Upload
norma-harvey
View
213
Download
0
Embed Size (px)
Citation preview
VoIP Tracing
Active De-anonymization of Streams
Timing Attacks [LRWW ’04]
• “Normal” flows– e.g. HTTP, FTP, SSH– Think times dominate– Very easy to do timing analysis
• Constant rate flows– 10 pkts/sec = 1 pkt. every 0.1 sec– All streams look the same– Correlations are poor
• dropped pkts help
VoIP
• Similar to constant rate– high rate of pkts (every 20 or 30 ms)– steady flow– no “think times”
• Thus– hard to do end-to-end timing analysis
Key Results
• ?
A Simple Idea
Trent’s Anonymity Service
A
B
C
X
Y
Z
Caveats
• VoIP– time-critcal– Why do we care if we degrade the phone
service of the terrorists?
Watermarking
• No DRM– 1. Alice sells a song online– 2. Mallory & many others buy the song– 3. Mallory puts the song on Kazaa– 4. Alice gets angry
• But doesn’t know who did it
Watermarking
• DRM– 1. Alice sells a song online
• Each copy has a special, hard-to-see, hard-to-remove “stamp”
– 2. Mallory & many others buy the song– 3. Mallory puts the song on Kazaa– 4. Alice gets angry– 5. Alice checks the stamp– 6. Mallory goes to jail
Watermarking Packets
• Content-based– Embed the stamp in the data
• Ideally based on a key
– Very hard to remove the stamp• unless you have a key
• Cannot change the packet– Why not?
• What can you change?
Algorithm
• Select about 2r packets at random– independently selected
• Select a distance d• Look at delays
– between packet x and x+d
• Split the 2r delays into two sets– A and B
Algorithm 2
• The differences should be zero– A(i) - B(j) = 0, on average– The actual value is a random variable– distribution: symmetric, centered on 0
• redundancy: number of differences used
• Embedding the “stamp”– increase or decrease the average– which one = which bit (0 or 1)