On Flow Correlation Attacks and Countermeasures in Mix Networks

  • Ye Zhu
  • Xinwen Fu
  • Bryan Graham
  • Riccardo Bettati
  • Wei Zhao
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3424)


In this paper, we address issues related to flow correlation attacks and the corresponding countermeasures in mix networks. Mixes have been used in many anonymous communication systems and are supposed to provide countermeasures that can defeat various traffic analysis attacks. In this paper, we focus on a particular class of traffic analysis attack, flow correlation attacks, by which an adversary attempts to analyze the network traffic and correlate the traffic of a flow over an input link at a mix with that over an output link of the same mix. Two classes of correlation methods are considered, namely time-domain methods and frequency-domain methods. Based on our threat model and known strategies in existing mix networks, we perform extensive experiments to analyze the performance of mixes. We find that a mix with any known batching strategy may fail against flow correlation attacks in the sense that for a given flow over an input link, the adversary can correctly determine which output link is used by the same flow. We also investigated methods that can effectively counter the flow correlation attack and other timing attacks. The empirical results provided in this paper give an indication to designers of Mix networks about appropriate configurations and alternative mechanisms to be used to counter flow correlation attacks.


Mutual Information Output Link Pattern Vector Analysis Attack Input Link 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Song, D.X., Wagner, D., Tian, X.: Timing analysis of keystrokes and timing attacks on ssh. In: Proceedings of 10th USENIX Security Symposium (2001)Google Scholar
  2. 2.
    Sun, Q., Simon, D.R., Wang, Y., Russell, W., Padmanabhan, V.N., Qiu, L.: Statistical identification of encrypted web browsing traffic. In: Proceedings of IEEE Symposium on Security and Privacy (2002)Google Scholar
  3. 3.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 4 (1981)Google Scholar
  4. 4.
    Helsingius, J.: Press release: Johan helsingius closes his internet remailer (1996),
  5. 5.
    Parekh, S.: Prospects for remailers - where is anonymity heading on the internet (1996),
  6. 6.
    Gülcü, C., Tsudik, G.: Mixing E-mail with Babel. In: Proceedings of the Network and Distributed Security Symposium (NDSS), pp. 2–16. IEEE, Los Alamitos (1996)CrossRefGoogle Scholar
  7. 7.
    Möller, U., Cottrell, L.: Mixmaster Protocol — Version 2 (2000),
  8. 8.
    Serjantov, A., Dingledine, R., Syverson, P.: From a trickle to a flood: active attacks on several mix types. In: Proceedings of Information Hiding Workshop (2002)Google Scholar
  9. 9.
    Danezis, G., Dingledine, R., Mathewson, N.: Mixminion: Design of a Type III Anonymous Remailer Protocol. In: Proceedings of the 2003 IEEE Symposium on Security and Privacy (2003)Google Scholar
  10. 10.
    Back, A., Möller, U., Stiglic, A.: Traffic analysis attacks and trade-offs in anonymity providing systems. In: Proceedings of Information Hiding Workshop (2001)Google Scholar
  11. 11.
    Berthold, O., Langos, H.: Dummy traffic against long term intersection attacks. In: Proceedings of Privacy Enhancing Technologies workshop (PET 2002) (2002)Google Scholar
  12. 12.
    Berthold, O., Pfitzmann, A., Standtke, R.: The disadvantages of free MIX routes and how to overcome them. In: Proceedings of Designing Privacy Enhancing Technologies: Workshop on Design Issues in Anonymity and Unobservability (2000)Google Scholar
  13. 13.
    Mitomo, M., Kurosawa, K.: Attack for Flash MIX. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, p. 192. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  14. 14.
