Abstract
Mix networks are a popular mechanism for anonymous Internet communications. By routing IP traffic through an overlay chain of mixes, they aim to hide the relationship between its origin and destination. Using a realistic model of interactive Internet traffic, we study the problem of defending low-latency mix networks against attacks based on correlating inter-packet intervals on two or more links of the mix chain. We investigate several attack models, including an active attack which involves adversarial modification of packet flows in order to “fingerprint” them, and analyze the tradeoffs between the amount of cover traffic, extra latency, and anonymity properties of the mix network. We demonstrate that previously proposed defenses are either ineffective, or impose a prohibitively large latency and/or bandwidth overhead on communicating applications. We propose a new defense based on adaptive padding.
This work was partially supported by NSF grants CNS-0509033 and IIS-0534198.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Back, A., Goldberg, I., Shostack, A.: Freedom Systems 2.1 security issues and analysis (May 2001), http://www.freehaven.net/anonbib/cache/freedom21-security.pdf
Back, A., Möller, U., Stiglic, A.: Traffic analysis attacks and trade-offs in anonymity providing systems. In: Moskowitz, I.S. (ed.) IH 2001. LNCS, vol. 2137, pp. 245–257. Springer, Heidelberg (2001)
Berthold, O., Federrath, H., Köpsell, S.: Web mIXes: A system for anonymous and unobservable internet access. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 115–129. Springer, Heidelberg (2001)
Berthold, O., Langos, H.: Dummy traffic against long term intersection attacks. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 110–128. Springer, Heidelberg (2003)
Boucher, P., Shostack, A., Goldberg, I.: Freedom Systems 2.0 architecture (December 2000), http://www.freehaven.net/anonbib/cache/freedom2-arch.pdf
Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 24(2), 84–88 (1981)
Danezis, G.: Statistical disclosure attacks. In: Proc. Security and Privacy in the Age of Uncertainty. IFIP Conference Proceedings, vol. 250, pp. 421–426 (2003)
Danezis, G.: The traffic analysis of continuous-time mixes. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 35–50. Springer, Heidelberg (2005)
Danezis, G., Dingledine, R., Mathewson, N.: Mixmixion: Design of a type III anonymous remailer protocol. In: Proc. IEEE Symposium on Security and Privacy, pp. 2–15 (2003)
Danezis, G., Serjantov, A.: Statistical disclosure or intersection attacks on anonymity systems. In: Fridrich, J. (ed.) IH 2004. LNCS, vol. 3200, pp. 293–308. Springer, Heidelberg (2004)
Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. In: Proc. 13th USENIX Security Symposium, pp. 303–320 (2004)
Dingledine, R., Mathewson, N., Syverson, P.: Challenges in deploying low-latency anonymity. NRL CHACS Report 5540-265 (2005)
Freedman, M., Morris, R.: Tarzan: A peer-to-peer anonymizing network layer. In: Proc. 9th ACM Conference on Computer and Communications Security, pp. 193–206 (2002)
Fu, X., Graham, B., Bettati, R., Zhao, W.: On effectiveness of link padding for statistical traffic analysis attacks. In: Proc. 23rd IEEE Conference on Distributed Computing Systems, pp. 340–349 (2003)
Fu, X., Graham, B., Bettati, R., Zhao, W., Xuan, D.: Analytical and empirical analysis of countermeasures to traffic analysis attacks. In: Proc. 32nd International Conference on Parallel Processing, pp. 483–492 (2003)
Internet Traffic Archive. Two hours of wide-area TCP traffic (January 1994), http://ita.ee.lbl.gov/html/contrib/LBL-TCP-3.html
Levine, B.N., Reiter, M.K., Wang, C.-X., Wright, M.: Timing attacks in low-latency mix systems. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 251–265. Springer, Heidelberg (2004)
Möller, U., Cottrell, L., Palfrader, P., Sassaman, L.: Mixmaster protocol version 2 (July 2003), http://www.abditum.com/mixmaster-spec.txt
Murdoch, S., Danezis, G.: Low-cost traffic analysis of T or. In: Proc. IEEE Symposium on Security and Privacy, pp. 183–195 (2005)
National Laboratory for Applied Network Research. Auckland-VIII data set (December 2003), http://pma.nlanr.net/Special/auck8.html
National Laboratory for Applied Network Research. PMA special traces archive (2005), http://pma.nlanr.net/Special/
Newman-Wolfe, R., Venkatraman, B.: High level prevention of traffic analysis. In: Proc. IEEE/ACM 7th Annual Computer Security Applications Conference, pp. 102–109 (1991)
Øverlier, L., Syverson, P.: Locating hidden servers. In: Proc. IEEE Symposium on Security and Privacy (2006)
Rennhard, M., Rafaeli, S., Mathy, L., Plattner, B., Hutchison, D.: Analysis of an anonymity network for Web browsing. In: Proc. IEEE WETICE, pp. 49–54 (2002)
Serjantov, A., Sewell, P.: Passive attack analysis for connection-based anonymity systems. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 116–131. Springer, Heidelberg (2003)
Shmatikov, V.: Probabilistic analysis of an anonymity system. J. Computer Security 12(3-4), 355–377 (2004)
Syverson, P., Goldschlag, D., Reed, M.: Anonymous connections and onion routing. In: Proc. IEEE Symposium on Security and Privacy, pp. 44–54 (1997)
Syverson, P.F., Tsudik, G., Reed, M., Landwehr, C.: Towards an analysis of onion routing security. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 96–114. Springer, Heidelberg (2001)
Timmerman, B.: A security model for dynamic adaptable traffic masking. In: Proc. New Security Paradigms Workshop, pp. 107–116 (1997)
Timmerman, B.: Secure adaptive traffic masking. In: Proc. New Security Paradigms Workshop, pp. 13–24 (1999)
Venkatraman, B., Newman-Wolfe, R.: Performance analysis of a method for high level prevention of traffic analysis using measurements from a campus network. In: Proc. IEEE/ACM 10th Annual Computer Security Applications Conference, pp. 288–297 (1994)
Wright, M., Adler, M., Levine, B., Shields, C.: An analysis of the degradation of anonymous protocols. In: Proc. ISOC Network and Distributed System Security Symposium (2002)
Zhu, Y., Fu, X., Graham, B., Bettati, R., Zhao, W.: On flow correlation attacks and countermeasures in mix networks. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 207–225. Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Shmatikov, V., Wang, MH. (2006). Timing Analysis in Low-Latency Mix Networks: Attacks and Defenses. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds) Computer Security – ESORICS 2006. ESORICS 2006. Lecture Notes in Computer Science, vol 4189. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11863908_2
Download citation
DOI: https://doi.org/10.1007/11863908_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44601-9
Online ISBN: 978-3-540-44605-7
eBook Packages: Computer ScienceComputer Science (R0)