Low-Cost Sde Chael Remote Traffc Aalyss Attack Packet Networks Sach Kadloor, Xu Gog, Negar Kyavash, Tolga Tezca, Nkta Borsov ECE Departmet ad Coordated Scece Lab. IESE Departmet ad Coordated Scece Lab. IESE Departmet Uversty of Illos at Urbaa-Champag {kadloor1,xugog1,kyavash, ttezca, kta@llos.edu} Abstract Ths paper presets a dagerous low-cost traffc aalyss attack packet-based etworks, such as the Iteret. The attack s moutable ay scearo where a shared routg resource exsts amog users. A real-world attack successfully compromsed the prvacy of a user wthout requrg sgfcat resources terms of access, memory, or computatoal power. The effectveess of our attack s demostrated a scearo where the user s DSL router uses FCFS schedulg polcy. Specfcally, we show that by usg a low-rate sequece of probes, a remote attacker ca obta sgfcat traffc-tmg ad volume formato about a partcular user, just by observg the roud trp tme of the probes. We also observe that eve whe the schedulg polcy s chaged to roud-rob, whle the correlato reduces sgfcatly, the attacker ca stll relably deduce user s traffc patter. Most of the router schedulg polces desged to date are evaluated mostly o the metrcs of throughput, delay ad faress. Our work s amed to demostrate a eed for cosderg a addtoal metrc that quatfes the formato leak betwee the dvdual traffc flows through the router. ad measures the roud-trp tme (RTT) of hs probe packets. The DSL has a comg ad a outgog port, for the traffcs addressed to, ad orgatg from Alce s computer. Bob s probe resposes ad Alce s comg traffc share the same queue, hece the delay that Bob observes would vary based o the patter of traffc addressed to Alce. Although the pgs travel through varous termedate routers, ther roudtrp tme s prmarly affected by Alce s traffc. Ths s because of two reasos. Oe, the termedate routers have sgfcatly hgher badwdth compared to the volume of the traffc flowg through them. Also, the termedate routers carry multple traffc flows. These two mply that the delays curred at these routers does ot chage wth tme. Hece, the delay duced by the users traffc s well preserved. I. I NTRODUCTION As more of our daly actvtes are carred out over the Iteret, the cocer for ther secrecy becomes creasgly urget. Ths paper presets a straghtforward, yet powerful traffc aalyss attack that takes advatage of the sde chael that s troduced by shared routg resources wth packetbased etworks, such as the Iteret. To descrbe the sde chael more detal, we wll cosder a example of a user, Alce, usg the Iteret from home. She s coected by a DSL coecto to her Iteret Servce Provder (ISP). The largest threats to the prvacy of Alce s commucato come ether from a compromse of her home computer, or from a uscrupulous employee at her ISP. However, The ISP s boud by at-wretappg laws [1] to ot vade to her prvacy. I ay case, Alce uses cryptographc protecto, such as Trasport Layer Securty (TLS) [2] to protect the most sestve data, such as passwords ad credt card umbers. A attacker, Bob, s curous about Alce s actvtes. He does ot have access to Alce s computer or her ISP. I fact, Bob ca possbly be o aother ISP, possbly aother coutry. However, Bob has access to a resource use by Alce, amely the packet queue sde her DSL router. Ths resource allows hm to create a sde chael that wll leak formato about Alce s traffc. Ths scearo s llustrated Fgure 1. Bob seds a low-badwdth, but hgh frequecy probe to the router Fg. 1. Queueg Sde Chael We wll demostrate that, fact, the delay Bob s traffc patter s strogly correlated wth Alce s traffc patter such that Bob ca fer the actvty Alce egages. The stregth of ths attack les the fact that t does ot requre specal access or prvleges for the attacker. The attacker does ot eve eed hgh computatoal power. Note that our attack ca oly reveal the tmg ad the volume of the traffc, ad ot the actual cotets of the packets. However, recet research has show that sgfcat fereces ca be draw by observg just the traffc patter of a user.
