practical traffic analysis attacks on secure messaging
play

Practical Traffic Analysis Attacks on Secure Messaging Applications - PowerPoint PPT Presentation

Feb 19, 2024 •94 likes •512 views

Electrical and Computer Engineering Department Practical Traffic Analysis Attacks on Secure Messaging Applications Alireza Bahramali, Ramin Soltani, Amir Houmansadr, Dennis Goeckel, Don Towsley University of Massachusetts Amherst Instant

  1. Electrical and Computer Engineering Department Practical Traffic Analysis Attacks on Secure Messaging Applications Alireza Bahramali, Ramin Soltani, Amir Houmansadr, Dennis Goeckel, Don Towsley University of Massachusetts Amherst

  2. Instant Messaging is Popular! ❖ Over 2 billion people use Instant Messaging (IM) applications ❖ Used to exchange various types of messages 2

  3. Typical IM Providers ❖ A variety of IM services: Telegram, WhatsApp, Signal ❖ Most IMs have centralized structure ➢ All the communications are relayed through IM provider servers IM Server 3

  4. Typical IM Providers ❖ Various types of communication: ➢ One-to-one communication ➢ Group communication ➢ Channel communication: admins and members IM Server Admins Members 4

  5. IM Communications are Sensitive ❖ Extensively used to exchange politically and socially sensitive contents ❖ Therefore, IM services are attractive targets for government and corporation surveillance 5

  6. Examples 6

  7. How Confidential Are IMs? The good news: content is protected by Encryption, End-to-Middle or End-to-End IM Server Client Client The bad news: traffic patterns leak information 7

  8. How Patterns Leak? Admin Member1 Member 2 Member 3 8

  9. Objective of this study: investigate the threat of traffic analysis to popular IM services ❖ This is a fundamental vulnerability! ➢ Major IM services do not obfuscate traffic patterns because it’s expensive 9

  10. Our Attack A surveillance organization Adversary No need to cooperate with IM server Goal Identify participants of a target IM communication Timing Traffic Meta-data Identity of IM users Analysis Size 10

  11. Attack Scenario Surveillance Area Adversary observes IM Server target user traffic A d v e r s a c r Target o y m o m b s u User e n r i v c e a s t i t g o a r n r o g t u e r n a t d f f t i c r u a t s h Target channel: “Let’s protest” 11

  12. Adversary Ground Truth Adversary joins the Adversary observes target channel as a IM Server target user traffic member. A d v Target e Adversary joins the r s a c r o y User m o m b target channel as an s u e n r i v c e a s t i t g o a admin. r n r o g t u e r n a t d f f i t c r u a t s h Adversary wiretaps an identified Target channel: “Let’s protest” member/admin. 12

  13. Target User Surveillance Area Target user is the Adversary observes admin of the target IM Server target user traffic communication A d v Target e r s a Target user is the c r o y User m o m b s u e n r member of the target i v c e a s t i t g o a r n r o g t communication u e r n a t d f f i t c r u a t s h Target channel: “Let’s protest” 13

  14. Outline ❖ Modeling IM traffic: We established a statistical model for regular IM communications ❖ Design attack algorithms: We use hypothesis testing to design attack algorithms ❖ Experiments: We perform experiments on Telegram, WhatsApp, and Signal ❖ Countermeasures: We design and implement an open-source countermeasure system called IMProxy 14

  15. Outline ❖ Modeling IM traffic: We established a statistical model for regular IM communications. ❖ Design attack algorithms: We use hypothesis testing to design attack algorithms ❖ Experiments: We perform experiments on Telegram, WhatsApp, and Signal ❖ Countermeasures: We design and implement an open-source countermeasure system called IMProxy 15

  16. Modeling IM Traffic ❖ Deriving theoretical bounds on our traffic analysis algorithms. ❖ Generating synthetic IM communication. ❖ Dataset: Traffic patterns of 1000 Telegram channels, each for 24 hours. 16

  17. Modeling IM Traffic IM Features Inter-Message Communication Message Types Message Sizes Delays (IMD) Latency 17

  18. Outline ❖ Modeling IM traffic: We established a statistical model for regular IM communications ❖ Design attack algorithms: We use hypothesis testing to design attack algorithms ❖ Experiments: We perform experiments on Telegram, WhatsApp, and Signal ❖ Countermeasures: We design and implement an open-source countermeasure system called IMProxy 18

  19. Attack Algorithms Event-Based Shape-based Algorithm Algorithm 19

  20. Attack Algorithms: Event-Based If two events are close enough: 1- Event Extraction 2- Correlation Event MATCH! Function 3- Comparing to a Threshold Target User 20

  21. Hypothesis Testing 21

  22. Attack Algorithms: Shape-Based 1- Event Extraction 2- Traffic Normalization Cosine Traffic Bars Event 3- Correlation Similarity Function 4- Comparing to a Threshold Target User 22

