Skip to main content
SpringerLink
Log in

Active Timing Based Traceback

  • Chapter
  • First Online:
Traceback and Anonymity

Part of the book series: SpringerBriefs in Computer Science ((BRIEFSCOMPUTER))

  • 476 Accesses

Abstract

As shown in Sect. 3.3, timing based correlation approaches are promising in correlating encrypted network flows. However, they are inherently sensitive to deliberate timing perturbation by the adversary. In particular, the adversary can increase the correlation false positive rate or decrease the correlation true positive rate by making unrelated flows have similar timing characteristics or making related flows exhibit different timing characteristics.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    We will address packet drop or bogus packets in later chapters.

References

  1. Cypherpunk. http://en.wikipedia.org/wiki/Cypherpunk

  2. Number of Internet Hosts. http://ftp.isc.org/www/survey/reports/current/

  3. The Anonymizer. http://anonymizer.com

  4. A.C. Snoeren, C. Partridge, L.A. Sanchez, C.E. Jone, F. Tchakountio, S.T. Kent, W.T. Strayer, Hash-based IP traceback, in Proceedings of ACM SIGCOMM 2001, San Diego, Nov 2001, pp. 3–14

    Google Scholar 

  5. J.P. Anderson, Computer Security Threat Monitoring and Surveillance. Technical Report, James P. Anderson Co., Fort Washington, Apr 1980

    Google Scholar 

  6. A. Beimel, S. Dolev, Buses for anonymous message delivery. J. Cryptol. 16(1), 25–39 (2003)

    Article  MathSciNet  MATH  Google Scholar 

  7. O. Berthold, H. Federrath, S. Köpsell, Web MIXes: a system for anonymous and unobservable internet access, in Proceedings of Designing Privacy Enhancing Technologies: Workshop on Design Issues in Anonymity and Unobservability, Berkeley, July 2000, pp. 115–129

    MATH  Google Scholar 

  8. A. Blum, D. Song, S. Venkataraman, Detection of interactive stepping stones: algorithms and confidence bounds, in Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection (RAID 2004), Sophia-Antipolis, Sept 2004, pp. 258–277

    Google Scholar 

  9. B. Carrier, C. Shields, A recursive session token protocol for use in computer forensics and TCP traceback, in Proceedings of Proceedings of the 21th Annual Joint Conference of the IEEE Computer and Communications Societies (Infocom 2002), New York, Apr 2002, pp. 1540–1546

    Google Scholar 

  10. D. Chaum, Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84–88 (1981)

    Article  Google Scholar 

  11. D. Chaum, The dining cryptographers problem: unconditional sender and recipient untraceability. J. Cryptol. 1(1), 65–75 (1988)

    Article  MathSciNet  MATH  Google Scholar 

  12. D. Chaum, E.V. Heyst, Group signatures, in Proceedings of the 1991 Workshop on the Theory and Application of Cryptographic Techniques on Advances in Cryptology (EUROCRYPT 1991), Brighton, Apr 1991, pp. 257–265

    MATH  Google Scholar 

  13. I.J. Cox, M.L. Miller, J.A. Bloom, Digital Watermarking (Morgan-Kaufmann, San Francisco, 2002)

    Google Scholar 

  14. G. Danezis, R. Dingledine, N. Mathewson, Mixminion: design of a type III anonymous remailer protocol, in Proceedings of the 2003 IEEE Symposium on Security and Privacy (S&P 2003), Berkeley, May 2003, pp. 183–195

    Google Scholar 

  15. D. Dean, M. Franklin, A. Stubblefield, An algebraic approach to IP traceback. ACM Trans. Inf. Syst. Secur. (TISSEC) 5(2):119–137 (2002)

    Google Scholar 

  16. M.H. deGroot, Probability and Statistics (Addison-Wesley, Reading, 1989)

    Google Scholar 

  17. R. Dingledine, N. Mathewson, P. Syverson, Tor: the second-generation onion routing, in Proceedings of the 13th USENIX Security Symposium, San Diego, Aug 2004, pp. 303–320. USENIX

    Google Scholar 

  18. D.L. Donoho, A.G. Flesia, U. Shankar, V. Paxson, J. Coit, S. Staniford, Multiscale stepping stone detection: detecting pairs of jittered interactive streams by exploiting maximum tolerable delay, in Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID 2002), Zurich, Oct 2002, pp. 17–35

