Novel Packet Size-Based Covert Channel Attacks against Anonymizer

In this paper, we present a study on the anonymity of Anonymizer, a well-known commercial anonymous communication system. We discovered the architecture of Anonymizer and found that the size of web packets in the Anonymizer network can be very dynamic at the client. Motivated by this finding, we inv...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on computers 2013-12, Vol.62 (12), p.2411-2426
Main Authors: Ling, Zhen, Fu, Xinwen, Jia, Weijia, Yu, Wei, Xuan, Dong, Luo, Junzhou
Format: Article
Language:English
Subjects:
Algorithms
Anonymizer
Channels
Computer architecture
Dynamics
Educational institutions
Electronic mail
Internet
Monte Carlo methods
Preserves
Product introduction
Servers
TCP (protocol)
TCP dynamics
Traffic engineering
Traffic flow
watermark
Web sites
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:In this paper, we present a study on the anonymity of Anonymizer, a well-known commercial anonymous communication system. We discovered the architecture of Anonymizer and found that the size of web packets in the Anonymizer network can be very dynamic at the client. Motivated by this finding, we investigated a class of novel packet size-based covert channel attacks against Anonymizer. The attacker between a website and the Anonymizer server can manipulate the web packet size and embed secret signal symbols into the target traffic. An accomplice at the user side can sniff the traffic and recognize the secret signal. In this way, the anonymity provided by Anonymizer is compromised. We developed intelligent and robust algorithms to cope with the packet size distortion incurred by Anonymizer and Internet. We developed techniques to make the attack harder to detect: 1) We pick up right packets of web objects to manipulate to preserve the regularity of the TCP packet size dynamics, which can be measured by the Hurst parameter; 2) We adopt the Monte Carlo sampling technique to preserve the distribution of the web packet size despite manipulation. We have implemented the attack over Anonymizer and conducted extensive analytical and experimental evaluations. It is observed that the attack is highly efficient and requires only tens of packets to compromise the anonymous web surfing via Anonymizer. The experimental results are consistent with our theoretical analysis.
ISSN:0018-9340
1557-9956
DOI:10.1109/TC.2012.169