traffic analysis or encryption is not enough
play

TRAFFIC ANALYSIS: or... encryption is not enough Carmela Troncoso* - PowerPoint PPT Presentation

Jul 08, 2023 •511 likes •862 views

H2020-ICT-15 GA 688722 TRAFFIC ANALYSIS: or... encryption is not enough Carmela Troncoso* IMDEA Software Institute Summer school on real-world crypto and privacy 9 th June 2016 *Thanks to George Danezis for sharing slides Privacy in

  1. H2020-ICT-15 GA 688722 TRAFFIC ANALYSIS: or... encryption is not enough Carmela Troncoso* IMDEA Software Institute Summer school on real-world crypto and privacy 9 th June 2016 *Thanks to George Danezis for sharing slides

  2. Privacy in electronic communications Dear Dr. Bob, Can we change my chemo appointment? A. Alice Bob A Network

  3. Privacy in electronic communications Intelligence agencies Your Parents Dear Dr. Bob, SysAdmins Can we change my chemo appointment? The Boss Anybody A. curious ISPs Alice Bob A Network

  4. But we can encrypt! What is the problem? Dear Dr. Bob, Can we change my chemo appointment? A. Alice Bob A Network

  5. But we can encrypt! What is the problem? %Q}!$#!{}{¨@%%:@} @$@@¨}{}{@@}{}@{@ {@}@#$¨}{%@$%@@# @${P%@@}}}~ <>}@!@ Alice Bob A Network

  6. But we can encrypt! What is the problem? %Q}!$#!{}{¨@%%:@} @$@@¨}{}{@@}{}@{@ {@}@#$¨}{%@$%@@# @${P%@@}}}~ <>}@!@ Alice Bob A Network Ethernet (IEEE 802.3, 1997)

  7. But we can encrypt! What is the problem? %Q}!$#!{}{¨@%%:@} @$@@¨}{}{@@}{}@{@ {@}@#$¨}{%@$%@@# @${P%@@}}}~ <>}@!@ Alice Bob A Network 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 Same +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Version| IHL |Type of Service| Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ for TCP, | Identification |Flags| Fragment Offset | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ SMTP, | Time to Live | Protocol | Header Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Address | IRC, +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination Address | HTTP, ... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Ethernet | Options | Padding | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ (IEEE 802.3, 1997) IPv4 Header Weak identifier (RFC 791, 1981)

  8. But we can encrypt! What is the problem? %Q}!$#!{}{¨@%%:@} @$@@¨}{}{@@}{}@{@ {@}@#$¨}{%@$%@@# @${P%@@}}}~ <>}@!@ Destination IP web Dr. Bob Oncologyst Alice Bob A Network 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 Same +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Version| IHL |Type of Service| Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ for TCP, | Identification |Flags| Fragment Offset | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ SMTP, | Time to Live | Protocol | Header Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Address | IRC, +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination Address | HTTP, ... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Ethernet | Options | Padding | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ (IEEE 802.3, 1997) IPv4 Header Weak identifier (RFC 791, 1981)

  9. OMG!! The problem is Traffic Analy lysis!! %Q}!$#!{}{¨@%%:@} @$@@¨}{}{@@}{}@{@ {@}@#$¨}{%@$%@@# @${P%@@}}}~ <>}@!@ Destination IP web Dr. Bob Oncologyst Alice Bob A Network 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 Same +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Version| IHL |Type of Service| Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ for TCP, | Identification |Flags| Fragment Offset | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ SMTP, | Time to Live | Protocol | Header Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Address | IRC, +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination Address | HTTP, ... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Ethernet | Options | Padding | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ (IEEE 802.3, 1997) IPv4 Header Weak identifier (RFC 791, 1981)

