Xinyue Jiang,Risheng Deng,Dong Zhang,Chunming Wu

DOI: https://doi.org/10.1109/iThings-GreenCom-CPSCom-SmartData-Cybermatics53846.2021.00035

2021-01-01

Abstract:The large-scale distributed network has exposed increasing attack surfaces to cyber attackers. In this paper, we present a refined network measurement mechanism, called DDoS Collaborative Mitigation Mechanism (DDoSCCM). Based on former achievements in the programmable network, our work aims at capturing the characters of abnormal traffic and presenting an antedating reaction, constrained by limited resources of the switching ASIC. In-band Network Telemetry (INT) technique achieves real-time monitoring of the network by utilizing the device data acquisition on the data plane. Our work helps the network operator not only to learn the status of the network but also to issue an appropriate mitigation strategy faster and more accurately. DDoSCCM aims at delegating both detection and mitigation processes to the programmable switch. Consequently, the theoretical analysis and experimental results show that DDoSCCM can meet practical requirements and have a certain application value.

Subodha Charles,Prabhat Mishra

DOI: https://doi.org/10.48550/arXiv.2302.06118

2023-02-13

Cryptography and Security

Abstract:Advances in manufacturing technologies have enabled System-on-Chip (SoC) designers to integrate an increasing number of cores on a single SoC. Increasing SoC complexity coupled with tight time-to-market deadlines has led to increased utilization of Intellectual Property (IP) cores from third-party vendors. SoC supply chain is widely acknowledged as a major source of security vulnerabilities. Potentially malicious third-party IPs integrated on the same Network-on-Chip (NoC) with the trusted components can lead to security and trust concerns. While secure communication is a well-studied problem in the computer networks domain, it is not feasible to implement those solutions on resource-constrained SoCs. In this paper, we present a lightweight encryption and anonymous routing protocol for communication between IP cores in NoC based SoCs. Our method eliminates the major overhead associated with traditional encryption and anonymous routing protocols using a novel secret sharing mechanism while ensuring that the desired security goals are met. Experimental results demonstrate that existing security solutions on NoC can introduce significant (1.5X) performance degradation, whereas our approach provides the same security features with minor (4%) impact on performance.

Yanfei Fan,Yixin Jiang,Haojin Zhu,Jiming Chen,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/twc.2011.122010.100087

IF: 10.4

2010-01-01

IEEE Transactions on Wireless Communications

Abstract:Privacy threat is one of the critical issues in multi-hop wireless networks, where attacks such as traffic analysis and flow tracing can be easily launched by a malicious adversary due to the open wireless medium. Network coding has the potential to thwart these attacks since the coding/mixing operation is encouraged at intermediate nodes. However, the simple deployment of network coding cannot achieve the goal once enough packets are collected by the adversaries. On the other hand, the coding/mixing nature precludes the feasibility of employing the existing privacy-preserving techniques, such as Onion Routing. In this paper, we propose a novel network coding based privacy-preserving scheme against traffic analysis in multi-hop wireless networks. With homomorphic encryption on Global Encoding Vectors (GEVs), the proposed scheme offers two significant privacy-preserving features, packet flow untraceability and message content confidentiality, for efficiently thwarting the traffic analysis attacks. Moreover, the proposed scheme keeps the random coding feature, and each sink can recover the source packets by inverting the GEVs with a very high probability. Theoretical analysis and simulative evaluation demonstrate the validity and efficiency of the proposed scheme.

Xinwen Fu,Ye Zhu,Bryan Graham,Riccardo Bettati,Wei Zhao

DOI: https://doi.org/10.1166/juci.2007.005

2007-04-01

Journal of Ubiquitous Computing and Intelligence

Abstract:This paper studies the degradation of anonymity in a flow-based wireless mix network under flow marking attacks, in which an adversary embeds a recognizable pattern of marks into wireless traffic flows by electromagnetic interference. We find that traditional mix technologies are not effective in defeating flow marking attacks, and it may take an adversary only a few seconds to recognize the communication relationship between hosts by tracking such intentional marks. Flow marking attacks utilize frequency domain analytical techniques and convert time domain marks into invariant feature frequencies. To counter flow marking attacks, we propose a new class of countermeasure based on digital filtering technology and show that this filter-based countermeasure can effectively defend a wireless mix network from flow marking attacks.

