covert channel vulnerabilities in anonymity...
TRANSCRIPT
Covert channel vulnerabilitiesin anonymity systems
Attacker
webserverTor NetworkVictim client
Measurer
Alice
Bob
Walter
Time (hh:mm)
01:00 05:00 09:00
Non
−lin
ear
offs
et c
ompo
nent
(m
s)
−−4
−3
−2
−1
0
●●●●●●●
●●●●●●●●●●
●
●●●
●●
●●●●
●●●●
●
●●●●
●
●●●●●●●●●●●
●●●
●●
●●
●●●●●
●●●●
●●●●
●●●
●●
●●
●
●●●●
●●
●●●
●●●●
●●●●
●●●●●
●
●●
●●●
●
●
●●●
●
●●
●
●●●
●●
●
●●●●
●●●
●●●●
●●●
●●●●
●
●●●
●●●●●●●
●
●●
●●●
●●●●
●●●●●●●●●●●
●●●●●●●
●●●●●
●●
●●●
●
●●
●●●
●●●●●●●
●●●
●●●●●
●●
37.5
38.0
38.5
39.0
Tem
pera
ture
(°C
)
●
Steven J. Murdoch
http://www.cl.cam.ac.uk/users/sjm217/
Computer Laboratory www.torproject.org
Security and Trust Management, 16–17 June 2008, Trondheim, Norway
It all started with an Xbox
The competition was to play Connect-4
Our programs signalled identitythrough the moves they made
Pos
sibl
e m
ove
sequ
ence
s (lo
g sc
ale)
Move number
1 2 3 4 5 6 7 8 9 10
1.0
4.7
14.2
41.4
101.2
332.9 484.0
1399.0
4001.06380.0
−
− −
−
−
− −
−
−
−
−
− −
−
−
− −
−
− −
51840
480
We wrote a paper for InfoHiding 2004
Following PET 2004, I operated a Tornode at Cambridge University
Our attack was to trace anonymouspaths through the network
Attacker
webserverTor NetworkVictim client
Measurer
Latency measurements showed trafficload flowing through a node
time (s)
late
ncy
(ms)
0 200 400 600 800
116.
0050
010
0015
0020
00
Induced load
Latency
We wrote a paper for Oakland 2005
Following InfoHiding 2004, I alsoinvestigated currency watermarking
I presented my results at again 21C3,and attended a talk on Nushu
Alice
Bob
Walter
Initial sequence numbers havecomplex structure
Source IP Dest. IP S. Port D. Port
R Concatenate 32 random bits
R-MD4 block: 256 random bits
Take bits 32–63
c replace top byte with rekey counter. . .. . .and add 32-bit time (µs)+T
Initial sequence numbers havecomplex structure
Source IP Dest. IP S. Port D. Port
R Concatenate 32 random bits
R-MD4 block: 256 random bits
Take bits 32–63
c replace top byte with rekey counter. . .. . .and add 32-bit time (µs)+T
Initial sequence numbers havecomplex structure
Source IP Dest. IP S. Port D. Port
R Concatenate 32 random bits
R-MD4 block: 256 random bits
Take bits 32–63
c replace top byte with rekey counter. . .. . .and add 32-bit time (µs)+T
Initial sequence numbers havecomplex structure
Source IP Dest. IP S. Port D. Port
R Concatenate 32 random bits
R-MD4 block: 256 random bits
Take bits 32–63
c replace top byte with rekey counter. . .. . .and add 32-bit time (µs)+T
Initial sequence numbers havecomplex structure
Source IP Dest. IP S. Port D. Port
R Concatenate 32 random bits
R-MD4 block: 256 random bits
Take bits 32–63
c replace top byte with rekey counter. . .
. . .and add 32-bit time (µs)+T
Initial sequence numbers havecomplex structure
Source IP Dest. IP S. Port D. Port
R Concatenate 32 random bits
R-MD4 block: 256 random bits
Take bits 32–63
c
replace top byte with rekey counter. . .
