TY - GEN
T1 - Spying in the dark
T2 - 12th International Symposium on Privacy Enhancing Technologies, PETS 2012
AU - Gilad, Yossi
AU - Herzberg, Amir
PY - 2012
Y1 - 2012
N2 - We show how to exploit side-channels to identify clients without eavesdropping on the communication to the server, and without relying on known, distinguishable traffic patterns. We present different attacks, utilizing different side-channels, for two scenarios: a fully off-path attack detecting TCP connections, and an attack detecting Tor connections by eavesdropping only on the clients. Our attacks exploit three types of side channels: globally-incrementing IP identifiers, used by some operating systems, e.g., in Windows; packet processing delays, which depend on TCP state; and bogus-congestion events, causing impact on TCP's throughput (via TCP's congestion control mechanism). Our attacks can (optionally) also benefit from sequential port allocation, e.g., deployed in Windows and Linux. The attacks are practical - we present results of experiments for all attacks in different network environments and scenarios. We also present countermeasures for these attacks.
AB - We show how to exploit side-channels to identify clients without eavesdropping on the communication to the server, and without relying on known, distinguishable traffic patterns. We present different attacks, utilizing different side-channels, for two scenarios: a fully off-path attack detecting TCP connections, and an attack detecting Tor connections by eavesdropping only on the clients. Our attacks exploit three types of side channels: globally-incrementing IP identifiers, used by some operating systems, e.g., in Windows; packet processing delays, which depend on TCP state; and bogus-congestion events, causing impact on TCP's throughput (via TCP's congestion control mechanism). Our attacks can (optionally) also benefit from sequential port allocation, e.g., deployed in Windows and Linux. The attacks are practical - we present results of experiments for all attacks in different network environments and scenarios. We also present countermeasures for these attacks.
UR - http://www.scopus.com/inward/record.url?scp=84864243701&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-31680-7_6
DO - 10.1007/978-3-642-31680-7_6
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:84864243701
SN - 9783642316791
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 100
EP - 119
BT - Privacy Enhancing Technologies - 12th International Symposium, PETS 2012, Proceedings
Y2 - 11 July 2012 through 13 July 2012
ER -