Abstract
Flow watermarks are active traffic analysis techniques that help establish a causal connection between two network flows by content-independent manipulations, e.g., altering packet timings. Watermarks provide a much more scalable approach for flow correlation than passive traffic analysis. Previous designs of scalable watermarks, however, were subject to multi-flow attacks. They also introduced delays too large to be used in most environments. We design SWIRL, a Scalable Watermark that is Invisible and Resilient to packet Losses. SWIRL is the first watermark that is practical to use for large-scale traffic analysis. SWIRL uses a flow-dependent approach to resist multi-flow attacks, marking each flow with a different pattern. SWIRL is robust to packet losses and network jitter, yet it introduces only small delays that are invisible to both benign users and determined adversaries. We analyze the performance of SWIRL both analytically and on the PlanetLab testbed, demonstrating very low error rates. We consider applications of SWIRL to stepping stone detection and linking anonymous communication. We also propose a novel application of watermarks to defend against congestion attacks on Tor.
| Original language | English (US) |
|---|---|
| State | Published - 2011 |
| Externally published | Yes |
| Event | 18th Symposium on Network and Distributed System Security, NDSS 2011 - San Diego, United States Duration: Feb 6 2011 → Feb 9 2011 |
Conference
| Conference | 18th Symposium on Network and Distributed System Security, NDSS 2011 |
|---|---|
| Country/Territory | United States |
| City | San Diego |
| Period | 2/6/11 → 2/9/11 |
ASJC Scopus subject areas
- Computer Networks and Communications
- Control and Systems Engineering
- Safety, Risk, Reliability and Quality