Nicholas Hopper

Nate Mathews, Nicholas Hopper, Matthew Wright

Stepping-stone intrusions (SSIs) are a prevalent network evasion technique in which attackers route sessions through chains of compromised intermediate hosts to obscure their origin. Effective SSI detection requires correlating the incoming and outgoing flows at each relay host at extremely low false positive rates -- a stringent requirement that renders classical statistical methods inadequate in operational settings. We apply ESPRESSO, a deep learning flow correlation model combining a transformer-based feature extraction network, time-aligned multi-channel interval features, and online triplet metric learning, to the problem of stepping-stone intrusion detection. To support training and evaluation, we develop a synthetic data collection tool that generates realistic stepping-stone traffic across five tunneling protocols: SSH, SOCAT, ICMP, DNS, and mixed multi-protocol chains. Across all five protocols and in both host-mode and network-mode detection scenarios, ESPRESSO substantially outperforms the state-of-the-art DeepCoFFEA baseline, achieving a true positive rate exceeding 0.99 at a false positive rate of $10^{-3}$ for standard bursty protocols in network-mode. We further demonstrate chain length prediction as a tool for distinguishing malicious from benign pivoting, and conduct a systematic robustness analysis revealing that timing-based perturbations are the primary vulnerability of correlation-based stepping-stone detectors.

James K Holland, Nicholas Hopper

Website Fingerprinting (WF) attacks are used by local passive attackers to determine the destination of encrypted internet traffic by comparing the sequences of packets sent to and received by the user to a previously recorded data set. As a result, WF attacks are of particular concern to privacy-enhancing technologies such as Tor. In response, a variety of WF defenses have been developed, though they tend to incur high bandwidth and latency overhead or require additional infrastructure, thus making them difficult to implement in practice. Some lighter-weight defenses have been presented as well; still, they attain only moderate effectiveness against recently published WF attacks. In this paper, we aim to present a realistic and novel defense, RegulaTor, which takes advantage of common patterns in web browsing traffic to reduce both defense overhead and the accuracy of current WF attacks. In the closed-world setting, RegulaTor reduces the accuracy of the state-of-the-art attack, Tik-Tok, against comparable defenses from 66% to 25.4%. To achieve this performance, it requires limited added latency and a bandwidth overhead 39.3% less than the leading moderate-overhead defense. In the open-world setting, RegulaTor limits a precision-tuned Tik-Tok attack to an F-score of .135, compared to .625 for the best comparable defense.

Se Eun Oh, Saikrishna Sunkam, Nicholas Hopper

Recent advances in learning Deep Neural Network (DNN) architectures have received a great deal of attention due to their ability to outperform state-of-the-art classifiers across a wide range of applications, with little or no feature engineering. In this paper, we broadly study the applicability of deep learning to website fingerprinting. We show that unsupervised DNNs can be used to extract low-dimensional feature vectors that improve the performance of state-of-the-art website fingerprinting attacks. When used as classifiers, we show that they can match or exceed performance of existing attacks across a range of application scenarios, including fingerprinting Tor website traces, fingerprinting search engine queries over Tor, defeating fingerprinting defenses, and fingerprinting TLS-encrypted websites. Finally, we show that DNNs can be used to predict the fingerprintability of a website based on its contents, achieving 99% accuracy on a data set of 4500 website downloads.

Shuai Li, Huajun Guo, Nicholas Hopper

Tor provides low-latency anonymous and uncensored network access against a local or network adversary. Due to the design choice to minimize traffic overhead (and increase the pool of potential users) Tor allows some information about the client's connections to leak. Attacks using (features extracted from) this information to infer the website a user visits are called Website Fingerprinting (WF) attacks. We develop a methodology and tools to measure the amount of leaked information about a website. We apply this tool to a comprehensive set of features extracted from a large set of websites and WF defense mechanisms, allowing us to make more fine-grained observations about WF attacks and defenses.

Rahul Parhi, Michael Schliep, Nicholas Hopper

This paper proposes MP3, the second privacy-preserving presence protocol that leaks no information about the graph structure of the social network. Several cryptographic techniques are applied to improve the existing DP5 protocol---the first privacy-preserving presence protocol---while maintaining the same level of privacy. The key contribution of this paper is the use of a dynamic broadcast encryption scheme to reduce the size of the presence database. This enables cheaper registration and lookup required for the protocol. As compared to DP5, MP3 requires on the order of ten times less bandwidth of the servers during registration, and requires on the order of two times less bandwidth for lookup, for a small number of users ($N=10000$). Furthermore, these savings asymptotically increase with the number of users. The client-side latency is also improved significantly in MP3, as compared with DP5. We provide an evaluation of the performance and scalability of both protocols.

Max Schuchard, Nicholas Hopper

An increasing number of systems have been proposed or deployed to the transit core of the Internet with the goal of observing and manipulating traffic in flight, systems we term Traffic Manipulating Boxes. Examples of these include: decoy routing systems, surveillance infrastructure like the NSA's alleged QUANTUM project, and traffic shaping middleboxes. In this work, we examine a new approach that a routing capable adversary might take to resisting these systems: the use of economic pressure to incentivize ISPs to remove them. Rather than directly attacking the availability of these systems, our attack inflicts economic losses, in the form of reduced transit revenue, on ISPs that deploy them, while at the same time incentivizing ISPs that do not. We alter and expand upon previous routing around decoys attack of Schuchard et al., by adjusting the priority given to avoiding TMBs. This reduces or eliminates the key costs faced by routing capable adversary while maintaining the effectiveness of the attack. Additionally, we show that since the flow of traffic on the Internet is directly related to the flow of cash between ISPs, a routing capable adversary is actually a powerful economic adversary. Our findings show that by preferentially using routes which are free of TMBs, some routing capable adversaries can inflict in excess of a billion dollars in annual revenue losses.

John Geddes, Mike Schliep, Nicholas Hopper

Like many routing protocols, the Tor anonymity network has decentralized path selection, in clients locally and independently choose paths. As a result, network resources may be left idle, leaving the system in a suboptimal state. This is referred to as the price of anarchy, where agents acting in their own self interest can make poor decisions when viewed in a global context. In this paper we explore the cost of anarchy in Tor by examining the potential performance increases that can be gained by centrally optimizing circuit and relay selection using global knowledge. In experiments with both offline and online algorithms, we show that centrally coordinated clients can achieve up to 75% higher bandwidth compared to traditional Tor. Drawing on these findings, we design and evaluate a decentralized version of our online algorithm, in which relays locally distribute information enabling clients to make smarter decisions locally and perform downloads 10-60% faster. Finally, we perform a privacy analysis of the decentralized algorithm against a passive and active adversary trying to reduce anonymity of clients and increase their view of the Tor network. We conclude that this decentralized algorithm does not enable new attacks, while providing significantly higher performance.