Unmixing Mix Traffic

  • Ye Zhu
  • Riccardo Bettati
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3856)


We apply blind source separation techniques from statistical signal processing to separate the traffic in a mix network. Our experiments show that this attack is effective and scalable. By combining the flow separation method and frequency spectrum matching method, a passive attacker can get the traffic map of the mix network. We use a non-trivial network to show that the combined attack works. The experiments also show that multicast traffic can be dangerous for anonymity networks.


Independent Component Analysis Blind Source Separation Frequency Match Correlation Attack Anonymous Communication 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 4 (February 1981)Google Scholar
  2. 2.
    Levine, B.N., Reiter, M.K., Wang, C.-X., Wright, M.: Timing attacks in low-latency mix-based systems. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 251–265. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. 3.
    Jutten, C., Herault, J.: Blind separation of sources, part 1: an adaptive algorithm based on neuromimetic architecture. Signal Process 24(1), 1–10 (1991)CrossRefMATHGoogle Scholar
  4. 4.
    Zhu, Y., Fu, X., Graham, B., Bettati, R., Zhao, W.: On flow correlation attacks and countermeasures in mix networks. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 207–225. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: Proceedings of the 13th USENIX Security Symposium (August 2004)Google Scholar
  6. 6.
    Serjantov, A., Dingledine, R., Syverson, P.: From a trickle to a flood: Active attacks on several mix types. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 36–52. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. 7.
    Danezis, G., Serjantov, A.: Statistical disclosure or intersection attacks on anonymity systems. In: Fridrich, J. (ed.) IH 2004. LNCS, vol. 3200, pp. 293–308. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  8. 8.
    Danezis, G.: The traffic analysis of continuous-time mixes. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 35–50. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Goldschlag, D., Reed, M., Syverson, P.: Onion routing for anonymous and private internet connections. Communications of the ACM (USA) 42(2), 39–41 (1999)CrossRefGoogle Scholar
  10. 10.
    Reiter, M., Rubin, A.: Crowds: Anonymity for web transactions. ACM Transactions on Information and System Security 1 (June 1998)Google Scholar
  11. 11.
    Rennhard, M., Plattner, B.: Introducing MorphMix: Peer-to-Peer based Anonymous Internet Usage with Collusion Detection. In: Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2002), Washington, DC, USA (November 2002)Google Scholar
  12. 12.
    Sherwood, R., Bhattacharjee, B., Srinivasan, A.: P5: A protocol for scalable anonymous communication. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy (May 2002)Google Scholar
  13. 13.
    Howard, J.D.: An analysis of security incidents on the internet 1989 - 1995. tech. rep. Carnegie Mellon University Dissertation (1997)Google Scholar
  14. 14.
    FBI Carnivore diagnostic tool (2003),
  15. 15.
    Cardoso, J.: Blind signal separation: statistical principles. Proceedings of the IEEE 9(10), 2009–2025 (1998); Special issue on blind identification and estimationCrossRefGoogle Scholar
  16. 16.
    Comon, P.: Independent component analysis, a new concept? Signal Process 36(3), 287–314 (1994)CrossRefMATHGoogle Scholar
  17. 17.
    He, Z., Yang, L., Liu, J., Lu, Z., He, C., Shi, Y.: Blind source separation using clustering-based multivariate density estimation algorithm. IEEE Trans. on Signal Processing 48(2), 575–579 (2000)CrossRefGoogle Scholar
  18. 18.
    Hyvärinen, A.: Fast and robust fixed-point algorithms for independent component analysis. IEEE Transactions on Neural Networks 10(3), 626–634 (1999)CrossRefGoogle Scholar
  19. 19.
    Hyvärinen, A., Oja, E.: A fast fixed-point algorithm for independent component analysis. Neural Comput. 9(7), 1483–1492 (1997)CrossRefGoogle Scholar
  20. 20.
    Gaeta, M., Lacoume, J.-L.: Source separation without prior knowledge: the maximum likelihood solution. In: Proc. EUSIPCO 1990, pp. 621–624 (1990)Google Scholar
  21. 21.
    Pham, D.-T., Garrat, P., Jutten, C.: Separation of a mixture of independent sources through a maximum likelihood approach. In: Proc. EUSIPCO, pp. 771–774 (1992)Google Scholar
  22. 22.
    Hyvärinen, A., Inki, M.: Estimating overcomplete independent component bases for image windows. J. Math. Imaging Vis. 17(2), 139–152 (2002)MathSciNetCrossRefMATHGoogle Scholar
  23. 23.
    Hyvärinen, A., Cristescu, R., Oja, E.: A fast algorithm for estimating overcomplete ICA bases for image windows. In: Proc. Int. Joint Conf. on Neural Networks, Washington, D.C., pp. 894–899 (1999)Google Scholar
  24. 24.
    Zhu, Y., Fu, X., Graham, B., Bettati, R., Zhao, W.: Correlation attacks in a mix network. Texas A&M University Computer Science Technical Report (February 2005)Google Scholar
  25. 25.
    Cruces-Alvarez, S.A., Cichocki, A.: Combining blind source extraction with joint approximate diagonalization: Thin algorithms for ICA. In: Proc. of the Fourth Symposium on Independent Component Analysis and Blind Signal Separation, Nara, Japan, pp. 463–468 (April 2003)Google Scholar
  26. 26.
    Zhu, Y., Bettati, R.: Unmixing mix traffic. Texas A&M University Computer Science Technical Report (February 2005)Google Scholar
  27. 27.
    Park, K., Willinger, W.: Self-similar network traffic: An overview (1999)Google Scholar
  28. 28.
    Serjantov, A., Danezis, G.: Towards an information theoretic metric for anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 41–53. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  29. 29.
    Díaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 54–68. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  30. 30.
    Kong, J., Hong, X.: Anodr: anonymous on demand routing with untraceable routes for mobile ad-hoc networks. In: MobiHoc 2003: Proceedings of the 4th ACM international symposium on Mobile ad hoc networking & computing, pp. 291–302. ACM Press, New York (2003)Google Scholar
  31. 31.
    Tong, L., Liu, R.-W., Soon, V.C., Huang, Y.-F.: Indeterminacy and identifiability of blind identification. IEEE Transactions on Circuits and Systems 38(5), 499–509 (1991)CrossRefMATHGoogle Scholar
  32. 32.
    Molgedey, L., Schuster, H.G.: Separation of a mixture of independent signals using time delayed correlations. Physical Review Letters 72, 3634–3637 (1994)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Ye Zhu
    • 1
  • Riccardo Bettati
    • 1
  1. 1.Department of Computer ScienceTexas A&M UniversityCollege StationUSA

Personalised recommendations