2 Dec 2014

Correlation-Based Traffic Analysis Attacks on Anonymity Networks



Abstract


In this paper, we address attacks that exploit the timing behavior of TCP and other protocols and applications in low-latency anonymity networks. Mixes have been used in many anonymous communication systems and are supposed to provide countermeasures to defeat traffic analysis attacks. In this paper, we focus on a particular class of traffic analysis attacks, flow correlation attacks, by which an adversary attempts to analyze the network traffic and correlate the traffic of a flow over an input link with that over an output link. Two classes of correlation methods are considered, namely time-domain methods and frequency-domain methods. Based on our threat model and known strategies in existing mix networks, we perform extensive experiments to analyze the performance of mixes. We find that all but a few batching strategies fail against flow-correlation attacks, allowing the adversary to either identify ingress and egress points of a flow or to reconstruct the path used by the flow. Counter intuitively, some batching strategies are actually detrimental against attacks. The empirical results provided in this paper give an indication to designers of Mix networks about appropriate configurations and mechanisms to be used to counter flow-correlation attacks


Existing System:

In Existing System, the anonymity of a system can be passively attacked by an observer in two ways, either through inspection of payload or headers of the exchanged data packets, or, when encryption is used, through traffic analysis. Sufficiently effective encryption can be used to prevent packet content inspection, giving prevalence to the second form of attack. Traffic analysis is typically countered by the use of intermediary nodes, whose role is to perturb the traffic flow and thus confuse an external observer.

Proposed System:

In Proposed System, we focus on a particular class of traffic analysis attacks, flow correlation attacks, by which an adversary attempts to analyze the network traffic and correlate the traffic of a flow over an input link with that over an output link. Two classes of correlation methods are considered, namely time-domain methods and frequency-domain methods. This paper focuses on the quantitative evaluation of mix performance. We focus our analysis on a particular type of attack, which we call the flow-correlation attack. In general, flow-correlation attacks attempt to reduce the anonymity degree by estimating the path of flows through the mix network. Flow correlation analyzes the traffic on a set of links (observation points) inside the network and estimates the likelihood for each link to be on the path of the flow under consideration. An adversary analyzes the network traffic with the intention of identifying which of several output ports a flow at an input port of a mix is taking. We avoid unwanted packets hacking problem.



System Requirements:
SOFTWARE REQUIREMENTS
n  Language : Java, swing
n  Back End Tool: SQL SERVER 2000
n  Operating System: Windows 98 and more.

HARDWARE REQUIREMENTS
n  Processor : Intel Pentium III Processor 
n  Random Memory: 128MB
n  Hard Disk :20GB



No comments:

Post a Comment

Note: only a member of this blog may post a comment.