Shiping Chen

Tracking anonymous peer-to-peer VoIP calls on the internet

Peer-to-peer VoIP calls are becoming increasingly popular due to their advantages in cost and convenience. When these calls are encrypted from end to end and anonymized by low latency anonymizing network, they are considered by many people to be both secure and anonymous.In this paper, we present a watermark technique that could be used for effectively identifying and correlating encrypted, peer-to-peer VoIP calls even if they are anonymized by low latency anonymizing networks. This result is in contrast to many peoples perception. The key idea is to embed a unique watermark into the encrypted VoIP flow by slightly adjusting the timing of selected packets. Our analysis shows that it only takes several milliseconds time adjustment to make normal VoIP flows highly unique and the embedded watermark could be preserved across the low latency anonymizing network if appropriate redundancy is applied. Our analytical results are backed up by the real-time experiments performed on leading peer-to-peer VoIP client and on a commercially deployed anonymizing network. Our results demonstrate that (1) tracking anonymous peer-to-peer VoIP calls on the Internet is feasible and (2) low latency anonymizing networks are susceptible to timing attacks.

On the anonymity and traceability of peer-to-peer VoIP calls

Voice over Internet protocol is a technology that enables people to use the Internet, rather than the traditional public switched telephone network, as the transmission medium for voice communications. VoIP is becoming increasingly popular due to its significant advantages in cost and flexible features compared with the plain old telephone system. The proliferation of VoIP calls has significant implications on the security and privacy aspects of voice calls. For example, the use of VoIP has made it much easier to achieve confidentiality and anonymity in voice communications. On the other hand, VoIP has imposed significant new challenges in providing the same call-identifying and wiretapping capabilities as those that exist in traditional circuit-switched networks. In this article we examine the privacy and security aspects of peer-to-peer (P2P) VoIP calls and show how the use of VoIP has substantially shifted the previous balance between privacy and security that exists in traditional PSTN calls. In particular, we show that the use of strong encryption and available low-latency anonymizing network at the same time does not necessarily provide the level of anonymity to VoIP that people would intuitively expect

Incorporating dynamic constraints in the flexible authorization framework

Constraints are an integral part of access control policies. Depending upon their time of enforcement, they are categorized as static or dynamic; static constraints are enforced during the policy compilation time, and the dynamic constraints are enforced during run time. While there are several logic-based access control policy frameworks, they have a limited power in expressing and enforcing constraints (especially the dynamic constraints). We propose dynFAF, a constraint logic programming based approach for expressing and enforcing constraints. To make it more concrete, we present our approach as an extension to the flexible authorization framework (FAF) of Jajodia et al. [17]. We show that dynFAF satisfies standard safety and liveliness properties of a safety conscious software system.

FlexFlow: A Flexible Flow Control Policy Specification Framework

We propose FlexFlow, a logic based flexible flow control framework to specify data-flow, work-flow and transaction systems policies that go beyond point-to-point flows. Both permissions and prohibitions are specifiable in FlexFlow and meta-policies such as permissions take precedence themselves can be specified over the meta-policy neutral policy specification environment of FlexFlow. We show the expressibility of FlexFlow by expressing three existing flow control models which were proposed for different applications and used different mechanisms.

An Application-Level Data Transparent Authentication Scheme without Communication Overhead

With abundant aggregate network bandwidth, continuous data streams are commonly used in scientific and commercial applications. Correspondingly, there is an increasing demand of authenticating these data streams. Existing strategies explore data stream authentication by using message authentication codes (MACs) on a certain number of data packets (a data block) to generate a message digest, then either embedding the digest into the original data, or sending the digest out-of-band to the receiver. Embedding approaches inevitably change the original data, which is not acceptable under some circumstances (e.g., when sensitive information is included in the data). Sending the digest out-of-band incurs additional communication overhead, which consumes more critical resources (e.g., power in wireless devices for receiving information) besides network bandwidth. In this paper, we propose a novel strategy, DaTA, which effectively authenticates data streams by selectively adjusting some interpacket delay. This authentication scheme requires no change to the original data and no additional communication overhead. Modeling-based analysis and experiments conducted on an implemented prototype system in an LAN and over the Internet show that our proposed scheme is efficient and practical.

