Annual Computer Security Applications Conference 2011 Technical Track Papers

Full Program »

Exposing Invisible Timing-based Traffic Watermarks with BACKLIT

Traffic watermarking has become an important element in many network security and privacy applications. By injecting a traffic watermark to a network flow, the watermarked traffic could be identified and followed from other network locations. Thus, it can be used for tracing communications among bot-compromised machines, deanonymizing peer-to-peer VoIP calls, and other novel applications. The state-of-the-art traffic watermarking schemes are based on packet timing information. These timing-based watermarks are known to be robust to adversarial network conditions and notoriously difficult to detect. In this paper, however, we show for the first time that even the most sophisticated timing-based watermarking schemes (e.g., RAINBOW and SWIRL) are not invisible. We show this by proposing a new detection system called BACKLIT which can expose several advanced timing-based traffic watermarks. BACKLIT is designed based on the first principle that any practical timing-based watermark will cause noticeable alterations to the intrinsic timing features typical of TCP flows. Based on this principle, we design five metrics which are sufficient for detecting four main watermarks for bulk transfer and interactive traffic. Equally important, BACKLIT can be deployed easily in stepping stones or anonymity networks (e.g., Tor), because it does not rely on unrealistic assumptions and can be realized in either active or passive mode. We have conducted extensive experiments to evaluate BACKLIT's detection performance on the PlanetLab platform, and the results show that BACKLIT can detect watermarked network flows with high accuracy and low false positives.

Author(s):

Xiapu Luo    
The Hong Kong Polytechnic University
Hong Kong

Peng Zhou    
The Hong Kong Polytechnic University
Hong Kong

Junjie Zhang    
Georgia Institute of Technology
United States

Roberto Perdisci    
University of Georgia
United States

Wenke Lee    
Georgia Institute of Technology
United States

Rocky K. C. Chang    
The Hong Kong Polytechnic University
Hong Kong

 

Powered by OpenConf®
Copyright©2002-2014 Zakon Group LLC