Abstract: The greatest danger to free speech on the Internet today is filtering of traffic using protocol fingerprinting. Protocols such as SSL, Tor, BitTorrent, and VPNs are being summarily blocked, regardless of their legal and ethical uses. Fortunately, it is possible to bypass this filtering by reencoding traffic into a form which cannot be correctly fingerprinted by the filtering hardware. I will be presenting a tool called Dust which provides an engine for reencoding traffic into a variety of forms. By developing a good model of how filtering hardware differentiates traffic into different protocols, a profile can be created which allows Dust to reencode arbitrary traffic to bypass the filters.
Dust is different than other approaches because it is not simply another obfuscated protocol. It is an engine which can encode traffic according to the given specifications. As the filters change their algorithms for protocol detection, rather than developing a new protocol, Dust can just be reconfigured to use different parameters. In fact, Dust can be automatically reconfigured using examples of what traffic is blocked and what traffic gets through. Using machine learning a new profile is created which will reencode traffic so that it resembles that which gets through and not that which is blocked. Dust has been created with the goal of defeating real filtering hardware currently deployed for the purpose of censoring free speech on the Internet. In this talk I will discuss how the real filtering hardware work and how to effectively defeat it.
Entries Tagged "traffic analysis"
Page 2 of 2
There’s an article from Wednesday’s Wall Street Journal that gives more details about the NSA’s data collection efforts.
The system has the capacity to reach roughly 75% of all U.S. Internet traffic in the hunt for foreign intelligence, including a wide array of communications by foreigners and Americans. In some cases, it retains the written content of emails sent between citizens within the U.S. and also filters domestic phone calls made with Internet technology, these people say.
The programs, code-named Blarney, Fairview, Oakstar, Lithium and Stormbrew, among others, filter and gather information at major telecommunications companies. Blarney, for instance, was established with AT&T Inc….
This filtering takes place at more than a dozen locations at major Internet junctions in the U.S., officials say. Previously, any NSA filtering of this kind was largely believed to be happening near points where undersea or other foreign cables enter the country.
The systems operate like this: The NSA asks telecom companies to send it various streams of Internet traffic it believes most likely to contain foreign intelligence. This is the first cut of the data. These requests don’t ask for all Internet traffic. Rather, they focus on certain areas of interest, according to a person familiar with the legal process. “It’s still a large amount of data, but not everything in the world,” this person says.
The second cut is done by NSA. It briefly copies the traffic and decides which communications to keep based on what it calls “strong selectors”—say, an email address, or a large block of computer addresses that correspond to an organization it is interested in. In making these decisions, the NSA can look at content of communications as well as information about who is sending the data. One U.S. official says the agency doesn’t itself “access” all the traffic within the surveillance system. The agency defines access as “things we actually touch,” this person says, pointing out that the telecom companies do the first stage of filtering.
The surveillance system is built on relationships with telecommunications carriers that together cover about 75% of U.S. Internet communications. They must hand over what the NSA asks for under orders from the secret Foreign Intelligence Surveillance Court. The firms search Internet traffic based on the NSA’s criteria, current and former officials say.
The NSA seems to have finally found a PR agency with a TS/SI clearance, since there was a response to this story. They’ve also had a conference call with the press, and the Director of National Intelligence is on Twitter and Tumblr.
I am completely croggled by the fact that the NSA apparently had absolutely no contingency plans for this sort of thing.
From a FOIAed Department of Transportation document on investigative techniques:
A “mail cover” is the process by which the U.S. Postal Service records any data appearing on the outside cover of any class of mail, sealed or unsealed, or by which a record is made of the contents of unsealed (second-, third-, or fourth-class) mail matter as allowed by law. This “rnail cover” is done to obtain information in the interest of protecting national security, locating a fugitive, or obtaining evidence of commission or attempted commission of a felony crime, or assist in the identification of property, proceeds, or assets forfeitable under law.
Seems to be the paper mail equivalent of a pen register. I’d never heard of the term before.
There’s a nice example of traffic analysis in the book No Name, by Wilkie Collins (1862). The attacker, Captain Wragge, needs to know whether a letter has been placed in the mail. He knows who it will have been addressed to if it has been mailed, and with that information, is able to convince the postmaster to tell him that it has, in fact, been mailed:
If she had gone to the admiral’s, no choice would be left him but to follow the coach, to catch the train by which she traveled, and to outstrip her afterward on the drive from the station in Essex to St. Crux. If, on the contrary, she had been contented with writing to her master, it would only be necessary to devise measures for intercepting the letter. The captain decided on going to the post-office, in the first place. Assuming that the housekeeper had written, she would not have left the letter at the mercy of the servant—she would have seen it safely in the letter-box before leaving Aldborough.
“Good-morning,” said the captain, cheerfully addressing the postmaster. “I am Mr. Bygrave of North Shingles. I think you have a letter in the box, addressed to Mr.—?”
