## Files in this item

FilesDescriptionFormat

application/pdf

Xun_Gong.pdf (3MB)
(no description provided)PDF

## Description

 Title: Timing channels in traffic analysis Author(s): Gong, Xun Director of Research: Kiyavash, Negar Doctoral Committee Chair(s): Kiyavash, Negar Doctoral Committee Member(s): Borisov, Nikita; Caesar, Matthew C.; Veeravalli, Venugopal V. Department / Program: Electrical & Computer Eng Discipline: Electrical & Computer Engr Degree Granting Institution: University of Illinois at Urbana-Champaign Degree: Ph.D. Genre: Dissertation Subject(s): privacy and anonymity network security information theory Abstract: We study two timing channel problems abstracted from practices of network traffic analysis. The first timing channel exists in a router receiving packets from two users; due to the sharing of router buffer, queuing delays of one user's packets incidentally convey information about the other user's packet arrival pattern. We demonstrate the feasibility of such a channel in reality by devising a remote traffic analysis attack on home broadband users. In particular, we implement a website detection attack that exploits a timing side channel in the user's DSL router, and show that adversaries can learn sufficient information pertaining to the user's activities on the web by sending probes from a far-off vantage point. To investigate performances of timing side channels in general systems with a shared queue, we consider a job scheduler serving a regular user and a malicious attacker, and quantify information leakage using a Shannon mutual information based metric. Our analysis reveals the fundamental privacy flaw of the class of deterministic work-conserving schedulers, such as longest-queue-first (LQF), first-come-fist-serve (FCFS), and round robin; we show that the attacker always learns half of a low-rate user's arrival pattern. We also study the usage of a shared queue for covert communication by considering a timing covert channel scenario, where one user of the scheduler encodes a message in job-issuing times and the other user decodes this message from job queuing delays. Formulating this as a conventional communication channel problem, we derive the channel capacities for common schedulers. The second timing channel studied is the timing stenographic channel arising in network flow watermarking, a technique with applications in attacking low-latency anonymous networks and detecting stepping stones. By injecting an invisible" timing pattern (namely the watermark) in a packet flow, one can stealthily track the path of the flow in the network. Earlier flow watermarking schemes mostly considered substitution errors, neglecting the effects of packet insertions and deletions that commonly happen within a network. More recent schemes considered packet deletions but often at the expense of the watermark visibility. We present an invisible flow watermarking scheme capable of enduring a large number of packet losses and insertions. We model the watermarking embedding/decoding processes as a timing stenographic channel with dependent substitution, deletion and bursty insertion errors, and propose a reliable watermark decoding scheme by formulating the watermark decoding as an estimation problem. To maintain visibility, our scheme embeds the watermark into inter-packet delays, as opposed to time intervals including many packets. Experimental results on both synthetic and real network traces demonstrate that our scheme is robust to network jitter, packet drops and splits, while remaining invisible to an attacker. Issue Date: 2014-09-16 URI: http://hdl.handle.net/2142/50541 Rights Information: Copyright 2014 Xun Gong Date Available in IDEALS: 2014-09-16 Date Deposited: 2014-08
﻿