Peng Zhang,Chuang Lin

DOI: https://doi.org/10.1007/978-3-319-31083-1_5

2016-01-01

Abstract:Wireless network coding is a promising technique that can enhance the throughput of wireless networks. However, such a technique also bears a serious security drawback: it breaks the current privacy-preserving protocols (e.g., Onion Routing), since their operations conflict each other. As user privacy in wireless networks is highly valued nowadays, a new privacy-preserving scheme that can function with wireless network coding becomes indispensable. To this end, this chapter presents a novel anonymity scheme named ANOC, which can function in network coding-based wireless mesh networks. ANOC is built upon the classic Onion Routing protocol and resolves its conflict with network coding by introducing efficient cooperation among relay nodes. Using ANOC, we can perform network coding to achieve a higher throughput, while still preserving user privacy in wireless mesh networks. We formally show how ANOC achieves the property of relationship anonymity and conduct extensive experiments via NSclick to demonstrate its feasibility and efficiency when integrated with network coding.

Kai Bu,Yutian Yang,Zixuan Guo,Yuanyuan Yang,Xing Li,Shigeng Zhang

DOI: https://doi.org/10.1109/infocom.2018.8486230

2018-01-01

Abstract:Software-Defined Networking (SDN) greatly simplifies middlebox policy enforcement. Middleboxes need tag packet headers to avoid forwarding ambiguity on SDN switches. In this paper, we present a new attack, called middlebox-bypass attack, to breach SDN-based middlebox policy enforcement. Such an attack manipulates a compromised switch to locally tag attacking packets without handing them over to the attached middlebox for inspection. Existing SDN security solutions, however, cannot detect the middlebox-bypass attack under practical constraints of efficiency, robustness, and applicability. We design and implement FlowCloak, the first protocol for per-packet real-time detection and prevention of middlebox-bypass attacks. FlowCloak enables middleboxes to generate tags that are probabilistically unknown to an attacker and confines it to only random guessing. We propose a multi-tag verification technique to address the tradeoff between FlowCloak robustness and TCAM usage by tag verification rules on the egress switch. Experiment results show that dozens of verification rules can confine the attacking probability under 0.1%. FlowCloak imposes only a 0.3 ms packet processing delay on middleboxes and no obvious delay on the egress switch.

Zhong Guan,Chang Liu,Gang Xiong,Zhen Li,Gaopeng Gou

DOI: https://doi.org/10.1016/j.cose.2022.103018

IF: 5.105

2023-01-01

Computers & Security

Abstract:Tor is the most widely used anonymous network which provides anonymity by using proxy nodes to route data. However, many researches have proved that flow correlation attacks can break the anonymity of users’ communication relationships: once attackers have access to the ingress and egress traffic flows at both ends of the network, they will find the specific user who is visiting a monitored Internet service by observing the traffic shape. Existing flow correlation attacks have limited effects because of insufficient traffic shape features, network noise influence and lack of differentiated learning on unrelated flows. In this paper, we propose an improved flow correlation attacking model named FlowTracker which contains four modules: In flow cumulative representation module, raw and normalized cumulative sequences are combined to construct robust traffic shape features. In noise resistant mapping module, stacked auto-encoders are adopted to learn the mapping relationship between related ingress and egress cumulative representations and filter out the network noise. Moreover, we leverage contrast learning in distance optimization module to generate the optimized representation in which difference between unrelated representations is amplified, further reducing the false correlation rate with similar but unrelated flows. Finally, the target flow is reported through a multi-layer decision process in the hierarchical judgment module. We evaluate FlowTracker and other advanced comparison methods on the public and self-built datasets with the more realistic unidirectional setting, experiment results demonstrate that FlowTracker has the highest attacking success rate under general and targeted scenarios, especially when the traffic shape is seriously destroyed by traffic obfuscation.