  10. Traffic WHAT? Wikipedia : traffjc analysis is the process of intercepting and examining messages in order to deduce information from patterns in communication Making use of “just” traffic data of a communication (aka metadata) to extract information (as opposed to analyzing content or perform cryptanalysis) Identities of Timing, frequency, Location Volume Device communicating parties duration Nowadays ys Military Roots - Diffje&Landau: ”Traffjc analysis, not - M. Herman: “These non-textual techniques cryptanalysis, is the backbone of can establish targets' locations , order-of- communications intelligence” battle and movement . Even when messages - Stewart Baker (NSA): “metadata absolutely are not being deciphered, traffjc analysis of the tells you everything about somebody’s target's Command, Control, Communications life . If you have enough metadata, you don’t and intelligence system and its patterns of behavior provides indications of his intentions really need content.” and states of mind ” - Tempora, MUSCULAR → XkeyScore, PRISM - WWI : British troops fjnding German boats. - Also “good” uses: recommendations, location- based services, - WWII : assessing size of German Air Force, fjngerprinting of transmitters or operators (localization of troops). Herman, Michael. Intelligence power in peace and war. Cambridge University Press, 1996. Diffje, Whitfjeld, and Susan Landau. Privacy on the line: The politics of wiretapping and encryption. MIT press, 2010. http://www.theguardian.com/world/interactive/2013/nov/01/snowden-nsa-fjles-surveillance-revelations-decoded

  11. We need to protect the communication layer! Anonymous communications General applications ➢ Freedom of speech ➢ Profjling / price discrimination ➢ Spam avoidance ➢ Investigation / market research ➢ Censorship resistance ➢ Specialized applications ➢ Electronic voting ➢ Auctions / bidding / stock market ➢ Incident reporting ➢ Witness protection / whistle blowing ➢ Showing anonymous credentials! ➢ https://www.eff.org/deeplinks/2013/10/online-anonymity-not-only-trolls-and-political-dissidents http://geekfeminism.wikia.com/wiki/Who_is_harmed_by_a_%22Real_Names%22_policy%3F

  12. Anonymous communications: abstract model IDs Timing Volume Length ... Receivers Senders Anonymous communication system Bitwise unlinkability ➢ Crypto to make inputs and outputs bit patterns different ➢ (re)packetizing + (re)schedule ➢ Destroy patterns (traffjc analysis resistance) ➢

  13. Anonymous communications: abstract model IDs Timing Volume Length ... Receivers Senders Bitwise unlinkability ➢ Crypto to make inputs and outputs bit patterns different ➢ (re)packetizing + (re)schedule + (re)routing, ➢ Destroy patterns (traffjc analysis resistance) ➢ Load balancing ➢ Distribute trust ➢

  14. In theory should work, but in practice... IDs Timing Volume Length ... Receivers Senders Bitwise unlinkability ➢ Crypto to make inputs and outputs bit patterns different ➢ (re)packetizing + (re)schedule + (re)routing, ➢ Bandwidth Destroy patterns (traffjc analysis resistance) ➢ Delay Load balancing ➢ Churn Distribute trust ➢ Intrinsic network differences Trust?

Recommend

using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis

using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis

Website Fingerprinting using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis Wiki says What is Traffic Analysis Wiki says Process of intercepting and examining messages in order to deduce

1.15k views • 41 slides
Interactive traffic analysis and Interactive traffic analysis and visualization with Wisconsin

Interactive traffic analysis and Interactive traffic analysis and visualization with Wisconsin

Interactive traffic analysis and Interactive traffic analysis and visualization with Wisconsin Netpy visualization with Wisconsin Netpy Cristian Estan, Garret Magin University of Wisconsin-Madison USENIX LISA, 19 December 2005 Traffic

345 views • 18 slides
Analysis of the WinZip Encryption Method Paper by: Tadayoshi Kohno Presented by: Ken, Mike,

Analysis of the WinZip Encryption Method Paper by: Tadayoshi Kohno Presented by: Ken, Mike,

Analysis of the WinZip Encryption Method Paper by: Tadayoshi Kohno Presented by: Ken, Mike, Jeremy &amp; Paul The popular compression utility for Microsoft Windows computers Easy-to-use AES encryption - Advanced Encryption version

492 views • 38 slides
Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis Jelle van den Hooff, David

Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis Jelle van den Hooff, David

Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis Jelle van den Hooff, David Lazar, Matei Zaharia, Nickolai Zeldovich MIT CSAIL Symposium on Operating Systems Principles (SOSP), 2015 1 / 12 Motivation Encryption systems hide

611 views • 14 slides
Genomic Analysis Hoon Cho (MIT) and David Wu (Stanford) March, 2015 Homomorphic Encryption

Genomic Analysis Hoon Cho (MIT) and David Wu (Stanford) March, 2015 Homomorphic Encryption

Homomorphic Encryption for Genomic Analysis Hoon Cho (MIT) and David Wu (Stanford) March, 2015 Homomorphic Encryption Homomorphic encryption (HE): encryption schemes that support computation on ciphertexts Consists of three functions: m c