Based o hs observatos, Bob ca perform traffc aalyss: recovery of secret data based o packet couts, tmgs, ad szes. Recet research has demostrated that traffc aalyss ca be used for a umber of attacks: detfcato of web stes vsted [3], [4], guesses at passwords typed [5], ad recovery of phrases spoke over VoIP [6]. However, t was prevously assumed that such attacks requred access to oe of the routers alog the path of Alce s traffc. We wll show that ayoe who ca sed probe traffc to oe of these routers ca use the shared router queue as a sde chael to carry out traffc aalyss. Ths dramatcally creases the attack surface avalable for traffc aalyss. Eve teral commucato wholly cotaed wth a etwork a eterprse or mltary base may be subject to traffc aalyss, f the etwork s coected to the publc Iteret. Lkewse, eve o a closed etwork, a lowclearace sder may be able to carry out such probes from a remote locato. Remote traffc aalyss ca be appled to a wde varety of cotexts, so we beg by dscussg a few mportat attack scearos. 1) Cyberstalkg: A attacker may put a partcular user uder survellace order to lear more about that user s behavor o the Iteret. The motves for such dvdual survellace ca vary wdely. A attacker may wat to determe whether a user s actve or ot, whch wll help hm determe whether someoe s lkely to be home at a gve tme. A attacker may also wsh to costruct a profle of the user: Is the user lkely to be affluet? What s the user s geder? Are there chldre the home? Aother possblty for attack s to de-aoymze a user pseudoym, used o a blog or a dscusso board. By correlatg user actvty wth the tmes that updates are posted o the blog/board, t wll evetually be possble to obta statstcal evdece that mplcates the user. Fally, as stated before, some ecrypted traffc aalyss techques reveal the actual cotets of a user s commucato: statstcal models ca recover characters typed based o keystroke tmgs, whle others ca recover features from ecrypted VoIP calls, such as the laguage beg spoke, or test for the presece of specfc phrases. 2) Umaskg Relatoshps: Remote traffc aalyss ca also be used to detect whether two users are commucatg, thus ferrg socal or professoal relatoshps betwee them. Such commucatos may take the form of a drect etwork coecto betwee them va TCP or VoIP, or drect coversato by stat message. I both cases, correlato of messages leavg the computer of oe user ad arrvg at the computer of the other ca gve evdece of commucato. 3) Motorg at Scale: Because each probe requres oly a low volume of traffc, t s possble for attackers to motor multple routers at oce. I addto to beg able to motor multple people, more pervasve survellace ca provde ew opportutes for motorg. For example, whe deaoymzg a pseudoym or fdg coectos betwee users, cyberstalkg allows oly cofrmato attacks, where a exstg suspco ca be cofrmed or dsproved, whereas more pervasve motorg ca dscover prevously ukow relatoshps. Havg dscussed how our attack ca be used to vade to a user s prvacy o the Iteret, we ow dscuss some of the other attacks proposed the lterature. Followg that, Secto III, we formulate mathematcally the problem at had. We the preset the results of our smulato ad the expermet Secto IV. We coclude by descrbg a lst of potetal research problems Secto V, that arse out of the observatos made ths paper. II. RELATED WORK Perhaps the most related work to our proposed attack s the cloggg attack proposed by Back et al. [7], whch was proposed as a attack agast low-latecy aoymty schemes. As the ame suggests, aoymous commucato schemes allow ther users to commucate wth oe aother whle maskg the relatoshps betwee the users,.e. cocealg who commucates wth whom. The majorty of these schemes forward ed-user traffc though redrectg relays, usg multlayered ecrypto betwee the source ad every termedate relay. Ths s doe to rebuff traffc aalyss ad guaratee edto-ed prvacy. The layered ecrypto s mplemeted through a seres of relay odes creatg a vrtual aoymous tuel. I the cloggg attack proposed [7], a adversary at oe ed of a aoymous tuel ca determe whch odes partcpate the tuel by sequetally cloggg each of the possble relays ad lookg for a correspodg drop the throughput across the tuel. However, gve the curret archtecture of the Iteret, lauchg such a attack s feasble because t would requre very hgh badwdth ad tme. Murdoch ad Daezs [8] proposed a dramatcally lowercost form of ths attack ad valdated the Tor etwork [9]. I ther attack, a malcous server, through a o-off traffc patter, systematcally clogs a aoymous tuel, whle measurg the latecy of the coectos that ru across all relays. The