[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[freehaven-cvs] r1759: Oops. There were some more notes floating on my laptop. (in doc/trunk: . correlation07)

Author: nickm
Date: 2007-01-27 13:50:56 -0500 (Sat, 27 Jan 2007)
New Revision: 1759

Modified:
   doc/trunk/
   doc/trunk/correlation07/notes.txt
   doc/trunk/correlation07/traffic.bib
Log:
 r11561@catbus:  nickm | 2007-01-27 13:50:49 -0500
 Oops. There were some more notes floating on my laptop.



Property changes on: doc/trunk
___________________________________________________________________
 svk:merge ticket from /freehaven-doc/trunk [r11561] on 8246c3cf-6607-4228-993b-4d95d33730f1

Modified: doc/trunk/correlation07/notes.txt
===================================================================
--- doc/trunk/correlation07/notes.txt	2007-01-24 19:27:56 UTC (rev 1758)
+++ doc/trunk/correlation07/notes.txt	2007-01-27 18:50:56 UTC (rev 1759)
@@ -10,6 +10,7 @@
 yours--but feel free to clarify for my benefit. ;)
 
 
+======================================================================
 
 "Traffic analysis of Continuous-time mixes"
 Danezis,  PET 2004, pp. 35-50
@@ -36,6 +37,8 @@
 Target system seems to be SG-like.
 
 
+======================================================================
+
 "On Flow Correlation Attacks and Countermeasures in Mix Networks"
 - Zhu, Fu, Graham, Bettati, and Zhao.
 PET 2004, pp 207-225.
@@ -57,3 +60,36 @@
 Most crucial details are described in TR2003-8-9, which doesn't seem to be
 online.  Asked Riccardo for a copy on 6 Dec; no link received yet.
 
+
+======================================================================
+"Inter-Packet Delay Based Coorelation for Tracing Encrypted Connections
+ through Stepping Stones"
+- Xinyuan Wang and Douglas S. Reeves and S. Felix Wu
+ESORICS 2002, 244--263
+
+Attack: Against an ersatz low-latency anonymity network built by an attacker
+using chained SSH tunnels or something similar.  Transform in/out streams to
+a correlation metric using a "metric function"; use a "correlation value
+function" to compare metrics.
+
+Uses inter-packet delay as observations of streams; assumes one-to-one
+correspondence with incoming and outgoing packets.
+
+Examines multiple functions to assess correlation: Min/max sum ration (take
+ratio of sum of larger elements pairwise to sum of smaller elements pairwise
+between streams).  Statistical correlation: take correlation of
+IPDs. Normalized dot product 1: X dot Y / MAX(X^2, Y^2).  Normalized dot
+product 2: X dot Y / MAX(x_i,y_i)^2.  Correlation value function: a little
+complex.
+
+Experiment: Build a telnet/ssh/telnet/ssh tunnel, capture traces (how many?)
+with timestamp resolution of 1 usec.  Filter out duplicate, retransmitted,
+and ack-only packets.
+
+Experiment take multiple sets of flows; try to match them with different
+methods.
+
+Favors min/max sum.
+
+
+======================================================================
\ No newline at end of file

Modified: doc/trunk/correlation07/traffic.bib
===================================================================
--- doc/trunk/correlation07/traffic.bib	2007-01-24 19:27:56 UTC (rev 1758)
+++ doc/trunk/correlation07/traffic.bib	2007-01-27 18:50:56 UTC (rev 1759)
@@ -46,6 +46,7 @@
 % http://faculty.cs.tamu.edu/bettati/Papers/Globecom05/globecom05.pdf
 
 
+
 @inproceedings{pet05-bissias,
   author = {George Dean Bissias and Marc Liberatore and Brian Neil Levine},
   title = {Privacy Vulnerabilities in Encrypted HTTP Streams},
@@ -227,12 +228,11 @@
 % not in anonbib
 @InProceedings{TH06a,
   author =       {Gergely T\'oth and Zolt\'an Horn\'ak},
-  title =        {The Chances of Successful Attacks Against Continuous-time
-+Mixes},
+  title =        {The Chances of Successful Attacks Against Continuous-time Mixes},
   booktitle =    {Proceedings of the 11th Nordic Workshop on Secure IT Systems},
   year =         {2006},
   address =      {Link\"oping, Sweden}
-}
+  www_pdf_url = {http://home.mit.bme.hu/~tgm/phd/publikaciok/2006/nordsec06/tg_nordsec2006_06_final-reviewed.pdf}
 
 % Read
 
@@ -281,8 +281,8 @@
   www_important = {1},
   www_ps_url = {http://www.geocities.com/j_f_raymond/mesarticles/berkeley_ws_lncs.ps},
   www_pdf_url = {http://www.geocities.com/j_f_raymond/mesarticles/berkeley_ws_lncs.pdf},
-  notes = {Not terribly useful; describtes timing and volume attacks
-                  only slightly. }
+  notes = {Not terribly useful here; describes timing and volume attacks
+           only slightly in 3.3 and 3.4, but provides no algorithm.}
 }
 
 
@@ -298,7 +298,7 @@
   notes = {Very nicely written formulation of end-to-end timing
                   correlation, with experiments and methods. Focused
                   on tracing ersatz anonymizers constructed by an
-                  attacker. }
+                  attacker.}
 
 }
 
@@ -349,7 +349,7 @@
   www_html_url = "http://guh.nu/projects/ta/safeweb/safeweb.html";,
   www_pdf_url = "http://guh.nu/projects/ta/safeweb/safeweb.pdf";,
   www_ps_url = "http://guh.nu/projects/ta/safeweb/safeweb.ps";,
-  notes = {Introduces fingerprinting.  Doesn't do much statistics.}
+  notes = {Introduces fingerprinting, but doesn't do much statistics.}
 }
 
 

***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxx with
unsubscribe freehaven-cvs       in the body. http://freehaven.net/