Multi-flow attacks against network flow watermarking schemes

Negar Kiyavash, Amir Houmansadr, Nikita Borisov

Research output: Contribution to conferencePaperpeer-review


We analyze several recent schemes for watermarking network flows based on splitting the flow into intervals. We show that this approach creates time dependent correlations that enable an attack that combines multiple watermarked flows. Such an attack can easily be mounted in nearly all applications of network flow watermarking, both in anonymous communication and stepping stone detection. The attack can be used to detect the presence of a watermark, recover the secret parameters, and remove the watermark from a flow. The attack can be effective even if different the watermarks in different flows carry different messages. We analyze the efficacy of our attack using a probabilistic model and a Markov-modulated Poisson process (MMPP) model of interactive traffic. We also implement our attack and test it using both synthetic and real-world traces, showing that our attack is effective with as few as 10 watermarked flows. Finally, we propose a countermeasure that defeats the attack by using multiple watermark positions.

Original languageEnglish (US)
Number of pages14
StatePublished - 2008
Event17th USENIX Security Symposium - San Jose, United States
Duration: Jul 28 2008Aug 1 2008


Conference17th USENIX Security Symposium
Country/TerritoryUnited States
CitySan Jose

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems
  • Safety, Risk, Reliability and Quality


Dive into the research topics of 'Multi-flow attacks against network flow watermarking schemes'. Together they form a unique fingerprint.

Cite this