The postmaster was a short man, and consequently a man with a proper idea of his own importance. He solemnly checked Captain Wragge in full career.
“When a letter is once posted, sir,” he said, “nobody out of the office has any business with it until it reaches its address.”
The captain was not a man to be daunted, even by a postmaster. A bright idea struck him. He took out his pocketbook, in which Admiral Bartram’s address was written, and returned to the charge.
“Suppose a letter has been wrongly directed by mistake?” he began. “And suppose the writer wants to correct the error after the letter is put into the box?”
“When a letter is once posted, sir,” reiterated the impenetrable local authority, “nobody out of the office touches it on any pretense whatever.”
“Granted, with all my heart,” persisted the captain. “I don’t want to touch it—I only want to explain myself. A lady has posted a letter here, addressed to ‘Noel Vanstone, Esq., Admiral Bartram’s, St. Crux-in-the-Marsh, Essex.’ She wrote in a great hurry, and she is not quite certain whether she added the name of the post-town, ‘Ossory.’ It is of the last importance that the delivery of the letter should not be delayed. What is to hinder your facilitating the post-office work, and obliging a lady, by adding the name of the post-town (if it happens to be left out), with your own hand? I put it to you as a zealous officer, what possible objection can there be to granting my request?”
The postmaster was compelled to acknowledge that there could be no objection, provided nothing but a necessary line was added to the address, provided nobody touched the letter but himself, and provided the precious time of the post-office was not suffered to run to waste. As there happened to be nothing particular to do at that moment, he would readily oblige the lady at Mr. Bygrave’s request.
Captain Wragge watched the postmaster’s hands, as they sorted the letters in the box, with breathless eagerness. Was the letter there? Would the hands of the zealous public servant suddenly stop? Yes! They stopped, and picked out a letter from the rest.
“‘Noel Vanstone, Esquire,’ did you say?” asked the postmaster, keeping the letter in his own hand.
“‘Noel Vanstone, Esquire,'” replied the captain, “‘Admiral Bartram’s, St. Crux-in-the-Marsh.'”
“Ossory, Essex,” chimed in the postmaster, throwing the letter back into the box. “The lady has made no mistake, sir. The address is quite right.”
Nothing but a timely consideration of the heavy debt he owed to appearances prevented Captain Wragge from throwing his tall white hat up in the air as soon as he found the street once more. All further doubt was now at an end. Mrs. Lecount had written to her master—therefore Mrs. Lecount was on her way to Zurich!
“Protecting your daily in-home activity information from a wireless snooping attack,” by Vijay Srinivasan, John Stankovic, and Kamin Whitehouse:
Abstract: In this paper, we first present a new privacy leak in residential wireless ubiquitous computing systems, and then we propose guidelines for designing future systems to prevent this problem. We show that we can observe private activities in the home such as cooking, showering, toileting, and sleeping by eavesdropping on the wireless transmissions of sensors in a home, even when all of the transmissions are encrypted. We call this the Fingerprint and Timing-based Snooping (FATS) attack. This attack can already be carried out on millions of homes today, and may become more important as ubiquitous computing environments such as smart homes and assisted living facilities become more prevalent. In this paper, we demonstrate and evaluate the FATS attack on eight different homes containing wireless sensors. We also propose and evaluate a set of privacy preserving design guidelines for future wireless ubiquitous systems and show how these guidelines can be used in a hybrid fashion to prevent against the FATS attack with low implementation costs.
The group was able to infer surprisingly detailed activity information about the residents, including when they were home or away, when they were awake or sleeping, and when they were performing activities such as showering or cooking. They were able to infer all this without any knowledge of the location, semantics, or source identifier of the wireless sensors, while assuming perfect encryption of the data and source identifiers.
The team of researchers, which includes graduate students David Choffnes (electrical engineering and computer science) and Dean Malmgren (chemical and biological engineering), and postdoctoral fellow Jordi Duch (chemical and biological engineering), studied connection patterns in the BitTorrent file-sharing network—one of the largest and most popular P2P systems today. They found that over the course of weeks, groups of users formed communities where each member consistently connected with other community members more than with users outside the community.
“This was particularly surprising because BitTorrent is designed to establish connections at random, so there is no a priori reason for such strong communities to exist,” Bustamante says. After identifying this community behavior, the researchers showed that an eavesdropper could classify users into specific communities using a relatively small number of observation points. Indeed, a savvy attacker can correctly extract communities more than 85 percent of the time by observing only 0.01 percent of the total users. Worse yet, this information could be used to launch a “guilt-by-association” attack, where an attacker need only determine the downloading behavior of one user in the community to convincingly argue that all users in the communities are doing the same.
Given the impact of this threat, the researchers developed a technique that prevents accurate classification by intelligently hiding user-intended downloading behavior in a cloud of random downloading. They showed that this approach causes an eavesdropper’s classification to be wrong the majority of the time, providing users with grounds to claim “plausible deniability” if accused.