Efficient Proxy-Based Internet Media Distribution Control and Privacy Protection Infrastructure

Massive Internet media distribution demands pro longed continuous consumption of networking and disk band widths in large capacity. Many proxy-based Internet media distribution algorithms and systems have been proposed, implemented, and evaluated to address the scalability issue. However, few of them have been used in practice, since two important issues are not satisfactorily addressed. First, existing proxy-based media distribution architectures lack an efficient media distribution control mechanism. Without protection on the Internet, content providers are hesitant to use existing fast distribution techniques. Second, little has been done to protect client privacy during client accesses. Straightforward solutions to address these two issues independently lead to conflicts. For example, to enforce distribution control, only legitimate users should be granted access rights. However, this normally discloses more information (such as which object the client is accessing) other than the client identity, which conflicts with the clients desire for privacy protection. In this paper, we propose a unified proxy-based media distribution protocol to effectively address these two problems simultaneously. We further design a set of new algorithms for cooperative proxies where our proposed scheme works practically. Simulation results show that our proposed strategy is efficient

Achieving simultaneous distribution control and privacy protection for Internet media delivery

Massive Internet media distribution demands prolonged continuous consumption of networking and disk bandwidths in large capacity. Many proxy-based Internet media distribution algorithms and systems have been proposed, implemented, and evaluated to address the scalability and performance issue. However, few of them have been used in practice, since two important issues are not satisfactorily addressed. First, existing proxy-based media distribution architectures lack an efficient media distribution control mechanism. Without copyright protection, content providers are hesitant to use proxy-based fast distribution techniques. Second, little has been done to protect client privacy during content accesses on the Internet. Straightforward solutions to address these two issues independently lead to conflicts. For example, to enforce distribution control, only legitimate users should be granted access rights. However, this normally discloses more information (such as which object the client is accessing) other than the client identity, which conflicts with the clients desire for privacy protection. In this article, we propose a unified proxy-based media distribution protocol to effectively address these two problems simultaneously. We further design a set of new algorithms in a cooperative proxy environment where our proposed scheme works efficiently and practically. Simulation-based experiments are conducted to extensively evaluate the proposed system. Preliminary results demonstrate the effectiveness of our proposed strategy.

DaTA -- Data-Transparent Authentication Without Communication Overhead

With the development of Internet computing techniques, continuous data streams from remote sites are commonly used in scientific and commercial applications. Correspondingly, there is increasing demand of assuring the integrity and authenticity of received data streams. Existing strategies of assuring data integrity and authenticity mainly use message authentication codes (MAC) generated on data blocks and transfer the MAC to the receiver for authentication through either out of band communication or in band communication. Transferring the MAC via out of band communication inevitably introduces communication overhead and additional complexity to synchronize the out of band communication with the data communication. Transferring the MAC via in band channel can be achieved by either appending the MAC to the original data or embedding the MAC into the original data, which would either incur communication overhead or change the original data. It would be desirable to be able to authenticate the stream data without any communication overhead and changing the original data at the same time. To deal with data packet or block loss, many of existing stream data authentication schemes rely on hash chaining, the current usage of which results in uncertainty in authenticating the subsequent data blocks once the first data packet or block loss is detected. In this paper, we propose a novel application layer authentication strategy called DaTA. This authentication scheme requires no change to the original data and causes no additional communication overhead. In addition, it can continue authenticating the rest of data stream even if some data loss has been detected. Our analysis shows that our authentication scheme is robust against packet loss and network jitter. We have implemented a prototype system to evaluate its performance. Our empirical results show that our proposed scheme is efficient and practical under various network conditions

V-COPS: A Vulnerability-Based Cooperative Alert Distribution System

The efficiency of promptly releasing security alerts of established analysis centers has been greatly challenged by the continuous emergence of various large scale network attacks, such as worms. With a limited number of sensors deployed over the Internet and a long attack verification period, when the alert is released by analysis centers, the best time to stop the attack may have passed. On the other hand, (1) most of the past large scale attacks targeted known vulnerabilities, and (2) today numerous Internet systems have integrated detection tools, such as virus detection software and intrusion detection systems (IDS), the power of which could be harnessed to defend against large scale attacks. In this paper, we propose V-COPS - a vulnerability-based cooperative alert distribution system, by leveraging existing independent local attack detection systems. V-COPS is capable of promptly propagating genuine alerts with critical vulnerability information, based on which relevant stakeholders can take preventive actions in time. Extensive analysis and experiments have been performed to study the performance of V-COPS. The preliminary results show V-COPS is effective