    MATH  Google Scholar 

  19. M.J. Freedman, R. Morris, Tarzan: a peer-to-peer anonymizing network layer, in Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002), Washington, DC, Nov 2002, pp. 193–206

    Google Scholar 

  20. M.T. Goodrich, Efficient packet marking for large-scale IP traceback, in Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002), Washington, DC, Nov 2002, pp. 117–126

    Google Scholar 

  21. Y. Guan, X. Fu, D. Xuan, P.U. Shenoy, R. Bettati, W. Zhao, Netcamo: camouflaging network traffic for qosguaranteed. IEEE Trans. Syst. Man Cybern. 34(4), 253–265 (2001)

    Article  Google Scholar 

  22. L.T. Heberlein, K. Levitt, B. Mukherjee, Internetwork security monitor: an intrusion-detection system for large-scale networks, in Proceedings of the 15th National Computer Security Conference, Baltimore, Oct 1992

    Google Scholar 

  23. S. Helmers, A Brief History of anon.penet.fi – The Legendary Anonymous Remailer. http://www.december.com/cmc/mag/1997/sep/helmers.html

  24. H.T. Jung, H.L. Kim, Y.M. Seo, G. Choe, S. Min, C.S. Kim, K. Koh, Caller identification system in the internet environment, in Proceedings of the 4th USENIX Security Symposium, Santa Clara, Aug 1993, pp. 69–78

    Google Scholar 

  25. S. Kent, K. Seo, Security architecture for the internet protocol, RFC 4301, IETF, Dec 2005

    Google Scholar 

  26. D. Kesdogan, D. Agrawal, V. Pham, D. Agrawal, Fundamental limits on the anonymity provided by the MIX technique, in Proceedings of the 2006 IEEE Symposium on Security & Privacy (S&P 2006), Oakland, May 2006, pp. 86–99

    Google Scholar 

  27. B.N. Levine, M.K. Reiter, C. Wang, M.K. Wright, Timing attacks in low-latency mix-based systems, in Proceedings of Financial Cryptography (FC ’04), ed. by A. Juels. LNCS, vol. 3110 (Springer, Berlin/Heidelberg, 2004), pp. 251–265

    Google Scholar 

  28. U. Moeller, L. Cottrell, P. Palfrader, L. Sassaman, Mixmaster Protocol Version 2. Internet-Draft, IETF, Dec 2004

    Google Scholar 

  29. P. Moulin, Information-hiding games, in Proceedings of International Workshop on Digital Watermarking (IWDW 2003), Seoul, May 2003, pp. 82–91

    Google Scholar 

  30. P. Moulin, J.A. O’Sullivan, Information-theoretic analysis of information hiding. IEEE Trans. Inf. Theory 49(3), 563–593 (2003)

    Article  MathSciNet  MATH  Google Scholar 

  31. R. Oppliger, Internet security: firewalls and beyond. Commun. ACM 40(5), 92–102 (1997)

    Article  Google Scholar 

  32. L. Øverlier, P. Syverson, Locating hidden servers, in Proceedings of the 2006 IEEE Symposium on Security & Privacy (S&P 2006), Oakland, May 2006, pp. 100–114

    Google Scholar 

  33. K. Park, H. Lee, On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack, in Proceedings of the 20th Annual Joint Conference of the IEEE Computer and Communications Societies (Infocom 2001), Anchorage, Apr 2001, pp. 338–347

    Google Scholar 

  34. P. Peng, P. Ning, D.S. Reeves, X. Wang, Active timing-based correlation of perturbed traffic flows with chaff packets, in Proceedings of the 2nd International Workshop on Security in Distributed Computing Systems (SDCS-2005), Columbus, Ohio, USA, June 2005, pp. 107–113

    Google Scholar 

  35. A. Pfitzmann, M. Hansen, A terminology for talking about privacy by data minimization: anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management, 2010. http://dud.inf.tu-dresden.de/literatur/Anon_Terminology_v0.34.pdf

  36. B. Pfitzmann, A. Pfizmann, How to break the direct RSA-implementation of mixes, in Proceedings of the 1989 Workshop on the Theory and Application of Cryptographic Techniques on Advances in Cryptology (EUROCRYPT 1989), Houthalen, Apr 1989, pp. 373–381

    Google Scholar 

  37. B. Prince, Attackers Adopt ‘Advanced Evasion Techniques’ to Beat IPS. http://securitywatch.eweek.com/intrusion_detectionprevention/attackers_adopt_advanced_evasion_techniques_beat_ips.html