. . .and add 32-bit time (µs)+T
Even putting perfectly random ISNs willbe detectable
●●
●
●●●●●●
●●●●●●●●
●
●
●
●
●●●●●
●
●
●
●
●●●
●●●●●●
●
●●●
●
●
●●●●
●
●●●●
●
●●●
●
●●●●●●●●●●
●
●
●●
●
●●●●
●●
●
●●●●●●
●●
●
●●●●●●●●●●●●●●●
●●
●●●●●
●
●●●
●●●
●●●●●●●●
●●
●●●●●●
●
●
●
●●●●
●
●●
●●
●●
●
●●●●●
●
●●●●
●
●●●●●●●●
●●●
●●●●●
●
●
●
●●
●●
●
●●●●
●
●●●●●
●●●
●
●
●
●
●
●●
●
●●
●
●
●
●●●●
●
●●●●●●●●●
●●
●
●
●●●●●
●●
●●●●●●
●●
●
●
●●
●
●
●
●
●●●●●●●
●
●●●●●●●●●
●
●●
●
●●
●
●●●●
●
●
●●●●
●●●●●●●●●
●
●
●
●●●●●
●
●
●
●●●
●●●
●
●●●●●●●●●●
●
●
●●
●
●
●●●
●●
●
●●
●
●
●
●
●●
●●
●
●
●
●●●●●●
●
●●●●●●
●●
●●
●
●
●●●●●●
●
●
●●
●
●
●●●●
●
●
●
●
●●●●
●
●
●
●
●●
●●●●●
●
●●●
●●●●
●
●
●●●●●
●
●●
●
●●
●
●
●
●●●●
●
●
●●●●●●●
●●●●●●●●●●
●
●●
●
●
●●●●●●●●
●
●●●
●
●●●
●
●●
●
●
●
●●
●●
●
●●●●●
●
●
●●●●●●●
●
●
●●
●
1 2 3 4 5 6 7
1176
3000
5000
7212
Unmodified Linux
Time difference (ms)
ISN
diff
eren
ce (
mod
232
)
●
●
●
●●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●●
●
●
●●
●
● ●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●●
●
●
●
●
●
●
●
●●
●
●
●●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●●
●
●
●
●●
●
●
●●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
● ●
●
●
●
●
●
●
●●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●●
●
●
●
●
●
●
●
●
●
●
●
●
●●
●
●
●
●
●
●
●
●
●
●
●●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●●
●
●
●
●
●
●
●
●●
●
●
●
●
●
●
●
●
●
●●
●
●
●
●
●
●
●●
●
●
●
●
●
●
●●
●
●
●
●
●
●
●
●
●●
●
●
●
●
●
●
●
●
●●
●
●
●
●
●
●
●
●
●
●
●●
●●
●
●
●
●●
●
●
●●
●
●
●
●
●
●
●
●
● ●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●●
●
●
●
●
●
●●
●●
●
●
●●
●●
●
●
●
●●
●
●●
●
●
●
●
●
● ●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●●
●
●
●
●
●
●
●
●
●
●●
●
●
●
●
●●
●
●
●
●
●
●
●
●
●
●
●
●
●
●●
●●
●
●
●
●
●
●
●●
●
●
●
●●
●
●
●
●
●
●
●
●
●
●
●
●●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
0 1 2 3 4 5 6 7
1272
0000
2e+
093e
+09
4.29
3e+
09
Random ISN
Time difference (ms)
We wrote a paper on TCPsteganography for InfoHiding 2005
At Oakland 2005 I attended a talk onclock skew and security
0 100 200 300 400
020
4060
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●
●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●
Time (s)
Offs
et (
ms)
Clock skew changes with temperature
Time
Fri 11:00 Fri 21:00 Sat 07:00 Sat 17:00
Non
−lin
ear
offs
et c
ompo
nent
(m
s)
−−2.0
−1.5
−1.0
−0.5
0.0
●
●
●●
●●●
●●
●●
●
●●
●●●
●●
●
●●
●●
●●●
●●●●
●
●
●
●
●
●
●
●
●
●
●●
●
●
●●
●
●●●
●
●
●
●
●
●●
●
●
●
●●
●●
●
●●
●●
●●●
●●
●
●
●●
●●●
●
●
●●
●
●
●●
●●●
●
●
●
●
25.8
25.9
26.0
26.1
26.2
26.3
26.4
Tem
pera
ture
(°C
)
●
Non−linear offset
De−noised
Variable skew
Temperature
We can do the same attack on Tor,measuring skew rather than latency
Attacker Tor Network Hidden Server
Measurer
Pattern measured
Pattern injected
Resulting pattern
The results show clear patterns
Time (hh:mm)
01:00 05:00 09:00
Non
−lin
ear
offs
et c
ompo
nent
(m
s)
−−4
−3
−2
−1
0
●●●●●●●
●●●●●●●●●●
●
●●●
●●
●●●●
●●●●
●
●●●●
●
●●●●●●●●●●●
●●●
●●
●●
●●●●●
●●●●
●●●●
●●●
●●
●●
●
●●●●
●●
●●●
●●●●
●●●●
●●●●●
●
●●
●●●
●
●
●●●
●
●●
●
●●●
●●
●
●●●●
●●●
●●●●
●●●
●●●●
●
●●●
●●●●●●●
●
●●
●●●
●●●●
●●●●●●●●●●●
●●●●●●●
●●●●●
●●
●●●
●
●●
●●●
●●●●●●●
●●●
●●●●●
●●
37.5
38.0
38.5
39.0
Tem
pera
ture
(°C
)
●
From these results, I wrote my thesis