Jin Wang,Jianping Wang,Chuan Wu,Kejie Lu,Naijie Gu

DOI: https://doi.org/10.1109/infcom.2011.5934873

2011-04-01

Abstract:Flow untraceability is one critical requirement for anonymous communication with network coding, which prevents malicious attackers with wiretapping and traffic analysis abilities from relating the senders to the receivers, using linear dependency of the received packets. There have recently been proposals advocating encryptions on the Global Encoding Vectors (GEV) of network coding to thwart such attacks [1], [2]. Nevertheless, there has been no exploration of the capability of networking coding itself, to constitute more efficient and effective algorithms which guarantee anonymity. In this paper, we design a novel, simple, and effective linear network coding mechanism (ALNCode) to achieve flow untraceability in a communication network with multiple unicast flows. With solid theoretical analysis, we first show that linear network coding (LNC) can be applied to thwart traffic analysis attacks without the need of encrypting GEVs. Our key idea is to mix multiple flows at their intersection nodes by generating downstream GEVs from the common basis of upstream GEVs belonging to multiple flows, in order to hide the correlation of upstream and downstream GEVs in each flow. We then design a deterministic LNC scheme to implement our idea, by which the downstream GEVs produced are guaranteed to obfuscate their correlation with the corresponding upstream GEVs. We also give extensive theoretical analysis on the intersection probability of GEV bases and the influential factors to the effectiveness of our scheme, as well as the algorithm complexity to support its efficiency.

Zixuan Chen,Chao Zheng,Zhao Li,Jinqiao Shi,Zeyu Li

DOI: https://doi.org/10.1109/cscwd61410.2024.10580831

2024-01-01

Abstract:Stepping-stones are widely used by attackers to conceal their identities and gain unauthorized access to restricted targets. Numerous strategies have been suggested to identify stepping-stones and counteract evasive behaviors, with flow correlation standing out as the key technique used in many deanonymization methods. Existing attempts to tackle the flow correlation issue rely on long-flow observations and feature-based methods. Yet, these approaches meet substantial limitations in their suitability across diverse scenarios, network noises influence and accuracy, particularly in the stepping-stone environment. In this paper, we introduce an improved flow correlation model, FlowLinker, which aims to resolve these issues. Specifically, we combined multidimensional statistical features and cumulative flow sequences to construct a robust traffic feature. Then, we leveraged the triplet network to produce an optimized representation, amplifying the difference between unrelated representations. Consequently, it significantly reduces the false correlation rate with flows that seem similar but are unrelated. The experiments on real-world datasets from different network environments we collected show that FlowLinker outperforms other state-of-the-art methods with shorter lengths of flow observations.

Kai Bu,Yutian Yang,Zixuan Guo,Yuanyuan Yang,Xing Li,Shigeng Zhang

DOI: https://doi.org/10.1016/j.comnet.2021.108099

IF: 5.493

2021-01-01

Computer Networks

Abstract:Software-Defined Networking (SDN) greatly simplifies middlebox policy enforcement. Middleboxes need tag packet headers to avoid forwarding ambiguity on SDN switches. In this paper, we present a new attack, called middlebox-bypass attack, to breach SDN-based middlebox policy enforcement. Such an attack manipulates a compromised switch to locally tag attacking packets without handing them over to the attached middlebox for inspection. Existing SDN security solutions, however, cannot detect the middlebox-bypass attack under practical constraints of efficiency, robustness, and applicability. We design and implement FlowCloak, the first protocol for per-packet real-time detection and prevention of middlebox-bypass attacks. FlowCloak enables middleboxes to generate tags that are probabilistically unknown to an attacker and confines it to only random guessing. We propose a multi-tag verification technique to address the tradeoff between FlowCloak robustness and TCAM usage by tag verification rules on the egress switch. Experiment results show that dozens of verification rules can confine the attacking probability under 0.1%. We further explore implementation techniques of packet looping and field swapping that can enable a flow table pipeline on a single TCAM and mitigate packet correlation, respectively. FlowCloak imposes only a 0.01 ms packet processing delay on middleboxes and no obvious delay on the egress switch.

