2012 | OriginalPaper | Buchkapitel
Spying in the Dark: TCP and Tor Traffic Analysis
verfasst von : Yossi Gilad, Amir Herzberg
Erschienen in: Privacy Enhancing Technologies
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
We show how to exploit side-channels to
identify clients without eavesdropping
on the communication to the server, and without relying on known, distinguishable traffic patterns. We present different attacks, utilizing different side-channels, for two scenarios: a fully off-path attack detecting TCP connections, and an attack detecting Tor connections by eavesdropping only on the clients.
Our attacks exploit three types of side channels:
globally-incrementing IP identifiers
, used by some operating systems, e.g., in Windows;
packet processing delays
, which depend on TCP state; and
bogus-congestion events
, causing impact on TCP’s throughput (via TCP’s congestion control mechanism). Our attacks can (optionally) also benefit from sequential port allocation, e.g., deployed in Windows and Linux. The attacks are practical - we present results of experiments for all attacks in different network environments and scenarios. We also present countermeasures for these attacks.