#### DMCA

## Fingerprinting Tor’s Hidden Service Log Files Using a Timing Channel

Venue: | In WIFS 2011 – 3rd IEEE International Workshop on Information Forensics and Security (2011), IEEE |

Citations: | 2 - 1 self |

### Citations

1228 | Tor: The secondgeneration onion router
- Dingledine, Mathewson, et al.
- 2004
(Show Context)
Citation Context ...man rights activists, journalists, military, dissidents, bloggers, citizens in censored countries, etc. This need fostered the development of anonymous communication systems, such as Freenet [1], Tor =-=[2]-=-, or JAP [3]. Among these, the most popular is Tor which, for instance, has had an important role in Iran and Egypt’s dissident movements [4]. Anonymity is not only an issue for users, but it is also ... |

1062 | Freenet: A distributed anonymous information storage and retrieval system
- Clarke, Sandberg, et al.
- 2001
(Show Context)
Citation Context ...users: human rights activists, journalists, military, dissidents, bloggers, citizens in censored countries, etc. This need fostered the development of anonymous communication systems, such as Freenet =-=[1]-=-, Tor [2], or JAP [3]. Among these, the most popular is Tor which, for instance, has had an important role in Iran and Egypt’s dissident movements [4]. Anonymity is not only an issue for users, but it... |

470 | Web Server Workload Characterization: The Search for Invariants
- Arlitt, Williamson
- 1996
(Show Context)
Citation Context ...’ logs. We see that the number of requests per day varies by several orders of magnitude, as we see in Section VII this has a great impact on the probability of false positive. B. Results Acording to =-=[9]-=-, the inter-time between requests follows an exponential distribution. This implies that the requests follow a Poisson distribution with parameter λ that can be estimated using the Maximum Likelihood ... |

70 | M.: Project “anonymity and unobservability in the internet
- Berthold, Federrath, et al.
- 2000
(Show Context)
Citation Context ...ctivists, journalists, military, dissidents, bloggers, citizens in censored countries, etc. This need fostered the development of anonymous communication systems, such as Freenet [1], Tor [2], or JAP =-=[3]-=-. Among these, the most popular is Tor which, for instance, has had an important role in Iran and Egypt’s dissident movements [4]. Anonymity is not only an issue for users, but it is also important fo... |

11 | Strengthening forensic investigations of child pornography on p2p networks
- Liberatore, Levine, et al.
- 2010
(Show Context)
Citation Context ...at the server being fingerprinted. In contrast, our solution uses the HTTP response date field, which allows us to obtain more reliable results, and with a much lower detectability. Liberatore et al. =-=[6]-=- also tackled the problem of tagging (fingerprinting) P2P clients’ logs. They put their tag in the information that is stored, a CIDR block or a peerID. However, their algorithm cannot be used to fing... |

11 | Binomial approximation for dependent indicators,”
- Soon
- 1996
(Show Context)
Citation Context ...pear inside Wi. We know that the jth request has a probability of PZ(Zj ,Wi) of appearing inside Wi. Since KW is the sum of Bernoulli random variables we can approximate it by a binomial distribution =-=[12]-=- with parameters: nk = (∑ Ẑj∈Wi PZ(Zj ,Wi) )2 ∑ Ẑj∈Wi PZ(Zj ,Wi) 2 + 0.5 and pk = ∑ Ẑj∈Wi PZ(Zj ,Wi) nk . 1) General Case: here we study the probability of detection without making any ... |

10 | Performance measurements and statistics of tor hidden services
- Loesing, Sandmann, et al.
- 2008
(Show Context)
Citation Context ...ars on the HS’s log at time Zi = Xi + Ni, i = 1, ..., L, where Xi the moment when it was sent and Ni is random delay introduced by the Tor network Loesing et al. modeled Ni as a Fréchet distribution =-=[7]-=-, but we choose not to use this approximation since an estimator Ẑi of the log time is available in the HTTP response, as we discuss later. When it comes to deciding whether the ith request appears i... |

8 |
Leaving timing-channel fingerprints in hidden service log files
- Shebaro, Perez-Gonzalez, et al.
- 2010
(Show Context)
Citation Context ... and the false positive rate, and empirically validate our theoretical results. Section 8 summarizes our contribution and provides future directions for our research. II. PREVIOUS WORK Shebaro et al. =-=[5]-=- already studied the log fingerprinting problem. Their solution is based on sending ki requests per RV RV TOR HS ENTRY T LOG Z11 2 Z2 3 Z3 4 Z4 5 Z5 6 Z6 ... ... Rw Kw ZNN W Sw= +Other Users Law Enfor... |

6 |
Fitting negative binomial distribution by the method of maximum likelihood,
- Simon
- 1961
(Show Context)
Citation Context ...r, p1−p ). f(k) = ∫ ∞ 0 fPoisson(λ)(k) · fΓ(r, p1−p )(λ) dλ = ∫ ∞ 0 λke−λ k! λr−1 e−λ(1−p)/p ( p1−p ) rΓ(r) dλ = Γ(k + r) k!Γ(r) · (1− p)rpk. To calculate the parameters we can use the MLE as follows =-=[11]-=-: r̂MLE = ⌊ ( ∑N i=1 ki) 2 N ∑N i=1 k 2 i − ( ∑N i=1 ki) 2 −N∑Ni=1 ki + 0.5 ⌋ p̂MLE = ∑N i=1 ki r ·N +∑Ni=1 ki , where N is the number of considered samples. TABLE III MLE PARAMETERS AND GOODNESS OF F... |

4 |
updated by RFCs 2817, 5785. [Online]. Available: http://www.ietf.org/rfc/rfc2616.txt
- Fielding, Gettys, et al.
- 1999
(Show Context)
Citation Context ...SE DATE INFORMATION In this section we characterize the estimator of the log time, Ẑi. On the header of the HTTP response, there is the “date field”, which we use as an estimator of Zi. According to =-=[8]-=-, in theory, this field represents the moment just before the HTTP response is generated. We define the estimation error as εi . = Zi − Ẑi. In order to characterize ε, we performed some experiments o... |

1 |
2010 free software awards announced
- Sullivan
- 2011
(Show Context)
Citation Context ... anonymous communication systems, such as Freenet [1], Tor [2], or JAP [3]. Among these, the most popular is Tor which, for instance, has had an important role in Iran and Egypt’s dissident movements =-=[4]-=-. Anonymity is not only an issue for users, but it is also important for servers. The Electronic Frontier Foundation and Reporters Without Borders advise the use of hidden (anonymous) services to prot... |

1 |
Univariate discrete distributions, ser. Wiley series in probability and mathematical statistics. Applied probability and statistics
- Johnson, Kemp, et al.
- 2005
(Show Context)
Citation Context ... between requests follows an exponential distribution. This implies that the requests follow a Poisson distribution with parameter λ that can be estimated using the Maximum Likelihood Estimator (MLE) =-=[10]-=-: fPoisson(λ)(k) = λke−λ k! and λ̂MLE = 1 N N∑ i=1 ki, where N is the number of considered samples. Another distribution commonly used to model counting processes is the negative binomial (NB) distrib... |