Taiyu Wong,Hongyan Cui,Yuepeng Shen,Wenqi Lin,Tao Yu

DOI: https://doi.org/10.1109/uv.2018.8642139

2018-01-01

Abstract:As more and more personal information is used in network services, network anonymity has received more and more attention. Attackers could endanger the victims’ privacy by attacking or eavesdropping nodes during the networks routing. For example, attackers could retrieve the IP and MAC address of victims from network traffics, and use it to corelate the network behavior to individuals. The emerging Software Defined Network (SDN) technique provides a pretty flexible platform that can control the whole network by software programming, which propose a new solution to realize the network anonymity problem. In this paper, we propose a solution based on SDN to anonymize both MAC and IP addresses of network traffics in order to mitigate the privacy threats, and programing it. Furthermore, we test the anonymity function on our SDN Testbed. Our solution supports two working modes: a two-way anonymous mode which anonymizes the IP and MAC addresses of all data packets, and an one-way anonymous mode which anonymizes MAC and IP addresses of senders.

Ming Zheng,Jianping Wu,Haixin Duan

DOI: https://doi.org/10.1109/TrustCom.2013.79

2013-01-01

Abstract:Low-latency anonymous communication is widely used in privacy protection. However, the attacks against anonymous communication are critical threats to the privacy protection. Many efforts have been conducted to provide robustness by establishing anti-attack principles. In this paper we present a brief survey on attack methods and summarize up four underlying anti-attack principles. In order to better understand the background of anonymous communication, we demonstrate the processes of attack and introduce some typical attack methods, ranging from active attacks to passive attacks. Based on our analysis, we propose four underlying principles, including information leaking prevention, key node protection, data stream signatures elimination and connection characteristics elimination, to improve the anti-attack ability of low-latency anonymous communication. To validate these principles, we design a protocol named Hermit-crab, which follows the four anti-attack principles. The analysis shows the protocol can effectively defend common attacks in low-latency anonymous communication.

Chen Chen,Adrian Perrig

DOI: https://doi.org/10.1515/popets-2017-0007

2016-12-22

Proceedings on Privacy Enhancing Technologies

Abstract:Abstract We identify two vulnerabilities for existing highspeed network-layer anonymity protocols, such as LAP and Dovetail. First, the header formats of LAP and Dovetail leak path information, reducing the anonymity-set size when an adversary launches topological attacks. Second, ASes can launch session hijacking attacks to deanonymize destinations. HORNET addresses these problems but incurs additional bandwidth overhead and latency. In this paper, we propose PHI, a Path-HIdden lightweight anonymity protocol that solves both challenges while maintaining the same level of efficiency as LAP and Dovetail. We present an efficient packet header format that hides path information and a new back-off setup method that is compatible with current and future network architectures. Our experiments demonstrate that PHI expands anonymity sets of LAP and Dovetail by over 30x and reaches 120 Gbps forwarding speed on a commodity software router.

Peng Zhang,Chuang Lin,Yixin Jiang,Patrick P. C. Lee,John C. S. Lui

DOI: https://doi.org/10.1109/jsac.2012.121018

IF: 16.4

2012-01-01

IEEE Journal on Selected Areas in Communications

Abstract:Practical wireless network coding (e. g., COPE) is a promising technique that can enhance the throughput of wireless networks. However, such a technique also bears a serious security drawback: it breaks the current privacy-preserving protocols (e. g., Onion Routing), since their operations conflict each other. As user privacy in wireless networks is highly valued nowadays, a new privacy-preserving scheme that can function with wireless network coding becomes indispensable.To address such a challenge, we apply the idea of cooperative networking and design a novel anonymity scheme named ANOC, which can function in network-coding-based wireless mesh networks. ANOC is built upon the classic Onion Routing protocol, and resolves its conflict with network coding by introducing efficient cooperation among relay nodes. Using ANOC, we can perform network coding to achieve a higher throughput, while still preserving user privacy in wireless mesh networks. We formally show how ANOC achieves the property of relationship anonymity, and conduct extensive experiments via nsclick to demonstrates its feasibility and efficiency when integrated with network coding.