548 views • 26 slides
IEncrypt a work-in-progress open-source initiative to increase encryption of traffic to and

IEncrypt a work-in-progress open-source initiative to increase encryption of traffic to and

IEncrypt a work-in-progress open-source initiative to increase encryption of traffic to and from .ie web sites, starting with newly registered second-level .ie domains. Developed by Tolerant Networks Limited Funded by IEDR Considered

769 views • 27 slides
tcpcrypt Mark Handley What would it take to encrypt all the traffic on the Internet, by

tcpcrypt Mark Handley What would it take to encrypt all the traffic on the Internet, by

tcpcrypt Mark Handley What would it take to encrypt all the traffic on the Internet, by default, all the time? Crypto 101: Encryption without authentication is useless. Encryption without authentication is like meeting a stranger in a

813 views • 31 slides
1 THE ANALYSIS OF TRAFFIC SAFETY THE ANALYSIS OF TRAFFIC SAFETY 3. Classification of stop

1 THE ANALYSIS OF TRAFFIC SAFETY THE ANALYSIS OF TRAFFIC SAFETY 3. Classification of stop

AGENDA AGENDA 1. The role and significance of public transport and tram transport in urban areas 2. Goal and stages of the study 1 THE ANALYSIS OF TRAFFIC SAFETY THE ANALYSIS OF TRAFFIC SAFETY 3. Classification of stop stations at tram stops

169 views • 4 slides
Traffic Classifier Real Time Classification and Analysis of T1/E1 Traffic 818 West Diamond Avenue

Traffic Classifier Real Time Classification and Analysis of T1/E1 Traffic 818 West Diamond Avenue

Traffic Classifier Real Time Classification and Analysis of T1/E1 Traffic 818 West Diamond Avenue - Third Floor, Gaithersburg, MD 20878 Phone: (301) 670-4784 Fax: (301) 670-9187 Email: info@gl.com Website: http://www.gl.com 1 1 Traffic

228 views • 11 slides
Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about encryption? Encryption Certificates Crypto Currencies Public Key AES Encryption Privacy SSH VPN HTTPS TLS Quantum Digital Signatures

837 views • 46 slides
ICmyNet.Flow: NetFlow based traffic investigation analysis traffic investigation, analysis, and

ICmyNet.Flow: NetFlow based traffic investigation analysis traffic investigation, analysis, and

ICmyNet.Flow: NetFlow based traffic investigation analysis traffic investigation, analysis, and reporting Slavko Gajin slavko.gajin@ rcub.bg.ac.rs AMRES Academic Network of Serbia RCUB - Belgrade University Computer Center ETF

641 views • 46 slides
Network Traffic Characterization Srinidhi Varadarajan Traffic Analysis: Introduction

Network Traffic Characterization Srinidhi Varadarajan Traffic Analysis: Introduction

Network Traffic Characterization Srinidhi Varadarajan Traffic Analysis: Introduction Youve just invented the greatest protocol does everything including tying your shoelaces. What now? Need to know how it performs. Is it

510 views • 13 slides
High Speed Traffic Analysis for High-Speed Traffic Analysis for Security: Challenges &amp;

High Speed Traffic Analysis for High-Speed Traffic Analysis for Security: Challenges &amp;

High Speed Traffic Analysis for High-Speed Traffic Analysis for Security: Challenges &amp; Approaches Security: Challenges &amp; Approaches C-DAC Asia-Pacific Advanced Network 32 nd Meeting, India Habitat Centre, New Delhi APAN 32nd Meeting,

647 views • 28 slides
Network Privacy Mostly issues of preserving privacy of data flowing through network Start

Network Privacy Mostly issues of preserving privacy of data flowing through network Start

Network Privacy Mostly issues of preserving privacy of data flowing through network Start with encryption With good encryption, data values not readable So whats the problem? Lecture 17 Page 1 CS 236 Online Traffic Analysis

532 views • 21 slides
Traffic Analysis The Most Powerful and Least Understood Attack Methods Raven Alder, Riccardo

Traffic Analysis The Most Powerful and Least Understood Attack Methods Raven Alder, Riccardo

Traffic Analysis The Most Powerful and Least Understood Attack Methods Raven Alder, Riccardo Bettati, Jon Callas, Nick Matthewson 1 What is Traffic Analysis? Signals intelligence that ignores content Information for analysis is the

