Abstract
We present a novel attack on relayed instant messaging (IM) traffic that allows an attacker to infer who's talking to whom with high accuracy. This attack only requires collection of packet header traces between users and IM servers for a short time period, where each packet in the trace goes from a user to an IM server or vice-versa. The specific goal of the attack is to accurately identify a candidate set of top-k users with whom a given user possibly talked to, while using only the information available in packet header traces (packet payloads cannot be used because they are mostly encrypted). Towards this end, we propose a wavelet-based scheme, called COmmunication Link De-anonymization (COLD), and evaluate its effectiveness using a real-world Yahoo! Messenger data set. The results of our experiments show that COLD achieves a hit rate of more than 90% for a candidate set size of 10. For slightly larger candidate set size of 20, COLD achieves almost 100% hit rate. In contrast, a baseline method using time series correlation could only achieve less than 5% hit rate for similar candidate set sizes.
Original language | English |
---|---|
Title of host publication | 2013 21st IEEE International Conference on Network Protocols (ICNP) |
Publisher | IEEE |
Pages | 1-10 |
Number of pages | 10 |
ISBN (Print) | 978-1-4799-1270-4 |
DOIs | |
Publication status | Published - 10 Oct 2013 |
Event | 2013 21st IEEE International Conference on Network Protocols (ICNP) - Goettingen, Germany Duration: 7 Oct 2013 → 10 Oct 2013 |
Conference
Conference | 2013 21st IEEE International Conference on Network Protocols (ICNP) |
---|---|
Period | 7/10/13 → 10/10/13 |
Keywords
- Servers
- Correlation
- Relays
- Wavelet transforms
- Vectors
- Time series analysis
- IP networks