nach oben

Erschienen in:

2019 | OriginalPaper | Buchkapitel

Peel the Onion: Recognition of Android Apps Behind the Tor Network

verfasst von : Emanuele Petagna, Giuseppe Laurenza, Claudio Ciccotelli, Leonardo Querzoni

Erschienen in: Information Security Practice and Experience

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

According to Freedom on the Net 2017 report [15] more than 60% of World’s Internet users are not completely free from censorship. Solutions like Tor allow users to gain more freedom, bypassing these restrictions. For this reason they are continuously under deep observation to detect vulnerabilities that would compromise users anonymity. The aim of this work is showing that Tor is vulnerable to app deanonymization attacks on Android devices through network traffic analysis. While attacks against Tor anonymity have already gained considerable attention in the context of website fingerprinting in desktop environments, to the best of our knowledge this is the first work that addresses a similar problem on Android devices. For this purpose, we describe a general methodology for performing an attack that allows to deanonymize the apps running on a target smartphone using Tor. Then, we discuss a Proof-of-Concept, implementing the methodology, that shows how the attack can be performed in practice and allows to assess the deanonymization accuracy that it is possible to achieve. Moreover, we made the software of the Proof-of-Concept available, as well as the datasets used to evaluate it. In our extensive experimental evaluation, we achieved an accuracy of \(97\%\).

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel KMO: Kernel Memory Observer to Identify Memory Corruption by Secret Inspection Mechanism

Nächstes Kapitel JSLess: A Tale of a Fileless Javascript Memory-Resident Malware

Nur mit Berechtigung zugänglich

Both the software necessary to reproduce the Proof-of-Concept and the dataset can be downloaded from the following repository: https://github.com/Immanuel84/peeltheonion.

https://arxiv.org/abs/1901.04434.

Orbot: Tor for android (2018). https://guardianproject.info/apps/orbot/

Tcpdump (2018). https://www.tcpdump.org/

Androidviewclient (2019). https://github.com/dtmilano/AndroidViewClient

Culebra (2019). http://culebra.dtmilano.com/

The majestic million (2019). https://majestic.com/reports/majestic-million

Socialblade.com top 500 most followed profiles (sorted by followers count) (2019). https://socialblade.com/instagram/top/500/followers

Socialblade.com top 500 most liked facebook pages (sorted by count) (2019). https://socialblade.com/facebook/top/500/likes

Wireshark (2019). https://www.wireshark.org/

AlSabah, M., Bauer, K., Goldberg, I.: Enhancing tor’s performance using real-time traffic classification. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 73–84. ACM, New York (2012). https://doi.org/10.1145/2382196.2382208

10.

Bissias, G.D., Liberatore, M., Jensen, D., Levine, B.N.: Privacy vulnerabilities in encrypted HTTP streams. In: Danezis, G., Martin, D. (eds.) PET 2005. LNCS, vol. 3856, pp. 1–11. Springer, Heidelberg (2006). https://doi.org/10.1007/11767831_1CrossRef

11.

Chakravarty, S., Barbera, M.V., Portokalidis, G., Polychronakis, M., Keromytis, A.D.: On the effectiveness of traffic analysis against anonymity networks using flow records. In: Faloutsos, M., Kuzmanovic, A. (eds.) PAM 2014. LNCS, vol. 8362, pp. 247–257. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-04918-2_24CrossRef

12.

Conti, M., Mancini, L.V., Spolaor, R., Verde, N.V.: Can’t you hear me knocking: identification of user actions on android apps via traffic analysis. In: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy CODASPY 2015, pp. 297–304. ACM, New York (2015). https://doi.org/10.1145/2699026.2699119

13.

Dai, S., Tongaonkar, A., Wang, X., Nucci, A., Song, D.: Networkprofiler: towards automatic fingerprinting of android apps, pp. 809–817, April 2013. https://doi.org/10.1109/INFCOM.2013.6566868

14.

Finamore, A., Mellia, M., Munafò, M.M., Torres, R., Rao, S.G.: Youtube everywhere: impact of device and infrastructure synergies on user experience. In: Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference, pp. 345–360. ACM (2011)

15.

Freedom on the Net: 2017 report (2017). https://freedomhouse.org/report/freedom-net/freedom-net-2017

16.

Gember, A., Anand, A., Akella, A.: A comparative study of handheld and non-handheld traffic in campus wi-fi networks. In: Spring, N., Riley, G.F. (eds.) PAM 2011. LNCS, vol. 6579, pp. 173–183. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19260-9_18CrossRef

17.