relays wth latecy fuctos that are most correlated to the cloggg perods are detfed as the members of the tuel. Evas et al. [10] exteded ths attack to requre less badwdth by usg log paths the Tor etwork. Fally, Chakravarty et al. [11] showed that smlar attacks ca be used to detect ormal Iteret routers that forward Tor paths, as opposed to just Tor odes, by usg avalable badwdth estmato techques [12]. These attacks are structurally smlar to our attack, but the probes are used to detect the presece of a attacker-cotrolled flow order to volate aoymty guaratees. I our attack, the flow of terest s ot uder the attackers cotrol, thus our problem explots a sde chael, rather tha a covert oe. I partcular, prevous work has used coarse-graed o-off patters to detect flow presece, whereas we show that t s possble to fer fegraed formato about a user flow. III. MATHEMATICAL FORMULATION We wll cosder a tme slotted system. I each tme slot, we wll assume that there ca be at most oe packet arrval from each stream. Ths assumpto s vald f we sample the
tme fe eough. Let x (k) {0, 1} deote the umber of comg packets from stream k {1, 2} tme slot. Let y (k) {0, 1} deote the umber of packets of stream k served the tme slot. LetQ (k) represet the umber of packets of stream k whch have ot bee served utl tme. It follows the recurso Q (k) = Q (k) 1 + x(k) y (k) (1) Let stream 1 deote the strg of pgs, ad let stream 2 deote the traffc patter of the other user. Defe the arrvg tme of the th packet the k th queue as T (k) = f : j=1 x (k) j ad defe the departure tme of the th packet from the k th queue as T (k) = f : y (k) j (3) j=1 The the roudtrp tme of the th packet s T (k) = T (k) (2) T (k) (4) Also, we defe the umber of arrvg packets oe queue betwee two cosecutve arrvals the other queue, x k. = T (2) j=t (2) 1 x (1) j (5) The correlato betwee the roudtrp tmes of the pgs ad the traffc patter the other stream s 1 N T (2) 1 N 1 N T (2) (6) We wll aalyze the performace of frst come frst served, ad the roud-rob polcy agast our attack terms of the correlato metrc the followg secto. IV. PERFORMANCE RESULTS To estmate the effectveess of our attack, we frst ra a seres of smulato expermets. We captured both the tme of arrval of the packets ad the packet szes of real traffc arrvg to our computer usg Wreshark. These captured packets represet the user s traffc, about whch the attacker wats to lear. The packets were captured two scearos, oe whle browsg the Iteret, ad secod whle playg a vdeo o Youtube. The average traffc data rate s vastly dfferet these two scearos, t s 21.8 KBps whle browsg ad 105 KBps whle watchg the vdeo. We the geerate a stream of equally spaced pgs, each of sze 74 Bytes, ad compute the roudtrp tme of these pgs as see by the attacker. Roudtrp tmes are calculated both for the case whe FCFS polcy s mplemeted at the router ad Fg. 2. Pg rate = 5 pgs/sec whe the polcy used s roud-rob. We vary the frequecy of these pgs: 5, 50, ad 500 pgs/sec, whch correspod to a pg data rate of 0.37, 3.7, ad 37 kbps, respectvely. These rates are too small for the router to suspect the presece of a attack. The router s servce rate was fxed at 296 kbps. Fgures 2, 3, ad 4 plot the roud trp tme of each pg frequecy for FCFS ad roud-rob polcy. The top plot each fgure depcts the user s traffc, sampled at the arrval tmes of the pgs. The mddle plot s the roud trp tme of attacker s pgs whe FCFS polcy s used ad the bottom plot the roud trp
Fg. 3. Pg rate = 50 pgs/sec Fg. 4. Pg rate = 500 pgs/sec tme whe roud-rob s used. It s clearly see that as log as the pg s ot too frequet, there s a hgh correlato betwee the put traffc ad the roud trp tmes. Whle the roud-rob polcy oly reveals whether the user s actve or ot, the FCFS polcy reveals the exact patter. Ths s however ot true at hgh pg frequeces whe roud-rob polcy reveals as much formato as the FCFS polcy, ad hece s vulerable. The smulatos above demostrate the potetal of our proposed attack to ucover the traffc patter of a remote user. Ca ths attack be used practce? To aswer ths questo, we setup a testbed. We observed traffc of a home DSL user Illos, whle smultaeously sedg a pg probe from a computer New Jersey at a frequecy of 100 per secod. Roud trp tmes were calculated ad were later compared wth the actual traffc patter of the home user. Fgure 5 shows the results of our expermet. The user s traffc s show gree, ad the roud-trp tmes of the pg probe are show red. It s qute clear from the fgure that there s a correlato betwee the two. Note that the data rate of the pgs s less tha 50 Kbps of badwdth, ad s ulkely to be otced.