  38. Y. Pyun, D.S. Reeves, Deployment of network monitors for attack attribution, in Proceedings of the Fourth International Conference on Broadband Communications, Networks, and Systems (IEEE Broadnets 2007), Raleigh, Sept 2007, pp. 525–534

    Google Scholar 

  39. Y.J. Pyun, Y.H. Park, X. Wang, D.S. Reeves, P. Ning, Tracing traffic through intermediate hosts that repacketize flows, in Proceedings of the 26th Annual IEEE Conference on Computer Communications (Infocom 2007), Anchorage, May 2007. IEEE

    Google Scholar 

  40. F. Rashid, Dutch CA Files for Bankruptcy After Security Breach. http://securitywatch.eweek.com/infrastructure_security/dutch_ca_files_for_bankruptcy_after_security_breach.html

  41. F. Rashid, Hackers Target Bankers’ Personal Data as Part of “Occupy Wall Street”. http://securitywatch.eweek.com/hactivism/hackers_target_bankers_personal_data_as_part_of_occupy_wall_street.html

  42. F. Rashid, McAfee Predicts More Hacktivism in 2012. http://securitywatch.eweek.com/hactivism/mcafee_predicts_more_hacktivism_in_2012.html

  43. F. Rashid, NASA Repeatedly Attacked, Jet Propulsion Lab Compromised. http://securitywatch.eweek.com/data_breach/nasa_repeatedly_attacked_jet_propulsion_lab_compromised.html

  44. F. Rashid, Sony PSN Hackers Used Amazon EC2 in Attack. http://securitywatch.eweek.com/data_breach/sony_psn_hackers_used_amazon_ec2_in_attack.html

  45. M.G. Reed, P.F. Syverson, D.M. Goldschlag, Anonymous connections and onion routing. IEEE JSAC Copyr. Priv. Prot. 16(4), 482–494 (1998)

    Google Scholar 

  46. M. Reiter, A. Rubin, Crowds: anonymity for web transactions. ACM TISSEC 1(1), 66–92 (1998)

    Article  Google Scholar 

  47. M. Rennhard, B. Plattner, Introducing MorphMix: peer-to-peer based anonymous internet usage with collusion detection, in Proceedings of the 2002 ACM Workshop on Privacy in the Electronic Society (WPES 2002), Washington, DC, Nov 2002, pp. 91–102

    Google Scholar 

  48. R.L. Rivest, A. Shamir, Y. Tauman, How to leak a secret, in Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology (ASIACRYPT 2001) (Springer, Berlin/Heidelberg, 2001), pp. 554–567

    Google Scholar 

  49. S. Savage, D. Wetherall, A. Karlin, T. Anderson, Practical network support for IP traceback, in Proceedings of ACM SIGCOMM 2000, Stockholm, Sept 2000, pp. 295–306

    Google Scholar 

  50. D. Schnackenberg, K. Djahandari, D. Strene, Infrastructure for intrusion detection and response, in Proceedings of the 2000 DARPA Information Survivability Conference and Exposition (DISCEX 2000), Hilton Head, 2000, pp. 3–11

    Google Scholar 

  51. R. Sherwood, B. Bhattacharjee, A. Srinivasan, P5: a protocol for scalable anonymous communication, in Proceedings of 2002 IEEE Symposium on Security and Privacy (S&P 2002), Oakland, May 2002

    Google Scholar 

  52. C. Shields, B.N. Levine, A protocol for anonymous communication over the internet, in Proceedings of the 7th ACM Conference on Computer and Communications Security (CCS 2000), Athens, Nov 2000, pp. 33–42

    Google Scholar 

  53. S.R. Snapp, J. Brentano, G.V. Dias, T.L. Goan, L.T. Heberlein, C. lin Ho, K.N. Levitt, B. Mukherjee, S.E. Smaha, T. Grance, D.M. Teal, D. Mansur, DIDS (distributed intrusion detection system) – motivation, architecture, and an early prototype, in Proceedings of the 14th National Computer Security Conference, Baltimore, 1991, pp. 167–176

    Google Scholar 

  54. D. Song, A. Perrig, Advanced and authenticated marking scheme for IP traceback, in Proceedings of the 20th Annual Joint Conference of the IEEE Computer and Communications Societies (Infocom 2001), Anchorage, Apr 2001, pp. 878–886

