Document Type

Article

Publication Date

7-2010

Publication Title

IEEE Transactions on Parallel and Distributed Systems

Abstract

In this paper, we address attacks that exploit the timing behavior of TCP and other protocols and applications in low-latency anonymity networks. Mixes have been used in many anonymous communication systems and are supposed to provide countermeasures to defeat traffic analysis attacks. In this paper, we focus on a particular class of traffic analysis attacks, flow-correlation attacks, by which an adversary attempts to analyze the network traffic and correlate the traffic of a flow over an input link with that over an output link. Two classes of correlation methods are considered, namely time-domain methods and frequency-domain methods. Based on our threat model and known strategies in existing mix networks, we perform extensive experiments to analyze the performance of mixes. We find that all but a few batching strategies fail against flow-correlation attacks, allowing the adversary to either identify ingress and egress points of a flow or to reconstruct the path used by the flow. Counterintuitively, some batching strategies are actually detrimental against attacks. The empirical results provided in this paper give an indication to designers of Mix networks about appropriate configurations and mechanisms to be used to counter flow-correlation attacks.

Original Citation

Ye, Z., Xinwen, F., Graham, B., Bettati, R., & Wei, Z. (2010). Correlation-based Traffic Analysis Attacks on Anonymity Networks. Ieee Transactions on Parallel and Distributed Systems, 21, 7, 954-967.

DOI

10.1109/TPDS.2009.146

Version

Postprint

Volume

27

Issue

1

Share

COinS