I the most geeral formulato of the problem, the goal of the attacker s to maxmze the mutual formato I(Y ; X Z) where X deotes the traffc patter of terest, Y s the observed watg tme of the probe sgal, ad Z deotes the probe sgal. The queug polcy s modeled by the trasto probablty p(y X, Z). Fdg a optmal prvacy-preservg polcy terms of ether mmzg the correlato metrc or the codtoal mutual formato wll be the focus of our future work. Fg. 5. Real traffc o a DSL le vs. observed probe RTTs V. DISCUSSION We have successfully demostrated a efarous attack that takes advatage of the sde chael troduced by shared routg resources wth packet-based etworks, such as the Iteret. The performace of the attack was show usg real traffc ad smulato of FCFS ad roud-rob polces. Ths smple attack s so powerful because the queug polces are ot desged wth purpose of preservg prvacy of the users. Rather, they are desged havg delay-throughput trade-offs md. Ths work llustrates the urgecy for developmet of prvacy preservg schedulg polces. The objectve of such a polcy wll be to mmze the correlatos betwee the traffc patters of oe user ad the roudtrp tmes (or the watg tmes) of the packets of the other user. Moreover, whle correlato-based metrcs such as (6) are commoly used for determg the amout of formato a adversary ca lear va the sde chael, formato-theoretcally oe would lke to determe the maxmum rate of formato a attacker ca relably lear based o the observatos avalable to her/hm. Thus, a prvacy-preservg schedulg polcy must fact crease the ucertaly of the adversary. REFERENCES [1] Wre ad electroc commucatos tercepto ad tercepto of oral commucatos, Uted States Code, Ttle 18, Part I, Chapter 119. [2] T. Derks ad C. Alle, The TLS protocol verso 1.0, RFC2246, Ja. 1999. [3] G. Bssas, M. Lberatore, D. Jese, ad B. Leve, Prvacy vulerabltes ecrypted HTTP streams, Prvacy Ehacg Techologes, 2006, pp. 1 11. [Ole]. Avalable: http://dx.do.org/10. 1007/11767831\ 1 [4] M. Lberatore ad B. N. Leve, Iferrg the source of ecrypted HTTP coectos, CCS 06: Proceedgs of the 13th ACM coferece o Computer ad commucatos securty. New York, NY, USA: ACM Press, 2006, pp. 255 263. [Ole]. Avalable: http://dx.do.org/10.1145/1180405.1180437 [5] D. X. Sog, D. Wager, ad X. Ta, Tmg aalyss of keystrokes ad SSH tmg attacks, USENIX Securty Symposum, 2001. [6] C. V. Wrght, L. Ballard, S. E. Coull, F. Morose, ad G. M. Masso, Spot me f you ca: Ucoverg spoke phrases ecrypted VoIP coversatos, SP 08: Proceedgs of the 2008 IEEE Symposum o Securty ad Prvacy. Washgto, DC, USA: IEEE Computer Socety, 2008, pp. 35 49. [7] A. Back, U. Moller, ad A. Stglc, Traffc aalyss attacks ad tradeoffs aoymty provdg systems, Lecture Notes Computer Scece, vol. 2137, o. 245-257, p. 76, 2001. [8] S. Murdoch ad G. Daezs, Low-cost traffc aalyss of tor, 2005 IEEE Symposum o Securty ad Prvacy, 2005, pp. 183 195. [9] R. Dglede, N. Mathewso, ad P. Syverso, Tor: The secodgeerato oo router, USENIX Securty Symposum, 2004, pp. 303 320. [10] N. S. Evas, R. Dglede, ad C. Grothoff, A practcal cogesto attack o Tor usg log paths, USENIX Securty Symposum, Aug. 2009. [11] S. Chakravarty, A. Stavrou, ad A. D. Keromyts, Idetfyg proxy odes a Tor aoymzato crcut, Workshop o Securty ad Prvacy Telecommucatos ad Iformato Systems, Dec. 2008, pp. 633 639. [12] J. Strauss, D. Katab, ad F. Kaashoek, A measuremet study of avalable badwdth estmato tools, IMC 03: Proceedgs of the 3rd ACM SIGCOMM coferece o Iteret measuremet. New York, NY, USA: ACM, 2003, pp. 39 44.