New Covert Channels in HTTP: Adding Unwitting Web Browsers to Anonymity Sets

Proceedings of the ACM Workshop on Privacy in the Electronic Society

Volumn , Issue , 2003, Pages 72-78

  Bauer, Matthias ^a  

^a UNIVERSITY OF ERLANGEN NUREMBERG   (Germany)

Author keywords

Anonymity; Covert channel; HTTP; Mix network

Indexed keywords

COMMUNICATION; CRYPTOGRAPHY; DATA TRANSFER; HTTP; MATHEMATICAL MODELS; PROBLEM SOLVING; SECURITY OF DATA; WEB BROWSERS;

ANONYMITY; COVERT CHANNELS; MIX NETWORKS;

INTERNET;

EID: 1642343952     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (42)

1. Agency, V. M. D. SWF format specification. http://www.openswf.org/spec.html.
2. http://www.anonymizer.com/.
3. Back, A., Möller, U., and Stiglic, A. Traffic analysis attacks and trade-offs in anonymity providing systems. In Information Hiding (IH 2001) (2001), I. S. Moskowitz, Ed., Springer-Verlag, LNCS 2137, pp. 245-257. http://www.cypherspace.org/adam/pubs/traffic.pdf.
4. Bennett, K., and Grothoff, C. GAP - practical anonymous networking. In Proceedings of Privacy Enhancing Technologies workshop (PET 2003) (March 2003), R. Dingledine, Ed., Springer-Verlag, LNCS 2760.
5. Berners-Lee, T., Masinter, L., and MCCahill, M. Uniform resource locators (URL). RFC, Internet Engineering Task Force, December 1994. RFC 1738.
6. Berthold, O., Federrath, H., and Köpsell, S. Web MIXes: A system for anonymous and unobservable internet access. In Designing Privacy Enhancing Technologies. Proc. Workshop on Design Issues in Anonymity and Unobservability (2001), H. F. (Ed.), Ed., Springer, pp. 115-129. LNCS 2009.
7. Berthold, O., and Langos, H. Dummy traffic against long term intersection attacks. In Privacy Enhancing Technologies (PET 2002) (2002), R. Dingledine and P. Syverson, Eds., Springer-Verlag, LNCS 2482.
8. Brinkhoff, L. GNU httptunnel. http://www.nocrew.org/software/httptunnel.html.
9. Coar, K. A. L., and Robinson, D. The WWW Common Gateway Interface, version 1.1. http://cgi-spec.golux.com/draft-coar-cgi-v11-03.txt, June 1999.
10. Corp., N. C. Core JavaScript Guide 1.5. http://developer.netscape.com/docs/manuals/js/core/jsguide15/contents.html, 2000.
11. Cottrell, L. Mixmaster and remailer attacks, http://www.obscura.com/~loki/remailer/remailer-essay.html, 1994.
12. Council of Europe. Convention on cybercrime. Tech. rep., European Union, 2001. available from http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm.
13. Danezis, G., Dingledine, R., and Mathewson, N. Mixminion: Design of a Type III Anonymous Remailer Protocol. In Proceedings of the 2003 IEEE Symposium on Security and Privacy (May 2003).
14. Doubleclick, I. DART. http://www.doubleclick.com/us/corporate/privacy/privacy/internet-ads/dart.asp, 2003.
15. KaZaA BV. http://www.fasttrack.nu/.
16. Feamster, N., Balazinska, M., Harfst, G., Balakrishnan, H., and Karger, D. Infranet: Circumventing Censorship and Surveillance. In Proceedings of the 11th USENIX Security Symposium (San Francisco, CA, August 2002).
17. Fisk, G., Fisk, M., Papadopoulos, C., and Neil, J. Eliminating Steganography in Internet Traffic with Active Wardens. In Information Hiding 2002 (2002), Springer, pp. 18-35.
18. Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., Leach, P., Luotonen, A., and Stewart, L. HTTP Authentication: Basic and Digest Access Authentication. RFC, Internet Engeneering Task Force, June 1999. RFC 2617.
19. Freedman, M. J., and Morris, R. Tarzan: A peer-to-peer anonymizing network layer. In Proc. of the ACM Conference on Computer and Communications Security (CCS2002) (November 2002).
20. Gabber, E., Gibbons, P., Matias, Y., , and Mayer, A. How to make personalized web browsing simple, secure, and anonymous. In Proceedings of Financial Cryptography 97 (February 1997), Springer. LNCS 1318.
