Open Access  Subscription or Fee Access

In this paper, we focus on a particular class of traffic analysis attacks, flow- correlation attacks, by which an adversary attempts to analyze the network traffic and correlate the traffic of a flow over an input link with that over an output link. Two classes of correlation methods are considered, namely time-domain methods and frequency-domain methods. We address attacks that exploit the timing behavior of TCP and other protocols and applications in low-latency anonymity networks. Measures for anonymity in systems must be on one hand simple and concise, and on the other hand reflect the realities of real systems. Such systems are the ways as they are used to deploy anonymity measures, and finally the possible attack methods. Mixes have been used in many anonymous communication systems and are used to provide countermeasures to defeat traffic analysis attacks. But we find that only a few batching strategies fail against flow-correlation attacks, allowing the adversary to either identify ingress and egress points of a flow or to reconstruct the path used by the flow. Similarly, some batching strategies are actually detrimental against attack`s. Based on our threat model and known strategies in existing mix networks, we perform extensive experiments to analyze the performance of mixes. Results provided in this paper give an indication to designers of Mix networks. It provides anonymous connections that are strongly resistant to both eavesdropping and traffic analysis.

Privacy, Mixes, Anonymity, Anonymous Communication, Flow-Correlation Attack.

D. Chaum, “Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms,” Comm. ACM, vol. 24, no. 2, pp. 84-90, Feb. 1981.

K. Fall and S. Floyd, “Simulation-Based Comparisons of Tahoe, Reno and SACK TCP,” SIGCOMM Computer Comm. Rev., vol. 26, no. 3, pp. 5-21, Aug. 1996.

P.F. Syverson, D.M. Goldschlag, and M.G. Reed, “Anonymous Connections and Onion Routing,” Proc. IEEE Symp. Security and Privacy, pp. 44-54, 1997.

P. Boucher, A. Shostack, and I. Goldberg, “Freedom Systems 2.0 Architecture,” http://www.freedom.net/products/whitepapers/Freedom_System_2_Architecture.pdf, Dec. 2000.

Q. Sun, D.R. Simon, Y.-M. Wang, W. Russell, V.N. Padmanabhan, and L. Qiu, “Statistical Identification of Encrypted Web Browsing Traffic,” Proc. IEEE Symp. Security and Privacy, pp. 19-30, 2002.

O.R.D. Achives, “Link Padding and the Intersection Attack,“http://archives.seul.org/or/dev, 2002.

A. Serjantov, R. Dingledine, and P. Syverson, “From a Trickle to a Flood: Active Attacks on Several Mix Types,” Proc. Information Hiding Workshop (IH ’02), F. Petitcolas, ed., pp. 36-52, Oct. 2002.

M.J. Freedman and R. Morris, “Tarzan: A Peer-to-Peer Anonymizing Network Layer,” Proc. Ninth ACM Conf. Computer and Comm. Security, pp. 193-206, 2002.

A. Serjantov and P. Sewell, “Passive Attack Analysis for Connection- Based Anonymity Systems,” Proc. European Symp. Research in Computer Security (ESORICS ’03), pp. 116-131, Oct. 2003.

X. Wang and D.S. Reeves, “Robust Correlation of Encrypted Attack Traffic through Stepping Stones by Manipulation of Interpacket Delays,” Proc. 10th ACM Conf. Computer and Comm. Security (CCS ’03), pp. 20-29, 2003.

R. Dingledine, N. Mathewson, and P. Syverson, “Tor: The Second- Generation Onion Router,” Proc. 13th USENIX Security Symp., pp. 303-320, Aug. 2004.

Y. Zhu and R. Bettati, “Anonymity vs. Information Leakage in Anonymity Systems,” Proc. 25th IEEE Int’l Conf. Distributed Computing Systems (ICDCS ’05), pp. 514-524, 2005.

J. Camenisch and A. Lysyanskaya, “A Formal Treatment of Onion Routing,” Proc. Ann. Int’l Cryptology Conf. (CRYPTO ’05), V. Shoup, ed., pp. 169-187, Aug. 2005.

L. Øverlier and P. Syverson, “Locating Hidden Servers,” Proc. IEEE Symp. Security and Privacy, May 2006.

L. Øverlier and P. Syverson, “Valet Services: Improving Hidden Servers with a Personal Touch,” Proc. Sixth Workshop Privacy Enhancing Technologies (PET ’06), G. Danezis and P. Golle, eds., pp. 223-244, June 2006.