Studying Timing Analysis on the Internet with SubRosa

  • Hatim Daginawala
  • Matthew Wright
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5134)


Timing analysis poses a significant threat to anonymity systems that wish to support low-latency applications like Web browsing, instant messaging, and Voice over IP (VoIP). Research into timing analysis so far has been done through simulations or unrealistic local area networks. We developed SubRosa, an experimental platform for studying timing analysis attacks and defenses in low-latency anonymity systems. We present results of experiments on PlanetLab, a globally distributed network testbed. Our experiments validate the major conclusions, but not the detailed results, obtained by prior simulation studies. We also propose a new lightweight defense based on the principles of mix design called γ-buffering and show the limitations of this approach. Finally, motivated by our experimental results, we introduce spike analysis, a new timing analysis technique that takes advantage of unusual delays in a stream to substantially reduce errors over prior techniques.


Receiver Operator Characteristic Curve Timing Analysis Overlay Network Round Trip Time Equal Error Rate 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
    Back, A., Goldberg, I., Shostack, A.: Freedom 2.0 security issues and analysis. Zero-Knowledge Systems, Inc. white paper (November 2000)Google Scholar
  3. 3.
    Bauer, K., McCoy, D., Grunwald, D., Kohno, T., Sicker, D.: Low-resource routing attacks against TOR. In: ACM WPES (2007)Google Scholar
  4. 4.
    Brown, D.: The Da Vinci Code. Doubleday Press (2003)Google Scholar
  5. 5.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 24(2), 84–88 (1981)CrossRefGoogle Scholar
  6. 6.
    Danezis, G.: The traffic analysis of continuous-time mixes. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424. Springer, Heidelberg (May 2005)Google Scholar
  7. 7.
    Dei, W.: Pipenet 1.1 (August 1996),
  8. 8.
    Diaz, C., Preneel, B.: Taxonomy of mixes and dummy traffic. In: Proc. Intl. Information Security Management, Education and Privacy (I-NetSec 2004) (August 2004)Google Scholar
  9. 9.
    Diaz, C., Sassaman, L., Dewitte, E.: Comparison between two practical mix designs. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193. Springer, Heidelberg (2004)Google Scholar
  10. 10.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: The next-generation Onion Router. In: Proc. USENIX Security Symposium (August 2004)Google Scholar
  11. 11.
    Freedman, M., Morris, R.: Tarzan: A peer-to-peer anonymizing network layer. In: Proc. ACM CCS (November 2002)Google Scholar
  12. 12.
    Ganesh, R., Kaushik, B., Sadhu, R.: Modelling Delay Jitter in Voice over IP. ArXiv Computer Science e-prints (January 2003)Google Scholar
  13. 13.
    Hopper, N., Vasserman, E.Y., Chan-Tin, E.: How much anonymity does network latency leak. In: Proceedings of CCS 2007 (October 2007)Google Scholar
  14. 14.
    Levine, B.N., Reiter, M., Wang, C., Wright, M.: Timing analysis in low-latency mix systems. In: Proc. Financial Cryptography (February 2004)Google Scholar
  15. 15.
    Li, H., Mason, L.: Estimation and simulation of network delay traces for voip in service overlay network. In: Proc.  Intl. Symposium on Signals, Systems and Electronics (ISSSE 2007) (July 2007)Google Scholar
  16. 16.
    Murdoch, S.J., Danezis, G.: Low-cost traffic analysis of Tor. In: Proc. IEEE Symposium on Security and Privacy (May 2005)Google Scholar
  17. 17.
    Murdoch, S.J., Zieliński, P.: Sampled traffic analysis by internet-exchange-level adversaries. In: Proceedings of the Seventh Workshop on Privacy Enhancing Technologies (PET 2007) (June 2007)Google Scholar
  18. 18.
    Nambiar, A., Wright, M.: Salsa: a structured approach to large-scale anonymity. In: Proc. ACM Conference on Computer and Communications Security (CCS 2006) (October 2006)Google Scholar
  19. 19.
    Paxson, V.: Measurement and Analysis of End-to-End Internet Dynamics. Berkeley, California. Ph.D Dissertation (1997)Google Scholar
  20. 20.
    Peterson, L., Pai, V., Spring, N., Bavier, A.: Using PlanetLab for Network Research: Myths, Realities, and Best Practices. Technical Report PDN–05–028, PlanetLab Consortium (June 2005)Google Scholar
  21. 21.
    Pfitzmann, A., Pfitzmann, B., Waidner, M.: ISDNMixes: Untraceable communication with very small bandwidth overhead. In: Proc. GI/ITG Communication in Distributed Systems (February 1991)Google Scholar
  22. 22.
    Reiter, M.K., Rubin, A.D.: Crowds: Anonymity for Web Transactions. ACM TISSEC 1(1), 66–92 (1998)CrossRefGoogle Scholar
  23. 23.
    Rennhard, M., Plattner, B.: Practical anonymity for the masses with MorphMix. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110. Springer, Heidelberg (2004)Google Scholar
  24. 24.
    Serjantov, A., Dingledine, R., Syverson, P.: From a trickle to a flood: Active attacks on several mix types. In: Proc. Information Hiding Workshop (IH) (October 2002)Google Scholar
  25. 25.
    Shmatikov, V., Wang, M.H.: Timing analysis in low latency mix networks: Attacks and defenses. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  26. 26.
    Syverson, P., Tsudik, G., Reed, M., Landwehr, C.: Towards an analysis of Onion Routing security. In: Workshop on Design Issues in Anonymity and Unobservability (July 2000)Google Scholar
  27. 27.
    Venkateshaiah, M., Wright, M.: Evading stepping stone detection under the cloak of streaming media. Technical Report CSE-2007-6, Dept. of Computer Science and Engineering, U. Texas at Arlington (2007)Google Scholar
  28. 28.
    Wang, X., Chen, S., Jajodia, S.: Tracking anonymous peer-to-peer VoIP calls on the Internet. In: Proceedings of the ACM Conference on Computer Communications Security (CCS) (November 2005)Google Scholar
  29. 29.
    Wang, X., Chen, S., Jajodia, S.: Network flow watermarking attack on low-latency anonymous communication systems. In: Proceedings of the IEEE Symposium on Security and Privacy (S&P 2007) (May 2007)Google Scholar
  30. 30.
    Wright, M., Adler, M., Levine, B.N., Shields, C.: The predecessor attack: An analysis of a threat to anonymous communications systems. ACM Transactions on Information and Systems Security (TISSEC) 7(4) (2004)Google Scholar
  31. 31.
    Zhu, Y., Fu, X., Graham, B., Bettati, R., Zhao, W.: On flow correlation attacks and countermeasures in mix networks. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424. Springer, Heidelberg (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Hatim Daginawala
    • 1
  • Matthew Wright
    • 1
  1. 1.University of Texas at ArlingtonArlingtonUSA

Personalised recommendations