Abstract
We analyze several recent schemes for watermarking network flows based on splitting the flow into intervals. We show that this approach creates time dependent correlations that enable an attack that combines multiple watermarked flows. Such an attack can easily be mounted in nearly all applications of network flow watermarking, both in anonymous communication and stepping stone detection. The attack can be used to detect the presence of a watermark, recover the secret parameters, and remove the watermark from a flow. The attack can be effective even if different the watermarks in different flows carry different messages. We analyze the efficacy of our attack using a probabilistic model and a Markov-modulated Poisson process (MMPP) model of interactive traffic. We also implement our attack and test it using both synthetic and real-world traces, showing that our attack is effective with as few as 10 watermarked flows. Finally, we propose a countermeasure that defeats the attack by using multiple watermark positions.
| Original language | English (US) |
|---|---|
| Pages | 307-320 |
| Number of pages | 14 |
| State | Published - 2008 |
| Event | 17th USENIX Security Symposium - San Jose, United States Duration: Jul 28 2008 → Aug 1 2008 |
Conference
| Conference | 17th USENIX Security Symposium |
|---|---|
| Country/Territory | United States |
| City | San Jose |
| Period | 7/28/08 → 8/1/08 |
ASJC Scopus subject areas
- Computer Networks and Communications
- Information Systems
- Safety, Risk, Reliability and Quality