  23. Outline ❖ Modeling IM traffic: We established a statistical model for regular IM communications ❖ Design attack algorithms: We use hypothesis testing to design attack algorithms ❖ Experiments: We perform experiments on Telegram, WhatsApp, and Signal ❖ Countermeasures: We design and implement an open-source countermeasure system called IMProxy 23

  24. Experimental Setup ❖ We perform experiments extensively on Telegram, WhatsApp, and Signal ❖ We use patterns of 500 channels. ❖ Scenarios ➢ Identifying Admin of a Telegram channel ➢ Wiretapping an identified user (one-to-one) 24

  25. Attacks’ Performance Even with 15 minutes of traffic both algorithms have 94% Event-based algorithm Shape-based algorithm confidence while FP rate is 0.001 25

  26. Why Not Deep Learning? We compared our work with DeepCorr We perform better than DeepCorr for smaller false positive rates!!? 1- IM flows are sparse. 2- IM flows are less noisy. 26

  27. Outline ❖ Modeling IM traffic: We established a statistical model for regular IM communications ❖ Design attack algorithms: We use hypothesis testing to design attack algorithms ❖ Experiments: We perform experiments on Telegram, WhatsApp, and Signal ❖ Countermeasures: We design and implement an open-source countermeasure system called IMProxy 27

  28. How to defend? 1- Using circumvention Event-based detector systems: Tor, VPN They are not effective without any background traffic. 28

  29. IMProxy ❖ Algorithms: ❖ A proxy-based ➢ Adding delay obfuscation system ➢ Adding dummy ❖ No IM cooperation packets required ❖ Can be applied to any ❖ Main components: IM service just by ➢ Local proxy proxy the IM traffic ➢ Remote proxy through it 29

  30. How It Works? Adversary Watching Adversary Watching IM Server Remote Remote proxy proxy Padding packets Removing padded packets Removing Padding packets padded packets Adding delay Local Local proxy proxy sender receiver Not observable by (admin) (member) adversary 30

  31. Evaluating IMProxy ❖ Latency: A Laplacian distribution with parameter ❖ SOCKS5 proxy ❖ Adding dummy packets based on a Uniform Distribution ❖ Event-based attack With 10% bandwidth overhead, we have 30% decrease in confidence 31

  32. Conclusions ❖ We show that despite the use of encryption, popular IM applications leak sensitive information about their client’s activities. ❖ The reason is that IMs do not use any obfuscation algorithms because it is expensive ❖ We hope that our results warn IM providers to take proper measures Thanks to 32

  33. How It Works? S u r v e i l l a n c Remove Padded e A Padding packets packets r e a SIM Server Local proxy Remote proxy Padding packets and adding delays Remove Padded packets Remote proxy Local proxy 33

  34. A Fundamental Vulnerability We show that despite the use of encryption, popular IM applications leak sensitive information about their client’s activities. Why? How? Merely watching Obfuscation of traffic encrypted IM traffic. is expensive for IM (Traffic Analysis) operators. 34

  35. How to defend? 2- Using IMProxy Obfuscate timings by adding delays IMProxy: A proxy-based obfuscation system Obfuscate sizes by adding dummy traffic How it works? 35

  36. Evaluating IMProxy ❖ Evaluating against IMProxy aware adversary ❖ Adversary trains a classifier on traffic flows 36

  37. Attack Algorithms: Shape-Based Cosine Similarity Target User 37

  38. Evaluating IMProxy ● Latency: A laplacian distribution with parameter ● Adding dummy packets based a Uniform Distribution ● SOCKS5 proxy Oblivious adversary IMProxy-aware adversary 38

  39. Generalizing to other IMs Messages in IMs have the same shape of traffic They appear as bursts of packets Viber Signal WhatsApp Telegram 39

  40. Telegram ❖ 200 million monthly active users. ❖ Most users are in countries with strict media regulations. Iran Russia ❖ It has the concept of channels. ❖ Telegram consumes 60! percent of Iran’s Internet bandwidth! 40

Recommend

using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis

using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis

Website Fingerprinting using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis Wiki says What is Traffic Analysis Wiki says Process of intercepting and examining messages in order to deduce

1.15k views • 41 slides
Secure Messaging Lecture 23 Messaging Alice Bob Secure Messaging Corruption model

Secure Messaging Lecture 23 Messaging Alice Bob Secure Messaging Corruption model

Secure Messaging Lecture 23 Messaging Alice Bob Secure Messaging Corruption model Server/network is adversarial (but trusted identity registration needed) Windows of compromise when a party is under adversarial control (or readable

933 views • 14 slides
Secure Communications Center (SCC) Secure Messaging and Location Tracking Smartphones

Secure Communications Center (SCC) Secure Messaging and Location Tracking Smartphones

