Abstract
Network-based crime has been increasing in both extent and severity and network-based forensics encapsulates an essential part of legal surveillance. A key network forensics tool is traceback that can be used to identify true sources of suspects. Both accuracy and secrecy are essential attributes of a successful forensic traceback. In this paper, we study a class of hopping-based spread spectrum techniques for forensic traceback, which fully utilize the benefits of the spread spectrum approach and preserves a greater degree of secrecy. Our investigated techniques, including Code Hopping-Direct Sequence Spread Spectrum (CHDSSS), Frequency Hopping-Direct Sequence Spread Spectrum (FH-DSSS), and Time Hopping-Spread Spectrum (TH-DSSS), operate to randomize the effects of marking traffic in both time and frequency domains. Our theoretical analysis, simulations, and real-world experiments validate these DSSS techniques in terms of accuracy and secrecy to benefit network forensics and deter cyber crimes.
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
R. Dingledine, N. Mathewson, and P. Syverson, “Tor: The second-generation onion router,” in Proceedings of the 13th USENIX Security Symposium, August 2004.
Anonymizer, Inc., “Anonymizer,” http://www.anonymizer.com/, 2007.
X. Wang, S. Chen, and S. Jajodia, “Tracking anonymous peer-to-peer voip calls on the internet,” in Proceedings of the 12th ACM Conference on Computer Communications Security (CCS), November 2005.
W. Yu, X. Fu, S. Graham, D. Xuan, and W. Zhao, “Dsss-based flow marking technique for invisible traceback,” in Proceedings of the 2007 IEEE Symposium on Security and Privacy (S&P), May 2007.
X. Fu, Y. Zhu, B. Graham, R. Bettati, and W. Zhao, “On flow marking attacks in wireless anonymous communication networks,” in Proceedings of the IEEE International Conference on Distributed Computing Systems (ICDCS), April 2005.
W. J. Jia, F. P. Tso, Z. Ling, X. Fu, D. Xuan, and W. Yu, “Blind detection of spread spectrum flow watermarks,” in Proceedings of IEEE International Conference on Computer Communications (INFOCOM), April 2009.
Wikipedia, “Mix network,” http://en.wikipedia.org/wiki/Mix_network, 2012.
ir.J.Meel, “Spread spectrum (ss) - introduction,” http://www.sss-mag.com/pdf/Ss_jme_denayer_intro_print.pdf, 1999.
T. F. Wong, “Spread spectrum and code division multiple access,” http://wireless.ece.ufl.edu/~twong/notes1.html, August 2000.
Y. Zhu, X. Fu, B. Graham, R. Bettati, and W. Zhao, “On flow correlation attacks and countermeasures in mix networks,” in Proceedings of Workshop on Privacy Enhancing Technologies (PET), May 2004.
B. N. Levine, M. K. Reiter, C. Wang, and M. Wright, “Timing attacks in low-latency mix-based systems,” in Proceedings of Financial Cryptography (FC), February 2004.
D. X. Song, D. Wagner, and X. Tian, “Timing analysis of keystrokes and timing attacks on ssh,” in Proceedings of 10th USENIX Security Symposium, August 2001.
Q. X. Sun, D. R. Simon, Y. Wang, W. Russell, V. N. Padmanabhan, and L. L. Qiu, “Statistical identification of encrypted web browsing traffic,” in Proceedings of IEEE Symposium on Security and Privacy (S&P), May 2002.
M. Liberatore and B. N. Levine, “Inferring the Source of Encrypted HTTP Connections,” in Proceedings of the ACM conference on Computer and Communication Security (CCS), October 2006.
C. V. Wright, L. Ballard, F. Monrose, and G. M. Masson, “Language Identification of Encrypted VoIP Traffic: Alejandra y Roberto or Alice and Bob?,” in Proceedings of the 16th Annual USENIX Security Symposium (Security), August 2007.
X. Wang and D. S. Reeves, “Robust correlation of encrypted attack traffic through stepping stones by manipulation of inter-packet delays,” in Proceedings of the 2003 ACM Conference on Computer and Communications Security (CCS), November 2003.
S. J. Murdoch and G. Danezis, “Low-cost traffic analysis of tor,” in Proceedings of the IEEE Security and Privacy Symposium (S&P), May 2006.
N. Kiyavash, A. Houmansadr, and N. Borisov, “Multiflow attacks against network flow watermarking schemes,” in Proceedings of the 17th USENIX Security Symposium, July 2008.
G. Smillie, Analogue and Digital Communication Techniques, Butterworth-Heinemann, 1999.
P. Peng, P. Ning, and D. S. Reeves, “On the secrecy of timing-based active watermarking trace-back techniques,” in Proceedings of the IEEE Security and Privacy Symposium (S&P), May 2006.
T. M. Cover and J. A. Thomas, Elements of Information Theory, Wiley-Interscience, 1991.
S. Verdu, “On channel capacity per unit cost,” IEEE Transactions on Information Theory, vol. 36, no. 5, pp. 1019–1030, November 1990.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/), which permits unrestricted non-commercial use, distribution, and reproduction in any medium, provided the original work is properly cited.
About this article
Cite this article
Yu, W., Fu, X., Blasch, E. et al. On Effectiveness of Hopping-Based Spread Spectrum Techniques for Network Forensic Traceback. Int J Netw Distrib Comput 1, 144–158 (2013). https://doi.org/10.2991/ijndc.2013.1.3.3
Received:
Accepted:
Published:
Issue date:
DOI: https://doi.org/10.2991/ijndc.2013.1.3.3