TagIt: Tagging Network Flows using Blind Fingerprints

Authors: Fatemeh Rezaei (University of Massachusetts Amherst), Amir Houmansadr (University of Massachusetts Amherst)

Volume: 2017
Issue: 4
Pages: 290–307
DOI: https://doi.org/10.1515/popets-2017-0050

Download PDF

Abstract: Flow fingerprinting is a mechanism for linking obfuscated network flows at large scale. In this paper, we introduce the first blind flow fingerprinting system called TagIt. Our system works by modulating fingerprint signals into the timing patterns of network flows through slightly delaying packets into secret time intervals only known to the fingerprinting parties. We design TagIt to to enable reliable fingerprint extraction by legitimate fingerprinting parties despite natural network noise, but invisible to an adversary who does not possess the secret fingerprinting key. TagIt makes use of randomization to resist various detection attacks such as multi-flow attacks. We evaluate the performance and invisibility of TagIt through theoretical analysis as well as simulations and experimentation on live network flows.

Keywords: Traffic analysis, fingerprinting, anonymity systems

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution-NonCommercial-NoDerivs license.