21. Goldberg, I., and Wagner, D. TAZ servers and the rewebber network: Enabling anonymous publishing on the world wide web. First Monday 3, 4 (August 1998).
22. Goldschlag, D. M., Reed, M. G., and Syverson, P. F. Onion routing for anonymous and private internet connections. Communications of the ACM 42, 2 (February 1999).
23. Golle, P., Jakobsson, M., Juels, A., and Syverson, P. Universal re-encryption for mixnets. preprint at https://www.rsasecurity.com/rsalabs/staff/bios/mjakobsson/univrenc/univrenc.ps, 2003.
24. Gosling, J., Joy, B., Steele, G., and Bracha, G. The Java Language Specification. java.sun.com/docs/books/jls/.
25. Irvine, U., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and Berners-Lee, T. Hypertext transfer protocol - HTTP/1.1. http://www.ietf.org/rfc/rfc2616.txt, June 1999. RFC 2616.
26. Kesdogan, D., Egner, M., and Büschkes, T. Stop-and-go MIXes providing probabilistic anonymity in an open system. In Information Hiding (IH 1998) (1998), Springer-Verlag, LNCS 1525. http://www.cl.cam.ac.uk/~fapp2/ihw98/ihw98-sgmix.pdf.
27. Köhntopp, M., and Pfitzmann, A. Anonymity, unobservability, and pseudonymity - a proposal for terminology. In Designing Privacy Enhancing Technologies (July 2000), Springer.
28. Kristol, D., and Montulli, L. HTTP state management mechanism. http://www.ietf.org/rfc/rfc2109.txt, February 1997. RFC 2109.
29. Lampson, B. W. A note on the confinement problem. Communications of the ACM 16, 10 (October 1973), 613-615.
30. Microsoft ActiveX (TM) development kit. http://activex.adsp.or.jp/english/specs/overview.htm.
31. Modeling, N., and Project, S. Distributions of traffic stratified by application. Tech. rep., Cooperative Association for Internet Data Analysis (CAIDA), September 2002.
32. Möller, U., and Cottrell, L. Mixmaster Protocol - Version 2. Unfinished draft, January 2000., 2000. http://www.eskimo.com/~rowdenw/crypt/Mix/draft-moeller-mixmaster2-protocol-00. txt.
33. Moore, K. On the use of HTTP as a substrate. Tech. rep., Internet Engineering Task Force, February 2002. RFC 3205.
34. Parekh, S. Prospects for remailers. First Monday 1, 2 (August 1996). http://www.firstmonday.dk/issues/issue2/remailers/.
35. Raymond, J.-F. Traffic analysis: Protocols, attacks, design issues and open problems. In Designing Privacy Enhancing Technologies: Proceedings of International Workshop on Design Issues in Anonymity and Unobservability (2001), H. Federrath, Ed., Springer-Verlag, pp. 10-29. LNCS 2009.
36. Reiter, M. K., and Rubin, A. D. Crowds: anonymity for Web transactions. TISSEC 1, 1 (Nov. 1998), 66-92.
37. Rennhard, M., and Plattner, B. Introducing MorphMix: Peer-to-Peer based Anonymous Internet Usage with Collusion Detection. In Proceedings of the Workshop on Privacy in the Electronic Society (Washington, DC, USA, November 2002).
38. Rowland, C. H. Covert channels in the TCP/IP protocol suite. First Monday 2, 5 (May 1997).
39. Serjantov, A., Dingledine, R., and Syverson, P. From a trickle to a flood: Active attacks on several mix types. In Proceedings of Information Hiding Workshop (IH 2002) (October 2002), F. Petitcolas, Ed., Springer-Verlag, LNCS 2578.
40. Srisuresh, P., and Holdrege, M. IP Network Address Translator (NAT) Terminology and Considerations. RFC, Internet Engineering Task Force, August 1999. RFC 2663.
41. Telecommunications Industry Association, C. T. Report to the federal communications commission on surveillance of packet-mode technologies, September 2000. http://www.tiaonline.org/policy/filings/JEM_Rpt_Final_092900.pdf.
42. W3C, W. W. W. C. HTML 4.01 specification. http://www.w3.org/TR/html4/, 1999.