Parvathinathan Venkitasubramaniam,Ting He,Lang Tong

DOI: https://doi.org/10.1109/tit.2008.921660

IF: 2.5

2008-06-01

IEEE Transactions on Information Theory

Abstract:The problem of security against packet timing based traffic analysis in wireless networks is considered in this work. An analytical measure of “anonymity” of routes in eavesdropped networks is proposed using the information-theoretic equivocation. for a physical layer with orthogonal transmitter directed signaling, scheduling and relaying techniques are designed to maximize achievable network performance for any desired level of anonymity. the network performance is measured by the total rate of packets delivered from the sources to destinations under strict latency and medium access constraints. in particular, analytical results are presented for two scenarios: For a single relay that forwards packets from $m$ users, relaying strategies are provided that minimize the packet drops when the source nodes and the relay generate independent transmission schedules. A relay using such an independent scheduling strategy is undetectable by an eavesdropper and is referred to as a covert relay. Achievable rate regions are characterized under strict and average delay constraints on the traffic, when schedules are independent Poisson processes. For a multihop network with an arbitrary anonymity requirement, the problem of maximizing the sum-rate of flows (network throughput) is considered. A randomized selection strategy to choose covert relays as a function of the routes is designed for this purpose. Using the analytical results for a single covert relay, the strategy is optimized to obtain the maximum achievable throughput as a function of the desired level of anonymity. in particular, the throughput–anonymity relation for the proposed strategy is shown to be equivalent to an information-theoretic rate–distortion function.

computer science, information systems,engineering, electrical & electronic

Jingyu Hua,Zidong Zhou,Sheng Zhong

DOI: https://doi.org/10.1109/tifs.2020.3013093

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Link Layer Discovery Protocol (LLDP), which is widely used by the controller in Software-Defined Networking to discover the network topology, has been demonstrated to be unable to guarantee the integrity of its messages. Attackers could exploit this vulnerability to fabricate LLDP packets to declare a false link connecting two distant switches to the controller. By doing so, the controller would be misled to route flows to the false links, which leads to further DoS, eavesdropping and even hijacking attacks. This attack seems very similar to the well-known Worm-Hole Attack in wireless sensor networking (WSN). Nevertheless, in WSN, attackers are assumed to leverage an out-of-band wired channel to achieve the true packet transmission between the two cheating sensor nodes. Unfortunately, in SDN, there usually does not exist any out-of-band channels between the distant cheating switches. Flows misguided to the fake link will cause 100% packet loss, and thus be detected soon. In this article, we address this problem and propose the first True worm-hole attack in SDN, which could achieve packet transmission over the forged link without using any out-of-band channels. Instead, it introduces a relay host in the networks to build a completely in-band covert channel between the two cheating switches. Unlike the existing studies, a relay host is not required to be directly linked to them. Moreover, attackers are only assumed to poss the remote read and write privileges of the flow tables of the both cheating switches and do not have to alter any of their software or hardware. Our extensive experiments demonstrate the high feasibility of this attack. Both the increases of transmission delays and packet loss rates are within a reasonable range. We finally present and evaluate the countermeasures against the proposed attack.

