28-10-2016, 12:11 PM
1462002177-1401107050152.pptx (Size: 711.13 KB / Downloads: 7)
Introduction
Wireless network is type of computer network that uses wireless data connections for connecting network
Traffic analysis is the process of intercepting and examining messages for deduce information from patterns in communication
Shared-medium nature of wireless links
Even traffic is encrypted, traffic features are exposed to adversaries, and the user may suffer from traffic analysis attacks
Extracts identifiable traffic features, such as packet size, frequency of a packet and the packet inter arrival time
Machine learning techniques, as Support Vector Machine (SVM), K nearest neighborhood(K-NN), Bayesian techniques and Hidden Markov Models (HMM)
Through traffic analysis an adversary can identify user’s online activities (e.g., web browsing, chatting, online gaming, downloading, uploading, online video and Bit Torrent (BT)) and glean what other users are browsing in a few seconds with high accuracy
The adversaries accurately tell which online applications are active through SVM and NN algorithms.
The accuracy reaches around 80% in 5 seconds
one minute, accuracy is higher than 90%
100% accuracy in most of the situations
Background Work
Attack Model
Easy for adversary monitoring traffic traces from and to a specific user with sniffer software(e.g., Wireshark, Aircrack-ng)
Identify traffic features and use traffic analysis to link the features to certain facts or secrets
Average packet inter arrival time, average packet size and packet size distribution, used to profile users’ actual online activities
Figure 1 show packet size probability of distribution function when the applications receive packets from the AP.
Traffic padding and packet padding
Traffic padding used to hide the traffic pattern, which means to insert dummy traffic into the network and present to the intruder a different traffic pattern
The apparent traffic pattern, which is observed by intruder, is referred to as a cover mode that hides the real operation mode of the system
Traffic padding produces cipher text output continuously, even in the absence of plaintext
A continuous random data stream is generated, When plaintext is available, it is encrypted and transmitted
When input plaintext is not present, random data are encrypted and transmitted
Cont’d
This makes it impossible for an attacker to distinguish between true data flow and padding and therefore impossible to deduce the amount of traffic
Inefficient and incur high overheads[1]
The adversary is still able to perform accurate classification with accuracy 86.2%[1]
Traffic Reshaping
The goal of traffic reshaping is to enhance privacy protection by preventing information leaks without incurring noticeable overhead
Obscure traffic features without padding
Sub-flow transmitted on a virtual wireless link
Conclusion
Propose traffic reshaping algorithm to protect users online privacy
Creates multiple virtual interfaces
Results show accuracy decreases from 83.24% to 43.69% when eavesdropping duration is 5 seconds
Accuracy decreases from 91.86% to 44.49% when duration is 60 seconds
Not using packet padding so no additional overhead