We study two timing channel problems abstracted from practices of network traffic analysis.The first timing channel exists in a router receiving packets from two users;due to the sharing of router buffer, queuing delays of one user's packets incidentally convey information about the other user's packet arrival pattern.We demonstrate the feasibility of such a channel in reality by devising a remote traffic analysis attack on home broadband users. In particular, we implement a website detection attackthat exploits a timing side channel in the user's DSL router, and show thatadversaries can learn sufficient information pertaining to the user's activities on the web by sending probes from a far-off vantage point.To investigateperformances of timing side channels in general systems with a shared queue, we consider a job scheduler serving a regular user and a malicious attacker, and quantify information leakage using a Shannon mutual information based metric. Our analysisreveals the fundamental privacy flaw of the class ofdeterministic work-conserving schedulers, such as longest-queue-first (LQF), first-come-fist-serve (FCFS), and round robin;we show that the attacker always learns half of a low-rate user's arrival pattern. We also study the usage of a shared queue for covert communication by considering atiming covert channel scenario,where one user of the scheduler encodes a message in job-issuing timesand the other user decodes this message from job queuing delays.Formulating this as a conventional communication channel problem, we derive the channel capacities for common schedulers.The second timing channel studied is the timing stenographic channel arising innetwork flow watermarking, a technique with applications in attacking low-latency anonymous networks and detecting stepping stones. By injecting an ``invisible"timing pattern (namely the watermark) in a packet flow, onecan stealthily track the path of the flow in the network.Earlier flow watermarking schemes mostly considered substitution errors, neglecting the effects of packet insertions and deletions that commonly happen within a network. More recent schemes considered packet deletions but often at the expense of the watermark visibility. We present an invisible flow watermarking scheme capable of enduring a large number of packet losses and insertions.We model the watermarking embedding/decoding processes as a timing stenographic channel with dependent substitution, deletion and bursty insertion errors, and propose a reliable watermark decoding scheme by formulating the watermark decoding as an estimation problem.To maintain visibility, our schemeembeds the watermark into inter-packet delays, as opposed to time intervals including many packets. Experimental results on both synthetic and real network traces demonstrate that our scheme is robust to network jitter, packet drops and splits, while remaining invisible to an attacker.
PDF
download
878987797
028-85220240
