• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>International Journal of Information Security >Detection and analysis of eavesdropping in anonymous communication networks
【24h】

Detection and analysis of eavesdropping in anonymous communication networks

机译:匿名通信网络中的窃听检测与分析

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Anonymous communication networks, like Tor, partially protect the confidentiality of user traffic by encrypting all communications within the overlay network. However, when the relayed traffic reaches the boundaries of the network, toward its destination, the original user traffic is inevitably exposed to the final node on the path. As a result, users transmitting sensitive data, like authentication credentials, over such networks, risk having their data intercepted and exposed, unless end-to-end encryption is used. Eavesdropping can be performed by malicious or compromised relay nodes, as well as any rogue network entity on the path toward the actual destination. Furthermore, end-to-end encryption does not assure defense against man-in-the-middle attacks. In this work, we explore the use of decoys at multiple levels for the detection of traffic interception by malicious nodes of proxy-based anonymous communication systems. Our approach relies on the injection of traffic that exposes bait credentials for decoy services requiring user authentication, and URLs to seemingly sensitive decoy documents which, when opened, invoke scripts alerting about being accessed. Our aim was to entice prospective eavesdroppers to access our decoy servers and decoy documents, using the snooped credentials and URLs. We have deployed our prototype implementation in the Tor network using decoy IMAP, SMTP, and HTTP servers. During the course of over 30 months, our system has detected 18 cases of traffic eavesdropping that involved 14 different Tor exit nodes.
机译:像Tor这样的匿名通信网络,通过对覆盖网络中的所有通信进行加密,部分地保护了用户流量的机密性。但是,当中继的流量到达网络的边界时,朝着其目的地,原始用户流量不可避免地暴露给路径上的最终节点。结果,除非使用端到端加密,否则用户通过此类网络传输敏感数据(例如身份验证凭据)可能会导致其数据被拦截和暴露。可以由恶意或受感染的中继节点以及通往实际目的地的路径上的任何恶意网络实体执行窃听。此外,端到端加密不能确保防御中间人攻击。在这项工作中,我们探索了在多个级别使用诱饵来检测基于代理的匿名通信系统的恶意节点所拦截的流量。我们的方法依赖于流量的注入,该流量公开了诱饵凭据以提供需要用户身份验证的诱饵服务,以及URL指向看似敏感的诱饵文档,这些诱饵文档在打开时会调用提醒访问的脚本。我们的目标是使用监听到的凭据和URL诱使潜在的窃听者访问我们的诱饵服务器和诱饵文档。我们已经使用诱饵IMAP,SMTP和HTTP服务器在Tor网络中部署了原型实现。在30个月的过程中,我们的系统检测到18起涉及14个不同Tor出口节点的流量监听事件。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号