On the secrecy of timing-based active watermarking trace-back techniques
- 1 January 2006
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
- p. 15 pp.-349
- https://doi.org/10.1109/sp.2006.28
Abstract
Timing-based active watermarking schemes are developed to trace back attackers through stepping stone connections or anonymizing networks. By slightly changing packet timing, these schemes achieve robust correlation for encrypted network connections under timing perturbation. However, the manipulation on packet timing makes the schemes themselves a potential target of intelligent attackers. In this paper, we analyze the secrecy of the timing-based active watermarking techniques for tracing through stepping stones, and propose an attack scheme based on analyzing the packet delays between adjacent stepping stones. We develop attack techniques to infer important watermark parameters, and to recover and duplicate embedded watermarks. The resulting techniques enable an attacker to defeat the tracing systems in certain cases by removing watermarks from the stepping stone connections, or replicating watermarks in non-stepping stone connections. We also develop techniques to determine in real-time whether a stepping stone connection is being watermarked for trace-back purposes. We have performed substantial experiments using real-world data to evaluate these techniques. The experimental results demonstrate that for the watermark scheme being attacked (1) embedded watermarks can be successfully recovered and duplicated when the watermark parameters are not chosen carefully, and (2) the existence of watermarks in a network flow can always be quickly detectedKeywords
This publication has 15 references indexed in Scilit:
- Low-Cost Traffic Analysis of TorPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2005
- Timing Attacks in Low-Latency Mix SystemsLecture Notes in Computer Science, 2004
- Detection of Interactive Stepping Stones: Algorithms and Confidence BoundsLecture Notes in Computer Science, 2004
- Single-packet IP tracebackIEEE/ACM Transactions on Networking, 2002
- TarzanPublished by Association for Computing Machinery (ACM) ,2002
- Efficient packet marking for large-scale IP tracebackPublished by Association for Computing Machinery (ACM) ,2002
- Multiscale Stepping-Stone Detection: Detecting Pairs of Jittered Interactive Streams by Exploiting Maximum Tolerable DelayLecture Notes in Computer Science, 2002
- Network support for IP tracebackIEEE/ACM Transactions on Networking, 2001
- On calibrating measurements of packet transit timesPublished by Association for Computing Machinery (ACM) ,1998
- Improving the EM AlgorithmPublished by JSTOR ,1993