Papers by Sambuddho Chakravarty
Ieee Globecom 2007 Ieee Global Telecommunications Conference, Nov 1, 2007
Traditionally, signal-to-noise ratio of a mobile determines the handoff dynamics of the mobile. B... more Traditionally, signal-to-noise ratio of a mobile determines the handoff dynamics of the mobile. But in certain cases, precise location of the mobile augmented by information services, such as IEEE 802.21 MIS, can expedite the handoff with similar performance results. We illustrate an experimental system that takes advantage of the mobile's relative location with the neighboring access point to perform proactive handoff. It keeps track of the current location of the mobile and then uses the information from the neighboring networks to help perform the proactive handoff. Proactive handover technique helps the mobile to communicate with these networks before the handover is complete thereby reducing the delay and packet loss. In some cases, location-assisted handover could prove to be more useful compared to the handover technique based on signal-noise-ratio.
Lecture Notes in Computer Science, 2010
We introduce a novel remotely-mounted attack that can expose the network identity of an anonymous... more We introduce a novel remotely-mounted attack that can expose the network identity of an anonymous client, hidden service, and anonymizing proxies. To achieve this, we employ single-end controlled available bandwidth estimation tools and a colluding network entity that can modulate the traffic destined for the victim. To expose the circuit including the source, we inject a number of short or one large burst of traffic. Although timing attacks have been successful against anonymity networks, they require either a Global Adversary or the compromise of substantial number of anonymity nodes. Our technique does not require compromise of, or collaboration with, any such entity.
We introduce a novel remotely-mounted attack that can ex- pose the network identity of an anonymo... more We introduce a novel remotely-mounted attack that can ex- pose the network identity of an anonymous client, hidden service, and anonymizing proxies. To achieve this, we employ single-end controlled available bandwidth estimation tools and a colluding network entity that can modulate the trac destined for the victim. To expose the circuit including the source, we inject a number of short
Lecture Notes in Computer Science, 2014
Low-latency anonymous communication networks, such as Tor, are geared towards web browsing, insta... more Low-latency anonymous communication networks, such as Tor, are geared towards web browsing, instant messaging, and other semi-interactive applications. To achieve acceptable quality of service, these systems attempt to preserve packet interarrival characteristics, such as inter-packet delay. Consequently, a powerful adversary can mount traffic analysis attacks by observing similar traffic patterns at various points of the network, linking together otherwise unrelated network connections. Previous research has shown that having access to a few Internet exchange points is enough for monitoring a significant percentage of the network paths from Tor nodes to destination servers. Although the capacity of current networks makes packetlevel monitoring at such a scale quite challenging, adversaries could potentially use less accurate but readily available traffic monitoring functionality, such as Cisco's NetFlow, to mount largescale traffic analysis attacks.
Lecture Notes in Computer Science, 2011
Anonymous communication networks like Tor partially protect the confidentiality of their users' t... more Anonymous communication networks like Tor partially protect the confidentiality of their users' traffic by encrypting all intraoverlay communication. However, when the relayed traffic reaches the boundaries of the overlay network towards its actual destination, the original user traffic is inevitably exposed. At this point, unless end-toend encryption is used, sensitive user data can be snooped by a malicious or compromised exit node, or by any other rogue network entity on the path towards the actual destination. We explore the use of decoy traffic for the detection of traffic interception on anonymous proxying systems. Our approach is based on the injection of traffic that exposes bait credentials for decoy services that require user authentication. Our aim is to entice prospective eavesdroppers to access decoy accounts on servers under our control using the intercepted credentials. We have deployed our prototype implementation in the Tor network using decoy IMAP and SMTP servers. During the course of ten months, our system detected ten cases of traffic interception that involved ten different Tor exit nodes. We provide a detailed analysis of the detected incidents, discuss potential improvements to our system, and outline how our approach can be extended for the detection of HTTP session hijacking attacks.
International Journal of Information Security, 2014
Proceedings 2015 Workshop on Security of Emerging Networking Technologies, 2015
Network censorship and surveillance generally involves ISPs working under the orders of repressiv... more Network censorship and surveillance generally involves ISPs working under the orders of repressive regimes, monitoring (and sometimes filtering) users' traffic, often using powerful networking devices, e.g. routers capable of performing Deep Packet Inspection (DPI). Such routers enables their operators to observe contents of network flows (traversing their routers) having specific byte sequences. Tor, a low-latency anonymity network has also been widely used to circumvent censorship and surveillance. However, recent efforts have shown that all anti-censorship measures employable using Tor, e.g. Bridges (unadvertised relays) or camouflaging Tor traffic as unfiltered protocol messages (e.g. SkypeMorph), are detectable. To bypass this arms race, several recent efforts propose network based anticensorship systems, collectively and colloquially referred to as Decoy Routers.
