Abstract
This paper analyzes the problem of intercepting Internet traffic from the eavesdropper’s point of view. It examines the reliability and accuracy of transcripts, and shows that obtaining “high fidelity” transcripts is harder than previously assumed. Even in highly favorable situations, such as capturing unencrypted traffic using standard protocols, simple — and entirely unilateral — countermeasures are shown to be sufficient to prevent accurate traffic analysis in many Internet interception configurations. In particular, these countermeasures were successful against every available eavesdropping system we tested. Central to our approach is a new class of “confusion” techniques, that unlike cryptography or steganography, do not require cooperation by the communicating parties and, in some cases, can be employed entirely by a third party who is not involved in the communication.
Chapter PDF
Similar content being viewed by others
References
S. Bellovin, Wiretapping the net, The Bridge, vol. 20(2), pp. 21–26, 2000.
C. Bennett, F. Bessette, G. Brassard, L. Salvail and J. Smolin, Experimental quantum cryptography, Advances in Cryptology — Proceedings of EUROCRYPT’90, Springer-Verlag, Berlin-Heidelberg, pp. 253–265, 1990.
M. Blaze and S. Bellovin, Tapping on my network door, Communications of the ACM, vol. 43(10), p. 136, 2000.
E. Cronin, M. Sherr and M. Blaze, The Eavesdropper’s Dilemma, Technical Report MS-CIS-05-24, Department of Computer and Information Science, University of Pennsylvania, Philadephia, Pennsylvania, 2005.
E. Cronin, M. Sherr and M. Blaze, Listen too closely and you may be confused, Proceedings of the Thirteenth International Security Protocols Workshop, 2005.
C. Dickens, A Tale of Two Cities, April 1859.
R. Dingledine, N. Mathewson and P. Syverson, Tor: The second-generation onion router, Proceedings of the Thirteenth Usenix Security Symposium, pp. 303–320, 2004.
IEEE, IEEE Standards for Local Area Networks: Carrier Sense Multiple Access with Collision Detection (CSMA/CD) Access Method and Physical Layer Specifications, IEEE 802.3, 1985.
IEEE, Information Processing Systems — Local Area Networks — Part 4: Token-Passing Bus Access Method and Physical Layer Specifications, IEEE 802.4, 1990.
IEEE, IEEE Standard 802.11-1997 Information Technology — Telecommunications and Information Exchange Between Systems — Local and Metropolitan Area Networks — Specific Requirements — Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications, IEEE 802.11, 1997.
ITU, Multifrequency Push-Button Signal Reception, Recommendation Q.24, ITU Telecommunication Standardization Sector, 1988.
R. Pang and V. Paxson, A high-level programming environment for packet trace anonymization and transformation, Proceedings of the ACM SIGCOMM Conference, pp. 339–351, 2003.
V. Paxson, Bro: A system for detecting network intruders in real time, Computer Networks, vol. 31(23–24), pp. 2435–2463, 1999.
J. Postel (Ed.), Internet protocol, Internet Engineering Task Force RFP 791, September 1981.
T. Ptacek and T. Newsham, Insertion, Evasion and Denial of Service: Eluding Network Intrusion Detection, Technical Report, Secure Networks, Inc., Calgary, Alberta, Canada, 1998.
M. Reiter and A. Rubin, Crowds: Anonymity for web transactions, ACM Transactions on Information and System Security, vol. 1(1), pp. 66–92, 998.
R. Rivest, Chaffing and winnowing: Confidentiality without encryption (theory.lcs.mit.edu/~rivest/chaffing.txt), 1998.
U. Shankar and V. Paxson, Active mapping: Resisting NIDS evasion without altering traffic, Proceedings of the 2003 IEEE Symposium on Security and Privacy, pp. 44–61, 2003.
M. Sherr, E. Cronin, S. Clark and M. Blaze, Signaling vulnerabilities in wiretapping systems, IEEE Security and Privacy, pp. 24–36, November/December 2005.
G. Simmons, The prisoners’ problem and the subliminal channel, in Advances in Cryptology — Proceedings of CRYPTO’83, D. Chaum (Ed.), Plenum Press, New York, pp. 51–67, 1983.
D. Song, fragroute (monkey.org/~dugsong/fragroute), 1999.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 IFIP Internatonal Federation for Information Processing
About this paper
Cite this paper
Cronin, E., Sherr, M., Blaze, M. (2006). On the Reliability of Network Eavesdropping Tools. In: Olivier, M.S., Shenoi, S. (eds) Advances in Digital Forensics II. DigitalForensics 2006. IFIP Advances in Information and Communication, vol 222. Springer, Boston, MA. https://doi.org/10.1007/0-387-36891-4_16
Download citation
DOI: https://doi.org/10.1007/0-387-36891-4_16
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-36890-0
Online ISBN: 978-0-387-36891-7
eBook Packages: Computer ScienceComputer Science (R0)