Secure Communications Center (SCC) Secure Messaging and Location Tracking Smartphones Information Technology Security Location User Messaging Tracking Network * CEO A. Baar Akbay CFO PDM M. Melih H. Hakan Deirmenci Kahraman

371 views • 36 slides
Secure Instant Messaging Mike Davis, phar@stonedcoder.org Introduction Brief History of IM,

Secure Instant Messaging Mike Davis, phar@stonedcoder.org Introduction Brief History of IM,

Secure Instant Messaging Mike Davis, phar@stonedcoder.org Introduction Brief History of IM, and attacks against it How IM is being used today, and why these uses make strong security essential Current problems and examples To-do

258 views • 23 slides
Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis Jelle van den Hooff, David

Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis Jelle van den Hooff, David

Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis Jelle van den Hooff, David Lazar, Matei Zaharia, Nickolai Zeldovich MIT CSAIL Symposium on Operating Systems Principles (SOSP), 2015 1 / 12 Motivation Encryption systems hide

608 views • 14 slides
About that little buffer in Active monitoring results: Comparable amount of traffic (lots of

About that little buffer in Active monitoring results: Comparable amount of traffic (lots of

Backscatter and Global Analysis Stefan Zota Attacks Analyze tcpdump logs and get global Top attack sources abnormal traffic Unsuccessful TCP connections Gather vanilla statistics: SYN attacks TCP RST ACK backscatter Port classification

367 views • 9 slides
A Protocol for Secure Public Instant Messaging Mohammad Mannan and Paul C. van Oorschot Digital

A Protocol for Secure Public Instant Messaging Mohammad Mannan and Paul C. van Oorschot Digital

Secure Public Instant Messaging Financial Cryptography - Feb 27, 2006 A Protocol for Secure Public Instant Messaging Mohammad Mannan and Paul C. van Oorschot Digital Security Group Carleton University, Canada Mohammad Mannan Feb 27, 2006 1

399 views • 15 slides
Tools for Security Analysis of Traffic on L7 Practical course 50th TF-CSIRT meeting and FIRST

Tools for Security Analysis of Traffic on L7 Practical course 50th TF-CSIRT meeting and FIRST

www.liberouter.org Tools for Security Analysis of Traffic on L7 Practical course 50th TF-CSIRT meeting and FIRST Regional Symposium for Europe Security Tools as a Service Flow monitoring overview Flow monitoring extended by application layer

1.99k views • 184 slides
The future of Messaging is integrated Secure and GDPR-ready video-, voice and chat solution

The future of Messaging is integrated Secure and GDPR-ready video-, voice and chat solution

Grape Chat Presentation 2019 The future of Messaging is integrated Secure and GDPR-ready video-, voice and chat solution that lives inside your favourite tools. The secure Autobahn of communication Integrate Grape with market leading

568 views • 25 slides
Secure Messaging Some slides adapted from Dr. Raluca Ada Popa at UC Berkeley End to End

Secure Messaging Some slides adapted from Dr. Raluca Ada Popa at UC Berkeley End to End

Secure Messaging Some slides adapted from Dr. Raluca Ada Popa at UC Berkeley End to End Encryption Only the two parties communicating can decrypt messages Forward Secrecy Key compromise doesnt compromise past session keys

424 views • 23 slides
Channel Attacks on the AES Key Schedule Franois DASSANCE Inside Secure Alexandre VENELLI

Channel Attacks on the AES Key Schedule Franois DASSANCE Inside Secure Alexandre VENELLI

Combined Fault and Side- Channel Attacks on the AES Key Schedule Franois DASSANCE Inside Secure Alexandre VENELLI Inside Secure FDTC 2012 09/09/2012 Outline 1. Combined attack 2. Related work on combined attacks Asymmetric

496 views • 28 slides
POST: A Secure, Resilient, Cooperative Messaging System A. Mislove, A. Post, C. Reis, P.

POST: A Secure, Resilient, Cooperative Messaging System A. Mislove, A. Post, C. Reis, P.

POST: A Secure, Resilient, Cooperative Messaging System A. Mislove, A. Post, C. Reis, P. Willmann, P. Druschel, D. S. Wallach Rice University X. Bonnaire, P. Sens, J.-M. Busca, L. Arantes-Bezerra University of Paris 6 (LIP6) HotOS 2003 1

197 views • 16 slides
Discussion: Remote Timing Attacks are Practical 600.624 2/11/05 Outline Why are timing

Discussion: Remote Timing Attacks are Practical 600.624 2/11/05 Outline Why are timing

Discussion: Remote Timing Attacks are Practical 600.624 2/11/05 Outline Why are timing attacks important? Clarifications Zero-One Gap / Neighborhood Size etc. Problems Questions Extensions Contribution Discussion

