The Key to Deobfuscation is Pattern of Life, not Overcoming Encryption

• URL: http://arxiv.org/abs/2310.02536v1
• Date: Wed, 4 Oct 2023 02:34:29 GMT
• Title: The Key to Deobfuscation is Pattern of Life, not Overcoming Encryption
• Authors: Taylor Henderson, Eric Osterweil, Pavan Kumar Dinesh, Robert Simon,
• Abstract summary: We present a novel methodology that is effective at deobfuscating sources by synthesizing measurements from key locations along protocol transaction paths. Our approach links online personas with their origin IP addresses based on a Pattern of Life (PoL) analysis. We show that, when monitoring in the correct places on the Internet, DNS over HTTPS (DoH) and DNS over TLS (DoT) can be deobfuscated with up to 100% accuracy.
• Score: 0.7124736158080939
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Preserving privacy is an undeniable benefit to users online. However, this benefit (unfortunately) also extends to those who conduct cyber attacks and other types of malfeasance. In this work, we consider the scenario in which Privacy Preserving Technologies (PPTs) have been used to obfuscate users who are communicating online with ill intentions. We present a novel methodology that is effective at deobfuscating such sources by synthesizing measurements from key locations along protocol transaction paths. Our approach links online personas with their origin IP addresses based on a Pattern of Life (PoL) analysis, and is successful even when different PPTs are used. We show that, when monitoring in the correct places on the Internet, DNS over HTTPS (DoH) and DNS over TLS (DoT) can be deobfuscated with up to 100% accuracy, when they are the only privacy-preserving technologies used. Our evaluation used multiple simulated monitoring points and communications are sampled from an actual multiyear-long social network message board to replay actual user behavior. Our evaluation compared plain old DNS, DoH, DoT, and VPN in order to quantify their relative privacy-preserving abilities and provide recommendations for where ideal monitoring vantage points would be in the Internet to achieve the best performance. To illustrate the utility of our methodology, we created a proof-of-concept cybersecurity analyst dashboard (with backend processing infrastructure) that uses a search engine interface to allow analysts to deobfuscate sources based on observed screen names and by providing packet captures from subsets of vantage points.

Related papers

• Unveiling the Digital Fingerprints: Analysis of Internet attacks based on website fingerprints [0.0]
  We show that using the newest machine learning algorithms an attacker can deanonymize Tor traffic by applying such techniques. We capture network packets across 11 days, while users navigate specific web pages, recording data in.pcapng format through the Wireshark network capture tool.
  arXiv  Detail & Related papers  (2024-09-01T18:44:40Z)
• Federated Face Forgery Detection Learning with Personalized Representation [63.90408023506508]
  Deep generator technology can produce high-quality fake videos that are indistinguishable, posing a serious social threat. Traditional forgery detection methods directly centralized training on data. The paper proposes a novel federated face forgery detection learning with personalized representation.
  arXiv  Detail & Related papers  (2024-06-17T02:20:30Z)
• Privacy-Preserving Intrusion Detection in Software-defined VANET using Federated Learning with BERT [0.0]
  The present study introduces a novel approach for intrusion detection using Federated Learning (FL) capabilities. FL-BERT has yielded promising results, opening avenues for further investigation in this particular area of research. Our results suggest that FL-BERT is a promising technique for enhancing attack detection.
  arXiv  Detail & Related papers  (2024-01-14T18:32:25Z)
• Pudding: Private User Discovery in Anonymity Networks [9.474649136535705]
  Pudding is a novel private user discovery protocol. It hides contact relationships between users, prevents impersonation, and conceals which usernames are registered on the network. Pudding can be deployed on Loopix and Nym without changes to the underlying anonymity network protocol.
  arXiv  Detail & Related papers  (2023-11-17T19:06:08Z)
• FheFL: Fully Homomorphic Encryption Friendly Privacy-Preserving Federated Learning with Byzantine Users [19.209830150036254]
  federated learning (FL) technique was developed to mitigate data privacy issues in the traditional machine learning paradigm. Next-generation FL architectures proposed encryption and anonymization techniques to protect the model updates from the server. This paper proposes a novel FL algorithm based on a fully homomorphic encryption (FHE) scheme.
  arXiv  Detail & Related papers  (2023-06-08T11:20:00Z)
• Privacy-Preserved Neural Graph Similarity Learning [99.78599103903777]
  We propose a novel Privacy-Preserving neural Graph Matching network model, named PPGM, for graph similarity learning. To prevent reconstruction attacks, the proposed model does not communicate node-level representations between devices. To alleviate the attacks to graph properties, the obfuscated features that contain information from both vectors are communicated.
  arXiv  Detail & Related papers  (2022-10-21T04:38:25Z)
• Cross-Network Social User Embedding with Hybrid Differential Privacy Guarantees [81.6471440778355]
  We propose a Cross-network Social User Embedding framework, namely DP-CroSUE, to learn the comprehensive representations of users in a privacy-preserving way. In particular, for each heterogeneous social network, we first introduce a hybrid differential privacy notion to capture the variation of privacy expectations for heterogeneous data types. To further enhance user embeddings, a novel cross-network GCN embedding model is designed to transfer knowledge across networks through those aligned users.
  arXiv  Detail & Related papers  (2022-09-04T06:22:37Z)
• Locally Authenticated Privacy-preserving Voice Input [10.82818142802482]
  Service providers must authenticate their users, although individuals may wish to maintain privacy. Preserving privacy while performing authentication is challenging, particularly where adversaries can use biometric data to train transformation tools. We introduce a secure, flexible privacy-preserving system to capture and store an on-device fingerprint of the users' raw signals.
  arXiv  Detail & Related papers  (2022-05-27T14:56:01Z)
• OPOM: Customized Invisible Cloak towards Face Privacy Protection [58.07786010689529]
  We investigate the face privacy protection from a technology standpoint based on a new type of customized cloak. We propose a new method, named one person one mask (OPOM), to generate person-specific (class-wise) universal masks. The effectiveness of the proposed method is evaluated on both common and celebrity datasets.
  arXiv  Detail & Related papers  (2022-05-24T11:29:37Z)
• Mind the GAP: Security & Privacy Risks of Contact Tracing Apps [75.7995398006171]
  Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy. We demonstrate that in real-world scenarios the GAP design is vulnerable to (i) profiling and possibly de-anonymizing persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts.
  arXiv  Detail & Related papers  (2020-06-10T16:05:05Z)
• CryptoSPN: Privacy-preserving Sum-Product Network Inference [84.88362774693914]
  We present a framework for privacy-preserving inference of sum-product networks (SPNs) CryptoSPN achieves highly efficient and accurate inference in the order of seconds for medium-sized SPNs.
  arXiv  Detail & Related papers  (2020-02-03T14:49:18Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.