355 views • 14 slides
my.SWISSTRAFFIC Automated Traffic Collection &amp; Analysis FULLY AUTOMATED TRAFFIC DATA

my.SWISSTRAFFIC Automated Traffic Collection &amp; Analysis FULLY AUTOMATED TRAFFIC DATA

my.SWISSTRAFFIC Automated Traffic Collection &amp; Analysis FULLY AUTOMATED TRAFFIC DATA COLLECTION AND ANALYTICS There is a high demand for reliable Traffic Data but Static data single-purpose data Invasive costly deployment &amp;

404 views • 18 slides
ANALYSIS ETI2506 Sunday, 23 October 2016 1 WHERE ARE WE IN THE CURRICULUM? 2 GOAL OF TRAFFIC

ANALYSIS ETI2506 Sunday, 23 October 2016 1 WHERE ARE WE IN THE CURRICULUM? 2 GOAL OF TRAFFIC

IN INTRODUCTION TO TRAFFIC ANALYSIS ETI2506 Sunday, 23 October 2016 1 WHERE ARE WE IN THE CURRICULUM? 2 GOAL OF TRAFFIC ANALYSIS 1. Except for user terminals, the telephone network is composed of a variety of common 45 Trunks equipment

385 views • 17 slides
Internet Traffic: Analysis, Modeling with real-world aspects Pierre B ORGNAT CNRS ENS Lyon,

Internet Traffic: Analysis, Modeling with real-world aspects Pierre B ORGNAT CNRS ENS Lyon,

Traffic Measurement Analysis &amp; Robust Methods Modeling Anomaly Detection Traffic Classification Conclusion + Internet Traffic: Analysis, Modeling with real-world aspects Pierre B ORGNAT CNRS ENS Lyon, Laboratoire de Physique (UMR

716 views • 60 slides
Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware Encryption S Web Encryption S Email Encryption OpenPGP S S/MIME S S Online Social Network Public Key Encryption S Encryption/Decryption

842 views • 26 slides
Road traffic safety analysis at U-turns on Thai highways using Traffic Conflict Technique at

Road traffic safety analysis at U-turns on Thai highways using Traffic Conflict Technique at

A presentation on Road traffic safety analysis at U-turns on Thai highways using Traffic Conflict Technique at ICTCT workshop 2014 Karlsruhe, Germany 16 th Oct 2014 Presented by: Inder Pal MEEL ipmeel@gmail.com 2014-10-16 Contents

417 views • 29 slides
Rendezvous-based Traffic Rendezvous-based Traffic Classification, Measurement, Classification,

Rendezvous-based Traffic Rendezvous-based Traffic Classification, Measurement, Classification,

Rendezvous-based Traffic Rendezvous-based Traffic Classification, Measurement, Classification, Measurement, and Analysis and Analysis ISC/CAIDA Data Collaboration Workshop October 22, 2012 David Plonka &amp; Paul Barford

1.33k views • 26 slides
Broadband traffic analysis (update) Kensuke Fukuda (NII) Kenjiro Cho (IIJ) Hiroshi Esaki

Broadband traffic analysis (update) Kensuke Fukuda (NII) Kenjiro Cho (IIJ) Hiroshi Esaki

Broadband traffic analysis (update) Kensuke Fukuda (NII) Kenjiro Cho (IIJ) Hiroshi Esaki (u-tokyo) Akira Kato (u-tokyo) Outline Macro-level residential user traffic traffic pattern and growth Flow-level residential user traffic

550 views • 24 slides
Probably the worlds best stateful traffic generation and analysis platform 2 1 2 4 5 3

Probably the worlds best stateful traffic generation and analysis platform 2 1 2 4 5 3

1 Probably the worlds best stateful traffic generation and analysis platform 2 1 2 4 5 3 OVERVIEW TYPES OF TESTS HARDWARE SOFTWARE KEY FEATURES LEARN MORE 3 OVERVIEW Vulcan generates stateful Ethernet traffic to analyze how

349 views • 34 slides
Probably the worlds best stateless traffic generation and analysis platform 2 1 2 4 5 6

Probably the worlds best stateless traffic generation and analysis platform 2 1 2 4 5 6

1 Probably the worlds best stateless traffic generation and analysis platform 2 1 2 4 5 6 3 OVERVIEW TYPES OF TESTS HARDWARE SOFTWARE AUTOMATION KEY FEATURES LEARN MORE 3 OVERVIEW Valkyrie is a full-featured stateless traffic

720 views • 43 slides

More recommend