645 views • 26 slides
Anonymity and Secure Messaging Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to

Anonymity and Secure Messaging Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to

CSE 484 / CSE M 584: Computer Security and Privacy Anonymity and Secure Messaging Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John

779 views • 30 slides
Anonymity and Secure Messaging Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to

Anonymity and Secure Messaging Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to

CSE 484 / CSE M 584: Computer Security and Privacy Anonymity and Secure Messaging Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John

699 views • 54 slides
Network Function Insertion for Reliable and Secure Control Messaging Over Commodity Transport

Network Function Insertion for Reliable and Secure Control Messaging Over Commodity Transport

Network Function Insertion for Reliable and Secure Control Messaging Over Commodity Transport Deniz Gurkan, Nicholas Bastin, Stuart Baxley University of Houston Funded by the U.S. Department of Energy and the U.S. Department of Homeland

541 views • 15 slides
Secure Messaging CS 161: Computer Security Prof. Raluca Ada Popa Nov 29, 2016 Announcements

Secure Messaging CS 161: Computer Security Prof. Raluca Ada Popa Nov 29, 2016 Announcements

Secure Messaging CS 161: Computer Security Prof. Raluca Ada Popa Nov 29, 2016 Announcements Homework 3 due Dec 2 Final Dec 15, 11:30-2:30 End-to-end encryption Encryption decryptable only by the ends Intermediary dont receive decryption

769 views • 30 slides
Interactive traffic analysis and Interactive traffic analysis and visualization with Wisconsin

Interactive traffic analysis and Interactive traffic analysis and visualization with Wisconsin

Interactive traffic analysis and Interactive traffic analysis and visualization with Wisconsin Netpy visualization with Wisconsin Netpy Cristian Estan, Garret Magin University of Wisconsin-Madison USENIX LISA, 19 December 2005 Traffic

345 views • 18 slides
Remote Timing Attacks are Practical by David Brumley and Dan Boneh Presented by Seny Kamara in

Remote Timing Attacks are Practical by David Brumley and Dan Boneh Presented by Seny Kamara in

Remote Timing Attacks are Practical by David Brumley and Dan Boneh Presented by Seny Kamara in Advanced Topics in Network Security (600/650.624) Outline Traditional threat model in cryptography Side-channel attacks Kochers

1.19k views • 77 slides
Practical Padding Oracle Attacks J. Rizzo T. Duong Black Hat Europe, 2010 J. Rizzo, T. Duong

Practical Padding Oracle Attacks J. Rizzo T. Duong Black Hat Europe, 2010 J. Rizzo, T. Duong

Introduction Finding Padding Oracles Basic PO attacks Advanced PO attacks Summary Practical Padding Oracle Attacks J. Rizzo T. Duong Black Hat Europe, 2010 J. Rizzo, T. Duong Practical Padding Oracle Attacks Introduction Finding Padding

1.33k views • 108 slides
Practical Attacks on Implementations Juraj Somorovsky Ruhr University Bochum, HGI 3curity

Practical Attacks on Implementations Juraj Somorovsky Ruhr University Bochum, HGI 3curity

Practical Attacks on Implementations Juraj Somorovsky Ruhr University Bochum, HGI 3curity @jurajsomorovsky 1 Practi tical l Attacks on Real l World ld Crypto to Imple lementa mentati tion ons Juraj Somorovsky 1 Recent years

406 views • 29 slides
Man in the Middle Attacks Engineering Secure Software Last Revised: September 1, 2020 SWEN-331:

Man in the Middle Attacks Engineering Secure Software Last Revised: September 1, 2020 SWEN-331:

Man in the Middle Attacks Engineering Secure Software Last Revised: September 1, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 High Level View Allows the hacker to sit in between all communication between client and

398 views • 15 slides
Hardware Security Modules: Attacks and Secure Configuration Graham Steel Graham Steel April

Hardware Security Modules: Attacks and Secure Configuration Graham Steel Graham Steel April

Hardware Security Modules: Attacks and Secure Configuration Graham Steel Graham Steel April 2014 Graham Steel - HSM Attacks and Secure Configuration April 2014 - 2/ 56 Secure Hardware History Military: WW2 Enigma machines - captured

667 views • 56 slides
I MPROVED S TRONGLY D ENIABLE A UTHENTICATED K EY E XCHANGES F OR S ECURE M ESSAGING Nik Unger

I MPROVED S TRONGLY D ENIABLE A UTHENTICATED K EY E XCHANGES F OR S ECURE M ESSAGING Nik Unger

I MPROVED S TRONGLY D ENIABLE A UTHENTICATED K EY E XCHANGES F OR S ECURE M ESSAGING Nik Unger and Ian Goldberg Secure Messaging 2 Secure Messaging All-Verifier Deniable Anonymous Authentication End-to Authentication End Zone

776 views • 48 slides

More recommend