Browsing by Subject "computer security"

Now showing 1 - 2 of 2
  • Thumbnail Image
    Item
    Lorrie Faith Cranor Oral History
    (Charles Babbage Institute, 2023-09) Charles Babbage Institute, Univ. of Minnesota
    This oral history interview is sponsored by and a part of NSF 2202484 “Mining a Useable Past: Perspectives, Paradoxes, and Possibilities with Security and Privacy,” at the Charles Babbage Institute, University of Minnesota. At the start of the interview, Professor Lorrie Faith Cranor discusses early interests and studies in computer science and engineering & public policy at Washington University in St. Louis. This includes her dissertation, a pioneering work on computer voting systems. She then relates her work on privacy, security, and policy at AT&T laboratories following her D.Sc. for about a half dozen years and then transitioning to leave the lab to become a professor of Computer Science and of Engineering & Public Policy at Carnegie Mellon University. Cranor talks about launching an event and co-editing an influential edited volume, that led to her founding and early General Chair leadership of Symposium on User Privacy and Security (SOUPS). With a focus on this area, she also launched a research lab, the CyLab Usable Privacy and Security (CUPS) Laboratory and educational program with NSF support. This unique focus is not matched anywhere globally and Cranor and her team’s work have been central to bringing together researchers and understanding at the intersection of human-computer interaction (HCI) and computer security and privacy. She also discusses her evolving research in many areas including but not limited to phishing, cyber trust indicators, passwords, etc., as well as her year as Chief Technologist at the US Federal Trade Commission. Cranor, a master quilter, also relates how engineering quilts involve overlapping engineering principles with her design work in computer science.
  • Thumbnail Image
    Item
    Tor Traffic Analysis: Data-driven Attacks and Defenses
    (2024-07) Holland, James
    Anonymity networks such as Tor aim to protect the confidentiality of both the data and metadata — who communicates with whom — of their users. However, traffic analysis techniques can exploit the frequency and timing of network traffic to expose the metadata of these communications. These techniques include website fingerprinting and end-to-end flow correlation, both thoroughly discussed in previous literature. In a website fingerprinting (WF) attack, an adversary between the user and the first Tor relay records the timing and volume of Tor traffic to determine which website the user is visiting. In a flow correlation (FC) attack, the adversary records traffic metadata at both the entry and exit points of the Tor network and then attempts to correlate these flows, thus breaking Tor's anonymity. Our first objective is to demonstrate that, despite challenges such as variable network conditions, the large sets of webpages associated with many websites, and potential "padding'' to prevent traffic analysis, these attacks can be executed effectively. For instance, our Convolutional vision Transformer (CvT) approach, which merges the relative strengths of convolutional neural networks and transformers, can be used with multi-channel feature representations to significantly enhance attack accuracy against defended traffic. This demonstrates that website fingerprinting attacks can be successful even when traffic is obfuscated. Another potential barrier for traffic analysis attacks against Tor is the arbitrarily large amount of non-targeted traffic that an attacker must differentiate from monitored web pages. In particular, an attacker interested in a small subset of traffic may find that the number of false positives begins to surpass the limited number of true positives. Accordingly, in the website fingerprinting setting, we present 'precision optimization' techniques to ensure that an attacker can identify a substantial subset of web pages with high precision. Next, we present a series of performance improvements to current state-of-the-art flow correlation techniques, demonstrating that the improved techniques can operate with even higher accuracy and reliability. Furthermore, we apply these techniques to the problem of stepping-stone identification, showing that our approach can be adapted to correlate flow pairs that have been sent through multiple intermediate hosts. Given the success of these traffic analysis techniques, we then develop defenses to minimize the likelihood of successful website fingerprinting or flow correlation attacks. Although various defenses exist, most are either ineffective, introduce high latency and bandwidth overhead, or require additional infrastructure. Therefore, we aim to design defenses that are both effective and efficient. The first defense, RegulaTor, leverages common patterns in web browsing traffic to regularize traffic, significantly reducing the performance of website fingerprinting attacks while incurring moderate bandwidth and low latency overhead. For latency-sensitive users, we propose DeTorrent, which uses competing neural networks to create and evaluate traffic analysis defenses that insert fake traffic into real traffic flows. DeTorrent operates with moderate overhead and defends against both website fingerprinting and flow correlation attacks more effectively than comparable padding-only defenses. We also demonstrate DeTorrent's practicality by deploying it alongside the Tor network, ensuring it maintains performance when applied to live traffic.