A recent article in the London Review of Books revealed that a number of private companies now sell off-the-shelf data-mining solutions to government spies interested in analyzing mobile-phone calling records and real-time location information. These companies include ThorpeGlen, VASTech, Kommlabs, and Aqsacom—all of which sell “passive probing” data-mining services to governments around the world.
ThorpeGlen, a U.K.-based firm, offers intelligence analysts a graphical interface to the company’s mobile-phone location and call-record data-mining software. Want to determine a suspect’s “community of interest“? Easy. Want to learn if a single person is swapping SIM cards or throwing away phones (yet still hanging out in the same physical location)? No problem.
In a Web demo (PDF) (mirrored here) to potential customers back in May, ThorpeGlen’s vice president of global sales showed off the company’s tools by mining a dataset of a single week’s worth of call data from 50 million users in Indonesia, which it has crunched in order to try and discover small anti-social groups that only call each other.
They use high-tech data-mining algorithms to scan through the huge daily logs of every call made on the AT&T network; then they use sophisticated algorithms to analyze the connections between phone numbers: who is talking to whom? The paper literally uses the term “Guilt by Association” to describe what they’re looking for: what phone numbers are in contact with other numbers that are in contact with the bad guys?
When this research was done, back in the last century, the bad guys where people who wanted to rip off AT&T by making fraudulent credit-card calls. (Remember, back in the last century, intercontinental long-distance voice communication actually cost money!) But it’s easy to see how the FBI could use this to chase down anyone who talked to anyone who talked to a terrorist. Or even to a “terrorist.”
There’s other NSA news today: USA Today is reporting that the NSA is collecting a massive traffic-analysis database on Americans’ phone calls. This looks like yet another piece of Echelon technology turned against Americans.
The NSA’s domestic program, as described by sources, is far more expansive than what the White House has acknowledged. Last year, Bush said he had authorized the NSA to eavesdrop—without warrants—on international calls and international e-mails of people suspected of having links to terrorists when one party to the communication is in the USA. Warrants have also not been used in the NSA’s efforts to create a national call database.
The government is collecting “external” data on domestic phone calls but is not intercepting “internals,” a term for the actual content of the communication, according to a U.S. intelligence official familiar with the program. This kind of data collection from phone companies is not uncommon; it’s been done before, though never on this large a scale, the official said. The data are used for “social network analysis,” the official said, meaning to study how terrorist networks contact each other and how they are tied together.
Note that this database does not just contain phone calls that either originate or terminate outside the U.S. This database is mostly domestic calls: calls we all make everyday.
AT&T, Verizon, and BellSouth are all providing this information to the NSA. Only Quest has refused.
According to sources familiar with the events, Qwest’s CEO at the time, Joe Nacchio, was deeply troubled by the NSA’s assertion that Qwest didn’t need a court order—or approval under FISA—to proceed. Adding to the tension, Qwest was unclear about who, exactly, would have access to its customers’ information and how that information might be used.
Financial implications were also a concern, the sources said. Carriers that illegally divulge calling information can be subjected to heavy fines. The NSA was asking Qwest to turn over millions of records. The fines, in the aggregate, could have been substantial.
The NSA told Qwest that other government agencies, including the FBI, CIA and DEA, also might have access to the database, the sources said. As a matter of practice, the NSA regularly shares its information—known as “product” in intelligence circles—with other intelligence groups. Even so, Qwest’s lawyers were troubled by the expansiveness of the NSA request, the sources said.
The NSA, which needed Qwest’s participation to completely cover the country, pushed back hard.
Trying to put pressure on Qwest, NSA representatives pointedly told Qwest that it was the lone holdout among the big telecommunications companies. It also tried appealing to Qwest’s patriotic side: In one meeting, an NSA representative suggested that Qwest’s refusal to contribute to the database could compromise national security, one person recalled.
In addition, the agency suggested that Qwest’s foot-dragging might affect its ability to get future classified work with the government. Like other big telecommunications companies, Qwest already had classified contracts and hoped to get more.
Unable to get comfortable with what NSA was proposing, Qwest’s lawyers asked NSA to take its proposal to the FISA court. According to the sources, the agency refused.
We should also assume that the cellphone companies received the same pressure, and probably caved.
This is important to every American, not just those with something to hide. Matthew Yglesias explains why:
It’s important to link this up to the broader chain. One thing the Bush administration says it can do with this meta-data is to start tapping your calls and listening in, without getting a warrant from anyone. Having listened in on your calls, the administration asserts that if it doesn’t like what it hears, it has the authority to detain you indefinitely without trial or charges, torture you until you confess or implicate others, extradite you to a Third World country to be tortured, ship you to a secret prison facility in Eastern Europe, or all of the above. If, having kidnapped and tortured you, the administration determines you were innocent after all, you’ll be dumped without papers somewhere in Albania left to fend for yourself.
Judicial oversight is a security system, and unchecked military and police power is a security threat.
Sidebar photo of Bruce Schneier by Joe MacInnis.