TY - GEN
T1 - The need for flow fingerprints to link correlated network flows
AU - Houmansadr, Amir
AU - Borisov, Nikita
N1 - Copyright:
Copyright 2013 Elsevier B.V., All rights reserved.
PY - 2013
Y1 - 2013
N2 - Linking network flows is an important problem in the detection of stepping stone attacks as well as in compromising anonymity systems. Traffic analysis is an effective tool for linking flows, which works by correlating their communication patterns, e.g., their packet timings. To improve scalability and performance of this process, recent proposals suggest to perform traffic analysis in an active manner by injecting invisible tags into the traffic patterns of network flows; this approach is commonly known as flow watermarking. In this paper, we study an under-explored type of active traffic analysis that we call it flow fingerprinting. Information theoretically, flow watermarking aims at conveying a single bit of information whereas flow fingerprinting tries to reliably send multiple bits of information, hence it is a more challenging problem. Such additional bits help a fingerprinter deliver extra information in addition to the existence of the tag, such as the network origin of the flow and the identity of the fingerprinting entity. In this paper, we introduce and formulate the flow fingerprinting problem and contrast its application scenarios from that of the well-studied flow watermarking. We suggest the use of coding theory to build fingerprinting schemes based on the existing watermarks. In particular, we design a non-blind fingerprint, Fancy, and evaluate its performance. We show that Fancy can reliably fingerprint millions of network flows by tagging only as few as tens of packets from each flow.
AB - Linking network flows is an important problem in the detection of stepping stone attacks as well as in compromising anonymity systems. Traffic analysis is an effective tool for linking flows, which works by correlating their communication patterns, e.g., their packet timings. To improve scalability and performance of this process, recent proposals suggest to perform traffic analysis in an active manner by injecting invisible tags into the traffic patterns of network flows; this approach is commonly known as flow watermarking. In this paper, we study an under-explored type of active traffic analysis that we call it flow fingerprinting. Information theoretically, flow watermarking aims at conveying a single bit of information whereas flow fingerprinting tries to reliably send multiple bits of information, hence it is a more challenging problem. Such additional bits help a fingerprinter deliver extra information in addition to the existence of the tag, such as the network origin of the flow and the identity of the fingerprinting entity. In this paper, we introduce and formulate the flow fingerprinting problem and contrast its application scenarios from that of the well-studied flow watermarking. We suggest the use of coding theory to build fingerprinting schemes based on the existing watermarks. In particular, we design a non-blind fingerprint, Fancy, and evaluate its performance. We show that Fancy can reliably fingerprint millions of network flows by tagging only as few as tens of packets from each flow.
KW - Flow fingerprinting
KW - linear codes
KW - network security
KW - traffic analysis
UR - http://www.scopus.com/inward/record.url?scp=84884930303&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84884930303&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-39077-7_11
DO - 10.1007/978-3-642-39077-7_11
M3 - Conference contribution
AN - SCOPUS:84884930303
SN - 9783642390760
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 205
EP - 224
BT - Privacy Enhancing Technologies - 13th International Symposium, PETS 2013, Proceedings
T2 - 13th International Symposium on Privacy Enhancing Technologies, PETS 2013
Y2 - 10 July 2013 through 12 July 2013
ER -