2008 IEEE International Conference on Signal Image Technology and Internet Based Systems, 2008
We present a novel, practical, and effective mechanism that exposes the identity of Tor relays pa... more We present a novel, practical, and effective mechanism that exposes the identity of Tor relays participating in a given circuit. Such an attack can be used by malicious or compromised nodes to identify the rest of the circuit, or as the first step in a follow-on trace-back attack. Our intuition is that by modulating the bandwidth of an anonymous connection (e.g., when the destination server, its router, or an entry point is under our control), we create observable fluctuations that propagate through the Tor network and the Internet to the end-user's host. To that end, we employ LinkWidth, a novel bandwidth-estimation technique. LinkWidth enables network edge-attached entities to estimate the available bandwidth in an arbitrary Internet link without a cooperating peer host, router, or ISP. Our approach also does not require compromise of any Tor nodes. In a series of experiments against the Tor network, we show that we can accurately identify the network location of most participating Tor relays.
Traditionally, signal-to-noise ratio of a mobile determines the handoff dynamics of the mobile. B... more Traditionally, signal-to-noise ratio of a mobile determines the handoff dynamics of the mobile. But in certain cases, precise location of the mobile augmented by information services, such as IEEE 802.21 MIS, can expedite the handoff with similar performance results. We illustrate an experimental system that takes advantage of the mobile's relative location with the neighboring access point to perform proactive handoff. It keeps track of the current location of the mobile and then uses the information from the neighboring networks to help perform the proactive handoff. Proactive handover technique helps the mobile to communicate with these networks before the handover is complete thereby reducing the delay and packet loss. In some cases, location-assisted handover could prove to be more useful compared to the handover technique based on signal-noise-ratio.
Anonymous communication networks like Tor partially protect the confidentiality of their users' t... more Anonymous communication networks like Tor partially protect the confidentiality of their users' traffic by encrypting all intraoverlay communication. However, when the relayed traffic reaches the boundaries of the overlay network towards its actual destination, the original user traffic is inevitably exposed. At this point, unless end-toend encryption is used, sensitive user data can be snooped by a malicious or compromised exit node, or by any other rogue network entity on the path towards the actual destination. We explore the use of decoy traffic for the detection of traffic interception on anonymous proxying systems. Our approach is based on the injection of traffic that exposes bait credentials for decoy services that require user authentication. Our aim is to entice prospective eavesdroppers to access decoy accounts on servers under our control using the intercepted credentials. We have deployed our prototype implementation in the Tor network using decoy IMAP and SMTP servers. During the course of six months, our system detected eight cases of traffic interception that involved eight different Tor exit nodes. We provide a detailed analysis of the detected incidents, discuss potential improvements to our system, and outline how our approach can be extended for the detection of HTTP session hijacking attacks.
We present a novel, practical, and eective mecha- nism for exposing the IP address of Tor relays,... more We present a novel, practical, and eective mecha- nism for exposing the IP address of Tor relays, clients and hidden services. We approximate an almost-global passive adversary (GPA) capable of eavesdropping any- where in the network by using LinkWidth. LinkWidth allows network edge-attached entities to estimate the available bandwidth in an arbitrary Internet link with- out a cooperating peer host,
We introduce LinkWidth, a method for estimating capacity and available bandwidth using single-end... more We introduce LinkWidth, a method for estimating capacity and available bandwidth using single-end controlled TCP packet probes. To estimate capacity, we generate a train of TCP RST packets "sandwiched" between two TCP SYN packets. Capacity is obtained by end-to-end packet dispersion of the received TCP RST/ACK packets corresponding to the TCP SYN packets. Our technique is significantly different from the rest of the packet-pair-based measurement techniques, such as CapProbe, pathchar and pathrate, because the long packet trains minimize errors due to bursty crosstraffic. TCP RST packets do not generate additional ICMP replies preventing cross-traffic interference with our probes. In addition, we use TCP packets for all our probes to prevent some types of QoS-related traffic shaping from affecting our measurements.
Uploads
Papers by Sambuddho Chakravarty