Achieved accuracy of 47.36% on closed world data set
  • 11. Cai et al. [2] • Damareau-Levenshtein Edit Distances • Considers natural re-ordering of the packets during information exchange • Features considered • Packet Sizes • Direction of Packets • Classification using SVM (support vector machines)
  • 12. Dyer et al.[3] • Coarse features contain a lot of information • Total Time • Total Bandwidth • Bursts • Coarse features are difficult to hide • BufLo • High Overhead
  • 13. Recreating Tests and Running our own • Recreating Cai’s Classifier • Potential Improvements • Damereau-Levenshtein Distance transformation penalties • Burst-level calculations • Recreating Dyer’s Data set • Successful • Data Set Setting retrieved from Tor Nodes • 8510 websites collected at a rate of 85/hour • Linux client machine • Browser: Firefox 2.0
  • 14. Accuracy and Overhead Calculations •  
  • 15. Previously Explored Countermeasures • Packet Padding Level Padding • Pad to MTU • Random Padding • Exponential Padding • Sending Dummy Packets • BuFLO - Send fixed length packets at fixed time intervals
  • 16. Pad to MTU Overhead: 41.7% Overhead: 41% 148 100 516 1500 1500 No Countermeasure: Countermeasure Applied: 1500
  • 17. Session Random 255 Overhead: 6.5% Overhead: 6.6% 148 100 516 236 604 No Countermeasure: Countermeasure Applied: 188 Parameters: P = 88
  • 18. Exponential Padding Overhead: 16.5% Overhead: 16.2% 148 100 516 256 1024 No Countermeasure: Countermeasure Applied: 128
  • 19. Packet Level Countermeasures •Ineffective – cannot decrease accuracy when classification uses top performing classifiers •High Overhead – Cannot decrease accuracy even with maximal overhead •Solution: Must apply countermeasures at the burst level
  • 20. Novel Countermeasures • Burst Level Padding – strategically placed Dummy Packets • Burst Level Padding in addition to Packet Level Padding • Random Burst Level Padding • Bursts defined by number of packets or number of bytes • Sending Dummy Packets in one direction – Client to Server
  • 21. Communication Legend Encrypted Packet from Client to Server Encrypted Packet from Server to Client Encrypted Burst of Packets from Server to Client. Burst Length defined by number of packets in the Burst. Encrypted Burst of Packets from Server to Client. Burst Length defined by number of bytes in the Burst.
  • 22. Burst Fixed Max Length of 6 Packets Overhead: 2.9% Overhead: 2.9% 148 100 14516 148 6516 638 No Countermeasure: Countermeasure Applied: 100 484 6 638 2 484
  • 23. Burst Max Length of 6 Packets with Session Random Packet Level Padding Overhead: 9.5% Overhead: 9.4% 148 100 12516 236 6604 638 No Countermeasure: Countermeasure Applied: 188 484 6 572 Parameters: P = 88
  • 24. Burst Session Random Fixed Max Length Overhead: 11.1% Overhead: 11% 148 100 12516 236 7604 638 No Countermeasure: Countermeasure Applied: 188 484 5 572 Parameters: P = 88 M = 7
  • 25. Burst Fixed Max Length Advantages Disadvantages •Low Overhead •Effectively mask the bursts when randomness is added •Decreases accuracy of VGN++ from 20.3% •Ineffective without packet level padding as well •Does not increase effectiveness of Session Random 255 with Panchenko classifier
  • 26. Fixed Burst Lengths at Packet Level Overhead: 113.1% Overhead: 111.8% 148 100 9516 276 5 5644 638 5 No Countermeasure: Countermeasure Applied: Parameters: P = 128 B = 5
  • 27. 148 Fixed Burst Lengths at Byte Level 100 14674516 292 9118 9118660 638 9118 Overhead: 137% Overhead: 138.1% No Countermeasure: Countermeasure Applied: Parameters: P = 144 G = 9118
  • 28. Burst Fixed Length Advantages Disadvantages •Both implementations achieve low accuracy against VNG++ •Packet level implementation achieves low accuracy against Panchenko •High Byte Overhead– takes more than twice as long for a web page to download •Potential for high latency overhead
  • 29. Client to Server Dummy Packets Overhead: 37.2% Overhead: 37.6% 148 100 6516 206 4596 712 2 No Countermeasure: Countermeasure Applied: Parameters: P = 80 B = 4 C = 3 100 516 968
  • 30. Client to Server Dummy Packets Advantages Disadvantages •Low byte level overhead •Possibly take advantage of asymmetric bandwidth •Cannot achieve accuracy results as strong as Server to Client Dummy Packets •Potential for high latency overhead
  • 31. Summary: Accuracy vs. Overhead Tradeoff Fixed Burst Lengths at Byte Level Fixed Burst Lengths at Packet Level Burst Session Random Fixed Max Length
  • 32. Conclusion • Introduced Strategic Dummy Packet Placement– Burst Level Padding • Decrease accuracy of most effective countermeasure, Session Random 255, from 16.6% to 6.4% with Burst Fixed Max Length • Slight overhead increase from 6.6% to 11.1% • Decrease accuracy of most effective countermeasure, Session Random 255, from 16.6% to 1.3% with Fixed Burst Lengths at Byte Level • Large overhead increase from 6.6% to 137%
  • 33. Opportunities for Future Research • Common Characteristics of a Trace: Application of countermeasure on select parts of trace • Taking advantage of “anatomy of a trace” • Taking advantage of User Habits: Eliminating “open-world concerns” and increasing false positives
  • 34. Acknowledgements • Our advisor, Professor Prateek Mittal • Kevin Dyer, for access to his code base and support in experiment recreations • Xiang Cai, for access to his code base and support in experiment recreations
  • 35. Citations [1] Andriy Panchenko, Lukas Niessen, Andreas Zinnen, and Thomas Engel. Website Fingerprinting in Onion Routing based Anonymization Networks. In Proceedings of the Workshop on Privacy in the Electronic Society, pages 103–114, October 2011. [2] Xiang Cai, Xincheng Zhang, Brijesh Joshi, and Rob Johnson. Touching from a distance: website fingerprinting attacks and defenses. In ACM CCS, 2012 [3] Kevin P. Dyer, Scott E. Coull, Thomas Ristenpart, and Thomas Shrimpton. Peek-a-boo, i still see you: Why e fficient traff c analysis countermeasures fail. In Proceedings of the 33rd Annual IEEE Symposium on Security and Privacy, 2012.