    Raymond, J.: Traffic analysis: Protocols, attacks, design issues and open problems. In: Proceedings of Designing Privacy Enhancing Technologies: Workshop on Design Issues in Anonymity and Unobservability (2001)Google Scholar
  15. 15.
    Syverson, P.F., Goldschlag, D.M., Reed, M.G.: Anonymous connections and onion routing. In: Proceedings of IEEE Symposium on Security and Privacy, Oakland, California, pp. 44–54 (1997)Google Scholar
  16. 16.
    Boucher, P., Shostack, A., Goldberg, I.: Freedom systems 2.0 architecture (2000)Google Scholar
  17. 17.
    Reiter, M., Rubin, A.: Crowds: Anonymity for web transactions. ACM Transactions on Information and System Security 1 (1998)Google Scholar
  18. 18.
    Freedman, M.J., Morris, R.: Tarzan: A peer-to-peer anonymizing network layer. In: Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS), Washington, DC (2002)Google Scholar
  19. 19.
    Sherwood, R., Bhattacharjee, B., Srinivasan, A.: p5: A protocol for scalable anonymous communication. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy (2002)Google Scholar
  20. 20.
    Serjantov, A., Sewell, P.: Passive attack analysis for connection-based anonymity systems. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 116–131. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  21. 21.
    Zhu, Y., Fu, X., Graham, B., Bettati, R., Zhao, W.: Correlation attacks in a mix network. Texas A&M University Computer Science Technical Report TR2003-8-9 (2003)Google Scholar
  22. 22.
    Fu, X., Graham, B., Xuan, D., Bettati, R., Zhao, W.: Analytical and empirical analysis of countermeasures to traffic analysis attacks. In: Proceedings of International Conference on Parallel Processing (ICPP) (2003)Google Scholar
  23. 23.
    Howard, J.D.: An analysis of security incidents on the internet 1989 - 1995. Technical report, Carnegie Mellon University Dissertation (1997)Google Scholar
  24. 24.
    F.B.I: Carnivore diagnostic tool (2003),
  25. 25.
    Walton, G.: China’s golden shield: Corporations and the development of surveillance technology in china (2003),
  26. 26.
    Achives, O.R.D.: Link padding and the intersection attack (2002),
  27. 27. tcpdump (2003),
  28. 28. Netflow services solutions guide (2003),
  29. 29.
    Moddemeijer, R.: On estimation of entropy and mutual information of continuous distributions. Signal Processing 16, 233–246 (1989)CrossRefMathSciNetGoogle Scholar
  30. 30.
    MathWorks: Documentation for mathworks products (release 13) (2003),
  31. 31.
    TimeSys: Timesys linux docs (2003),
  32. 32. Netfilter (2003),
  33. 33.
    Rennhard, M., Rafaeli, S., Mathy, L., Plattner, B., Hutchison, D.: Analysis of an anonymity network for web browsing. In: Proceedings of Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE) (2002)Google Scholar
  34. 34.
    Guan, Y., Fu, X., Xuan, D., Shenoy, P.U., Bettati, R., Zhao, W.: Netcamo: Camouflaging network traffic for qos-guaranteed critical allplications. IEEE Transactions on Systems, Man, and Cybernetics Part A: Systems and Humans, Special Issue on Information Assurance 31, 253–265 (2001)CrossRefGoogle Scholar
  35. 35.
    Fu, X., Graham, B., Bettati, R., Zhao, W.: On effectiveness of link padding for statistical traffic analysis attacks. In: Proceedings of the 23rd IEEE International Conference on Distributed Computing Systems (ICDCS 2003) (2003)Google Scholar
  36. 36.
    Padhye, J., Firoiu, V., Towsley, D., Krusoe, J.: Modeling TCP throughput: A simple model and its empirical validation. In: Proceedings of ACM SIGCOMM Special Interest Group on Data Communications (SIGCOMM) (1998)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Ye Zhu
    • 1
  • Xinwen Fu
    • 1
  • Bryan Graham
    • 1
  • Riccardo Bettati
    • 1
  • Wei Zhao
    • 1
  1. 1.Department of Computer ScienceTexas A&M UniversityCollege StationUSA

Personalised recommendations