    Google Scholar 

  55. S. Staniford-Chen, L.T. Heberlein, Holding intruders accountable on the internet, in Proceedings of the 1995 IEEE Symposium on Security & Privacy (S&P 1995), Oakland, May 1995, pp. 39–49

    Book  Google Scholar 

  56. C. Stoll, The Cuckoo’s Egg: Tracking Spy Through the Maze of Computer Espionage (Pocket Books, New York, 1990)

    Google Scholar 

  57. P. Tabriz, N. Borisov, Breaking the collusion detection mechanism of morphmix, in Proceedings of the 6th International Conference on Privacy Enhancing Technologies (PET 2006), Cambridge, June 2006, pp. 368–383

    Google Scholar 

  58. C.E.R. Team, CERT Advisory CA-96.21: CERT Advisory TCP SYN Flooding and IP Spoofing Attacks. http://www.cert.org/advisories/CA-96.21.tcp_syn_flooding.html

  59. C.E.R. Team, CERT Advisory CA-96.26: Denial-of-Service Attack via Pings. http://www.cert.org/advisories/CA-96.26.ping.html

  60. C.E.R. Team, CERT Advisory CA-98.01: CERT Advisory “smurf” IP Denial-of-Service. http://www.cert.org/advisories/CA-98.01.smurf.html

  61. P. Venkitasubramaniam, L. Tong, Anonymous networking with minimum latency in multihop networks, in Proceedings of the 2008 IEEE Symposium on Security & Privacy (S&P 2008), Oakland, May 2008, pp. 18–32

    Book  Google Scholar 

  62. R. Walters, Cyber Attacks on U.S. Companies in 2014, 2014. http://www.heritage.org/research/reports/2014/10/cyber-attacks-on-us-companies-in-2014

  63. X. Wang, S. Chen, S. Jajodia, Network flow watermarking attack on low-latency anonymous communication systems, in Proceedings of the 2007 IEEE Symposium on Security & Privacy (S&P 2007), Oakland, May 2007, pp. 116–130

    Google Scholar 

  64. X. Wang, D.S. Reeves, S.F. Wu, Inter-packet delay based correlation for tracing encrypted connections through stepping stones, in Proceedings of the 7th European Symposium on Research in Computer Security (ESORICS 2002), Zurich, Oct 2002, pp. 244–263

    Google Scholar 

  65. X. Wang, D.S. Reeves, S.F. Wu, J. Yuill, Sleepy watermark tracing: an active network-based intrusion response framework, in Proceedings of the 16th International Conference on Information Security (IFIP/Sec 2001), Paris, June 2001, pp. 369–384

    Google Scholar 

  66. T. Ylonen, C. Lonvick, The Secure Shell (SSH) Protocol Architecture. RFC 4251, IETF, Jan 2006

    Google Scholar 

  67. K. Yoda, H. Etoh, Finding a connection chain for tracing intruders, in Proceedings of the 6th European Symposium on Research in Computer Security (ESORICS 2000), Toulouse, Oct 2000, pp. 191–205

    Google Scholar 

  68. W. Yu, X. Fu, S. Graham, D. Xuan, W. Zhao, DSSS-based flow marking technique for invisible traceback, in Proceedings of the 2007 IEEE Symposium on Security & Privacy (S&P 2007), Oakland, May 2007, pp. 18–32

    Book  Google Scholar 

  69. Y. Zhang, V. Paxson, Detecting stepping stones, in Proceedings of the 9th USENIX Security Symposium, Denver, Aug 2000, pp. 171–184

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, George Mason University, Fairfax, VA, USA

    Xinyuan Wang

  2. Department of Computer Science, North Carolina State University, Raleigh, NC, USA

    Douglas Reeves

Authors
  1. Xinyuan Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Douglas Reeves
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2015 The Author(s)

About this chapter

Cite this chapter

Wang, X., Reeves, D. (2015). Active Timing Based Traceback. In: Traceback and Anonymity. SpringerBriefs in Computer Science. Springer, New York, NY. https://doi.org/10.1007/978-1-4939-3441-6_4

Download citation

  • DOI: https://doi.org/10.1007/978-1-4939-3441-6_4

  • Published:

  • Publisher Name: Springer, New York, NY

  • Print ISBN: 978-1-4939-3439-3

  • Online ISBN: 978-1-4939-3441-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation