Information Leakage in Encrypted Network Traffic

Similar documents
Spot me if you can: Uncovering spoken phrases in encrypted VoIP conversations

Traffic Analysis. Scott E. Coull RedJack, LLC. Silver Spring, MD USA. Side-channel attack, information theory, cryptanalysis, covert channel analysis

HMM Profiles for Network Traffic Classification

Prac%cal A)acks Against Encrypted VoIP Communica%ons

Chapter 7 Transport-Level Security

How To Recognize Voice Over Ip On Pc Or Mac Or Ip On A Pc Or Ip (Ip) On A Microsoft Computer Or Ip Computer On A Mac Or Mac (Ip Or Ip) On An Ip Computer Or Mac Computer On An Mp3

Basic principles of Voice over IP

An Introduction to VoIP Protocols

Broadband Networks. Prof. Dr. Abhay Karandikar. Electrical Engineering Department. Indian Institute of Technology, Bombay. Lecture - 29.

1 Step 1: Select... Files to Encrypt 2 Step 2: Confirm... Name of Archive 3 Step 3: Define... Pass Phrase

CHAPTER 1 INTRODUCTION

Protocols. Packets. What's in an IP packet

Solution of Exercise Sheet 5

VoIP Technologies Lecturer : Dr. Ala Khalifeh Lecture 4 : Voice codecs (Cont.)

Privacy Vulnerabilities in Encrypted HTTP Streams

VoIP Bandwidth Considerations - design decisions

Safer data transmission using Steganography

Multi-Class Traffic Morphing for Encrypted VoIP Communication

CLASSIFYING NETWORK TRAFFIC IN THE BIG DATA ERA

Voice over IP: RTP/RTCP The transport layer

Project Code: SPBX. Project Advisor : Aftab Alam. Project Team: Umair Ashraf (Team Lead) Imran Bashir Khadija Akram

TLS and SRTP for Skype Connect. Technical Datasheet

CSE/EE 461 Lecture 23

Covert Channels. Some instances of use: Hotels that block specific ports Countries that block some access

Advanced Networking Voice over IP: RTP/RTCP The transport layer

AUTOMATIC PHONEME SEGMENTATION WITH RELAXED TEXTUAL CONSTRAINTS

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Voice-Over-IP. Daniel Zappala. CS 460 Computer Networking Brigham Young University

VoIP Bandwidth Calculation

CS 4803 Computer and Network Security

ON TRAFFIC ANALYSIS ATTACKS TO ENCRYPTED VOIP CALLS

TECHNICAL CHALLENGES OF VoIP BYPASS

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Traffic Analysis of Encrypted Messaging Services: Apple imessage and Beyond

Skype characteristics

Objective Speech Quality Measures for Internet Telephony

Early Recognition of Encrypted Applications

C E D A T 8 5. Innovating services and technologies for speech content management

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT

Tor Anonymity Network & Traffic Analysis. Presented by Peter Likarish

Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi

Service resiliency and reliability Quality of Experience Modelling requirements A PlanetLab proposal. PDCAT'08 - Dunedin December 1-4, 2008

Active Monitoring of Voice over IP Services with Malden

Introduction to Packet Voice Technologies and VoIP

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security (II) ISO : Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

How To Understand And Understand The Security Of A Key Infrastructure

Hey, You, Get Off of My Cloud! Exploring Information Leakage in Third-Party Clouds. Thomas Ristenpart, Eran Tromer, Hovav Shacham, Stefan Savage

Encryption and Decryption for Secure Communication

Network Security. HIT Shimrit Tzur-David

APTA TransiTech Conference Communications: Vendor Perspective (TT) Phoenix, Arizona, Tuesday, VoIP Solution (101)

Protocol Security Where?

ANALYSIS OF LONG DISTANCE 3-WAY CONFERENCE CALLING WITH VOIP

New security and control protocol for VoIP based on steganography and digital watermarking

Bandwidth usage of common networking applications

Network Security Protocols

Perceived Speech Quality Prediction for Voice over IP-based Networks

Performance Analysis Proposal

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode

Security Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress

VegaStream Information Note Considerations for a VoIP installation

A Preliminary Performance Comparison of Two Feature Sets for Encrypted Traffic Classification

Chapter 23. Database Security. Security Issues. Database Security

Speech Analytics. Whitepaper

Three short case studies

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

Database Security. The Need for Database Security

SIPAC. Signals and Data Identification, Processing, Analysis, and Classification

Chapter 10. Network Security

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

Delivering reliable VoIP Services

Introduction and Comparison of Common Videoconferencing Audio Protocols I. Digital Audio Principles

Introduction VOIP in an Network VOIP 3

Securing IP Networks with Implementation of IPv6

CSCI 454/554 Computer and Network Security. Final Exam Review

WS_FTP Professional 12. Security Guide

Quality of Service (QoS) and Quality of Experience (QoE) VoiceCon Fall 2008

Chapter 11 Phase 5: Covering Tracks and Hiding

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Choosing the Right Audio Codecs for VoIP over cdma2000 Networks:

Voice Encryption over GSM:

Fundamentals of VoIP Call Quality Monitoring & Troubleshooting. 2014, SolarWinds Worldwide, LLC. All rights reserved. Follow SolarWinds:

Security and protection of digital images by using watermarking methods

CSC Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity

Performance Evaluation of AODV, OLSR Routing Protocol in VOIP Over Ad Hoc

point to point and point to multi point calls over IP

Grandstream Networks, Inc.

Overview of Symmetric Encryption

Internet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols ETSF10 Internet Protocols 2011

How To Encrypt With A 64 Bit Block Cipher

Network administrators must be aware that delay exists, and then design their network to bring end-to-end delay within acceptable limits.

Speech Signal Processing: An Overview

Monitoring VoIP Call Quality Using Improved Simplified E-model

Transcription:

Information Leakage in Encrypted Network Traffic Attacks and Countermeasures Scott Coull RedJack Joint work with: Charles Wright (MIT LL) Lucas Ballard (Google) Fabian Monrose (UNC) Gerald Masson (JHU)

Encrypted Network Traffic Problem: How do we stop eavesdropping? Cryptography to the rescue!

Encrypted Network Traffic Encrypt the payload contents What about features of the network traffic itself? Port numbers, packet sizes, timing info

Network Traffic Features Traffic features may introduce a communications channel Like a side-channel attack or covert channel X Y Z Source Feature Network Observer

Network Traffic Features Traffic features may introduce a communications channel Like a side-channel attack or covert channel Web page identity X Y Z Source Feature Network Observer

Network Traffic Features Traffic features may introduce a communications channel Like a side-channel attack or covert channel Encrypted packet sizes X Y Z Source Feature Network Observer

Network Traffic Features Traffic features may introduce an communications channel Like a side-channel attack or covert channel Noisy packet sizes X Y Z Source Feature Network Observer

Preventing Information Leakage Information theory says we should make the distributions uniform Quantize outputs to coarser levels Ex: two vs. ten potential packet sizes What about performance? Padding VoIP can introduce >42% overhead!! Padding to 1500 bytes induces up to 150% overhead for HTTP!!

Implementation Problems Performance almost always wins over security for consumer implementations Results in attacks that infer contents of encrypted network traffic Login passwords for SSH packet timing Web page identities for SSL/TLS packet size Language and phrases for VoIP packet size

Overview Illustrate potential privacy problems introduced by network traffic features: Uncovering Spoken Phrases in Encrypted Voice over IP Conversations Present efficient countermeasure by moving from information theoretic model: Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis

How Does VoIP Work? Alice speaks into her microphone to produce an audio waveform Internet

How Does VoIP Work? Variable Bit-Rate audio codec compresses waveform and real-time transport protocol packetizes Internet

How Does VoIP Work? Stream cipher used to efficiently encrypt packets Internet

How Does VoIP Work? Packets sent over IP network and decoded Internet

Attack Intuition Variable Bit-Rate codec allows correlation between audio and packet sizes Internet

Attack Intuition Length-preserving stream cipher keeps correlation Internet

Attack Intuition Packet sizes carry information about the original audio Original audio is made up of the building blocks of language called phonemes

Attack Intuition

Phrase Spotting How do we use the correlation between packet size and audio? Build a statistical model for the sequence of packet sizes in phrase Use the model to detect when a phrase of interest has occurred Known as phrase spotting

Phrase Spotting Packets:

Phrase Spotting Packets: Phrases: spot me spot me

Phrase Spotting Packets: Phrases: spot me spot me Extract Training Data

Phrase Spotting Packets: Phrases: spot me spot me Extract Training Data

Phrase Spotting Packets: Phrases: spot me spot me Multiple Sequence Alignment Insertion Deletion

Phrase Spotting Packets: Phrases: spot me spot me Aligned columns known as the consensus sequence for the phrase Represented with a Profile Hidden Markov Model (HMM)

Synthesizing Training Data How do we train our phrase HMM without speaker-specific data? What if we do not have examples of the phrase we are looking for? Use concatenative synthesis! Break phrase pronunciation into phonemes Concatenate available phonemes together

Synthesizing Training Data 1. Split phrase into words the bike is red

Synthesizing Training Data 1. Split phrase into words the bike is red 2. Break words into phonemes dh ah b ay k ih z r eh d

Synthesizing Training Data 1. Split phrase into words the bike is red 2. Break words into phonemes dh ah b ay k ih z r eh d 3. Replace phonemes with packet sizes

Synthesizing Training Data 1. Split phrase into words the bike is red 2. Break words into phonemes dh ah b ay k ih z r eh d 3. Replace phonemes with packet sizes

Synthesizing Training Data 1. Split phrase into words the bike is red 2. Break words into phonemes dh ah b ay k ih z r eh d 3. Replace phonemes with packet sizes

Synthesizing Training Data 1. Split phrase into words the bike is red 2. Break words into phonemes dh ah b ay k ih z r eh d 3. Replace phonemes with packet sizes

Synthesizing Training Data 1. Split phrase into words the bike is red 2. Break words into phonemes dh ah b ay k ih z r eh d 3. Replace phonemes with packet sizes 4. Repeat to capture variations in speech

Evaluation TIMIT Dataset: 462 training speakers, 168 testing speakers 122 distinct phrases Diverse set of dialects, pronunciations, etc. Use information retrieval metrics: Recall = TP / (TP+FN) Precision = TP / (TP+FP)

Results

Results Method is robust to variations in the audio Noise Gender Dialect Wide-band vs. Narrow-band Surprising amount of information leakage from encrypted VoIP traffic More recent work produces transcripts

Countermeasures Padding can be effective for some types of information, but not others Can we do better? Protocol Leaked Info. VoIP Block Size Accuracy Overhead Phrases 256-bit 0.4% 16.5% Language 512-bit 6.9% 42.2% HTTP Web Pages 1500 bytes 35.9% 140.8%

Traffic Morphing What if we could morph one class of traffic to look like another? Ex: Farsi appears to be English Use convex optimization to stochastically change packet sizes to: Minimize overhead Ensure distribution looks like the target

How to Morph Traffic Source Distribution (Packet Sizes for Farsi) Target Distribution (Packet Sizes for English)

How to Morph Traffic Find morphing matrix A such that:

How to Morph Traffic Treat each column as a probability distribution for morphing source packet size s j to target a ij = Pr[Y=s i X=s j ]

How to Morph Traffic Underspecified system of equations: n 2 unknowns and 2n equations Infinitely many solutions Choose one that minimizes the cost:

How to Morph Traffic Underspecified system of equations: n 2 unknowns and 2n equations Infinitely many solutions Choose one that minimizes the cost: Overhead

How to Morph Traffic To morph source packet with size s j : Find j th column of morphing matrix A Sample from column according to distribution Alter packet size to match sampled size s i

Real-world Challenges Many issues arise in the real-world: Reducing packet sizes? Large sample spaces? Slight changes in distribution? Not enough packets?

VoIP Morphing Results Apply morphing to VoIP language identification work of Wright et al. Nearest-neighbor classifier n-gram distributions of packet sizes Can the classifier distinguish morphed from real? Strategy Overhead Bigram Accuracy No Padding 0.0% 71% 512-bit Padding 42.2% 50% Morphing 15.4% 54%

VoIP Morphing Results Morpher must be at least as powerful as the classifier to reduce accuracy Trigram classifier beats bigram morphing but we can make a trigram morpher Strategy Bigram Accuracy Trigram Accuracy No Padding 71% 76% 512-bit Padding 50% 50% Morphing 54% 76%

Open Questions How do we determine security of morphing-like countermeasures? No obvious proof since we are not working in an information theoretic model Is there a way to tell if a classifier can ever win? Certain natural limitations and costs may prevent morphing in some scenarios Ex: Cannot buffer packets indefinitely

Summary Most users assume contents are secure with well-known cryptographic protocols Performance considerations lead to information leakage from traffic features Explored security/performance trade-off: Phrase spotting in encrypted VoIP Countermeasures using traffic morphing

Search Hidden Markov Model Profile Start (silent)

Search Hidden Markov Model Match State (phrase distribution)

Search Hidden Markov Model Insert State (background distribution)

Search Hidden Markov Model Delete State (silent)

Search Hidden Markov Model Profile End (silent)

Search Hidden Markov Model Non-Profile (background distribution)

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information