Habibi Lashkari, A., Draper Gil, G., Mamun, M.S.I., Ghorbani, A.A.: Characterization of tor traffic using time based features. In: Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, pp. 253–262. INSTICC, SciTePress (2017). https://doi.org/10.5220/0006105602530262

18.

Hintz, A.: Fingerprinting websites using traffic analysis. In: Dingledine, R., Syverson, P. (eds.) PET 2002. LNCS, vol. 2482, pp. 171–178. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36467-6_13. http://dl.acm.org/citation.cfm?id=1765299.1765312CrossRef

19.

Juarez, M., Afroz, S., Acar, G., Diaz, C., Greenstadt, R.: A critical evaluation of website fingerprinting attacks. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security CCS 2014, pp. 263–274. ACM, New York (2014). https://doi.org/10.1145/2660267.2660368

20.

Liberatore, M., Levine, B.N.: Inferring the source of encrypted http connections. In: Proceedings of the 13th ACM Conference on Computer and Communications Security CCS 2006, pp. 255–263. ACM, New York (2006). https://doi.org/10.1145/1180405.1180437

21.

Ling, Z., Luo, J., Wu, K., Yu, W., Fu, X.: Torward: discovery of malicious traffic over tor. In: IEEE INFOCOM 2014 - IEEE Conference on Computer Communications, pp. 1402–1410 (2014)

22.

Mittal, P., Khurshid, A., Juen, J., Caesar, M., Borisov, N.: Stealthy traffic analysis of low-latency anonymous communication using throughput fingerprinting. In: Proceedings of the 18th ACM Conference on Computer and Communications Security CCS 2011, pp. 215–226. ACM, New York (2011). https://doi.org/10.1145/2046707.2046732

23.

Perry, M.: Tor padding specification (2019). https://gitweb.torproject.org/torspec.git/tree/padding-spec.txt

24.

Project, T.: Tor metrics. https://metrics.torproject.org/. Accessed Jan 2019

25.

Redondi, A.E.C., Sanvito, D., Cesana, M.: Passive classification of wi-fi enabled devices. In: Proceedings of the 19th ACM International Conference on Modeling, Analysis and Simulation of Wireless and Mobile Systems MSWiM 2016, pp. 51–58. ACM, New York (2016). https://doi.org/10.1145/2988287.2989161

26.

Dinledine, R., Mathewson, N., Murdoch, S., Syverson, P.: Tor: the second-generation onion router (2014 draft v1) (2014). https://murdoch.is/papers/tor14design.pdf

27.

Saltaformaggio, B., et al.: Eavesdropping on fine-grained user activities within smartphone apps over encrypted network traffic. In: Proceedings of the 10th USENIX Conference on Offensive Technologies WOOT 2016, pp. 69–78. USENIX Association, Berkeley (2016). http://dl.acm.org/citation.cfm?id=3027019.3027026

28.

Sokolova, M., Lapalme, G.: A systematic analysis of performance measures for classification tasks. Inf. Process. Manage. 45(4), 427–437 (2009). https://doi.org/10.1016/j.ipm.2009.03.002CrossRef

29.

Stöber, T., Frank, M., Schmitt, J., Martinovic, I.: Who do you sync you are?: Smartphone fingerprinting via application behaviour. In: Proceedings of the Sixth ACM Conference on Security and Privacy in Wireless and Mobile Networks WiSec 2013, pp. 7–12. ACM, New York (2013). https://doi.org/10.1145/2462096.2462099

30.

Taylor, V.F., Spolaor, R., Conti, M., Martinovic, I.: Appscanner: automatic fingerprinting of smartphone apps from encrypted network traffic. In: 2016 IEEE European Symposium on Security and Privacy (EuroS P), pp. 439–454, March 2016. https://doi.org/10.1109/EuroSP.2016.40

31.

Wang, T., Cai, X., Nithyanand, R., Johnson, R., Goldberg, I.: Effective attacks and provable defenses for website fingerprinting. In: Proceedings of the 23rd USENIX Conference on Security Symposium SEC 2014, pp. 143–157. USENIX Association, Berkeley (2014). http://dl.acm.org/citation.cfm?id=2671225.2671235

Titel: Peel the Onion: Recognition of Android Apps Behind the Tor Network
verfasst von: Emanuele Petagna
Giuseppe Laurenza
Claudio Ciccotelli
Leonardo Querzoni
Verlag: Springer International Publishing
Buch: Information Security Practice and Experience
Print ISBN: 978-3-030-34338-5

Electronic ISBN: 978-3-030-34339-2

Copyright-Jahr: 2019
DOI: https://doi.org/10.1007/978-3-030-34339-2_6

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"