Chong Fu,Jie Wang,Xiaoguang Chen,Zhiguang Qin,Mingyuan Zhao,Weizhong Qian

2011-01-01

Journal of Computational Information Systems

Abstract:Dependent Link Padding algorithm (DLP) is one of the most effective flow transformation methods to fight against the timing attack on the anonymous communication system. However, it causes significant negative effects on the communication performance due to the high volume of dummy packets sent during the processing. In order to improve the feasibility and the efficiency of DLP, we propose an extended DLP algorithm Hi-WAP-DLP in this paper. By applying Hierarchical Weighted Affinity Propagation (Hi-WAP) to cluster the flows based on flow density, DLP flow transformation is implemented on each flow cluster separately instead of handling all flows as a whole bundle. Through this mechanism, the dummy packets which generated by flow transformation are remarkably reduced. The simulation with the real Internet trace files proves that our proposed Hi-WAP-DLP algorithm can significantly improve the system performance and meet against the requirement of least acceptable anonymity. © 2011 Binary Information Press.

Tingwei Zhu,Dan Feng,Yu Hua,Fang Wang,Qingyu Shi,Jiahao Liu

DOI: https://doi.org/10.1109/icpp.2016.9

2016-01-01

Abstract:With the rapid growth of application migration, the anonymity in data center networks becomes important in breaking attack chains and guaranteeing user privacy. However, existing anonymity systems are designed for the Internet environment, which suffer from high computational and network resource consumption and deliver low performance, thus failing to be directly deployed in data centers. In order to address this problem, this paper proposes an efficient and easily deployed anonymity scheme for SDN-based data centers, called MIC. The main idea behind MIC is to conceal the communication participants by modifying the source/destination addresses (such as MAC, IP and port) at switch nodes, so as to achieve anonymity. Compared with the traditional overlay-based approaches, our in-network scheme has shorter transmission paths and less intermediate operations, thus achieving higher performance with less overhead. We also propose a collision avoidance mechanism to ensure the correctness of routing, and two mechanisms to enhance the traffic-analysis resistance. Our security analysis demonstrates that MIC ensures unlinkability and improves traffic-analysis resistance. Our experiments show that MIC has extremely low overhead compared with the base-line TCP (or SSL), e.g., less than 1% overhead in terms of throughput.

Jiangtao Zhai,Kaijie Zhang,Xiaolong Zeng,Yufei Meng,Guangjie Liu

DOI: https://doi.org/10.1155/2024/8823511

IF: 8.993

2024-10-31

International Journal of Intelligent Systems

Abstract:Anonymous network tracing is a significant research subject in the field of network security, and flow correlation technology serves as a fundamental technique for deanonymizing network traffic. Existing flow correlation techniques are considered ineffective and unreliable when applied on a large scale because they exhibit high false‐positive rates or require impractically long periods of traffic observation to achieve reliable correlations. To address this issue, this paper proposed an innovative flow correlation approach for the typical and most widely used Tor anonymous network by combining graph convolutional neural networks with triplet networks. Our proposed method involves extracting features such as packet intervals, packet lengths, and directions from Tor network traffic and encoding each flow into a graph representation. The integration of triplet networks enhances the internode relationships, which can effectively fuse flow representations with node associations. The graph convolutional neural network extracts features from the input graph topology, mapping them to distinct representations in the embedding space, thus effectively distinguishing different Tor flows. Experimental results demonstrate that with a false‐positive rate as low as 0.1%, the correlation accuracy reaches 86.4%, showcasing a 5.1% accuracy improvement compared to the existing state‐of‐the‐art methods.

computer science, artificial intelligence

Adam Back,Ulf Möller,Anton Stiglic

DOI: https://doi.org/10.1007/3-540-45496-9_18

2001-01-01

Abstract:We discuss problems and trade-offs with systems providing anonymity for web browsing (or more generally any communication system that requires low latency interaction). We focus on two main systems: the Freedom network [12] and PipeNet [8]. Although Freedom is efficient and reasonably secure against denial of service attacks, it is vulnerable to some generic traffic analysis attacks, which we describe. On the other hand, we look at PipeNet, a simple theoretical model which protects against the traffic analysis attacks we point out, but is vulnerable to denial of services attacks and has efficiency problems. In light of these observations, we discuss the trade-offs that one faces when trying to construct an efficient low latency communication system that protects users anonymity.