[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[freehaven-cvs] r1759: Oops. There were some more notes floating on my laptop. (in doc/trunk: . correlation07)
Author: nickm
Date: 2007-01-27 13:50:56 -0500 (Sat, 27 Jan 2007)
New Revision: 1759
Modified:
doc/trunk/
doc/trunk/correlation07/notes.txt
doc/trunk/correlation07/traffic.bib
Log:
r11561@catbus: nickm | 2007-01-27 13:50:49 -0500
Oops. There were some more notes floating on my laptop.
Property changes on: doc/trunk
___________________________________________________________________
svk:merge ticket from /freehaven-doc/trunk [r11561] on 8246c3cf-6607-4228-993b-4d95d33730f1
Modified: doc/trunk/correlation07/notes.txt
===================================================================
--- doc/trunk/correlation07/notes.txt 2007-01-24 19:27:56 UTC (rev 1758)
+++ doc/trunk/correlation07/notes.txt 2007-01-27 18:50:56 UTC (rev 1759)
@@ -10,6 +10,7 @@
yours--but feel free to clarify for my benefit. ;)
+======================================================================
"Traffic analysis of Continuous-time mixes"
Danezis, PET 2004, pp. 35-50
@@ -36,6 +37,8 @@
Target system seems to be SG-like.
+======================================================================
+
"On Flow Correlation Attacks and Countermeasures in Mix Networks"
- Zhu, Fu, Graham, Bettati, and Zhao.
PET 2004, pp 207-225.
@@ -57,3 +60,36 @@
Most crucial details are described in TR2003-8-9, which doesn't seem to be
online. Asked Riccardo for a copy on 6 Dec; no link received yet.
+
+======================================================================
+"Inter-Packet Delay Based Coorelation for Tracing Encrypted Connections
+ through Stepping Stones"
+- Xinyuan Wang and Douglas S. Reeves and S. Felix Wu
+ESORICS 2002, 244--263
+
+Attack: Against an ersatz low-latency anonymity network built by an attacker
+using chained SSH tunnels or something similar. Transform in/out streams to
+a correlation metric using a "metric function"; use a "correlation value
+function" to compare metrics.
+
+Uses inter-packet delay as observations of streams; assumes one-to-one
+correspondence with incoming and outgoing packets.
+
+Examines multiple functions to assess correlation: Min/max sum ration (take
+ratio of sum of larger elements pairwise to sum of smaller elements pairwise
+between streams). Statistical correlation: take correlation of
+IPDs. Normalized dot product 1: X dot Y / MAX(X^2, Y^2). Normalized dot
+product 2: X dot Y / MAX(x_i,y_i)^2. Correlation value function: a little
+complex.
+
+Experiment: Build a telnet/ssh/telnet/ssh tunnel, capture traces (how many?)
+with timestamp resolution of 1 usec. Filter out duplicate, retransmitted,
+and ack-only packets.
+
+Experiment take multiple sets of flows; try to match them with different
+methods.
+
+Favors min/max sum.
+
+
+======================================================================
\ No newline at end of file
Modified: doc/trunk/correlation07/traffic.bib
===================================================================
--- doc/trunk/correlation07/traffic.bib 2007-01-24 19:27:56 UTC (rev 1758)
+++ doc/trunk/correlation07/traffic.bib 2007-01-27 18:50:56 UTC (rev 1759)
@@ -46,6 +46,7 @@
% http://faculty.cs.tamu.edu/bettati/Papers/Globecom05/globecom05.pdf
+
@inproceedings{pet05-bissias,
author = {George Dean Bissias and Marc Liberatore and Brian Neil Levine},
title = {Privacy Vulnerabilities in Encrypted HTTP Streams},
@@ -227,12 +228,11 @@
% not in anonbib
@InProceedings{TH06a,
author = {Gergely T\'oth and Zolt\'an Horn\'ak},
- title = {The Chances of Successful Attacks Against Continuous-time
-+Mixes},
+ title = {The Chances of Successful Attacks Against Continuous-time Mixes},
booktitle = {Proceedings of the 11th Nordic Workshop on Secure IT Systems},
year = {2006},
address = {Link\"oping, Sweden}
-}
+ www_pdf_url = {http://home.mit.bme.hu/~tgm/phd/publikaciok/2006/nordsec06/tg_nordsec2006_06_final-reviewed.pdf}
% Read
@@ -281,8 +281,8 @@
www_important = {1},
www_ps_url = {http://www.geocities.com/j_f_raymond/mesarticles/berkeley_ws_lncs.ps},
www_pdf_url = {http://www.geocities.com/j_f_raymond/mesarticles/berkeley_ws_lncs.pdf},
- notes = {Not terribly useful; describtes timing and volume attacks
- only slightly. }
+ notes = {Not terribly useful here; describes timing and volume attacks
+ only slightly in 3.3 and 3.4, but provides no algorithm.}
}
@@ -298,7 +298,7 @@
notes = {Very nicely written formulation of end-to-end timing
correlation, with experiments and methods. Focused
on tracing ersatz anonymizers constructed by an
- attacker. }
+ attacker.}
}
@@ -349,7 +349,7 @@
www_html_url = "http://guh.nu/projects/ta/safeweb/safeweb.html",
www_pdf_url = "http://guh.nu/projects/ta/safeweb/safeweb.pdf",
www_ps_url = "http://guh.nu/projects/ta/safeweb/safeweb.ps",
- notes = {Introduces fingerprinting. Doesn't do much statistics.}
+ notes = {Introduces fingerprinting, but doesn't do much statistics.}
}
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxx with
unsubscribe freehaven-cvs in the body. http://freehaven.net/