Robert Annessi

Publications

CCgen: Injecting Covert Channels into Network Traffic

Felix Iglesias, Fares Meghdouri , Robert Annessi, and Tanja Zseby
Security and Communication Networks, 2022

Abstract

BibTeX

Covert channels are methods to convey information clandestinely by exploiting the inherent capabilities of common communication protocols. They can be used to hide malware communication as part of cyber attacks. Here, we present CCgen, a framework for injecting covert channels into network traffic that includes modules for common covert channels at the network and transport layer and allows a smooth integration of novel covert channel techniques. Our tool—openly available and implemented in Python—enables the operation on-the-fly in live communications as well as the manipulation of network traffic packet captures. We evaluate a first prototype by generating a varied assortment of covert channels based on state-of-the-art techniques and check their detectability with Suricata, a popular, open-source intrusion prevention and detection system. The injected covert channels remain mostly undetected. Our proposal fills a gap within the diversity of openly available tools for cybersecurity research and education. It builds a flexible environment for experts to test analysis algorithms, thus also enabling advanced training in applied network steganography.

@article{annessiCCgen2022,
author = {Iglesias Vazquez, Felix and Meghdouri, Fares and Annessi, Robert and Zseby, Tanja},
title = {CCgen: Injecting Covert Channels into Network Traffic},
journal = {Security And Communication Networks},
year = {2022},
volume = {2022},
pages = {1--11},
url = {https://www.hindawi.com/journals/scn/2022/2254959/},
doi = {10.1155/2022/2254959},
keywords = {covert channels, network traffic analysis, steganography}
}

Final version

Improving Security for Users of Decentralized Exchanges Through Multiparty Computation

Robert Annessi and Ethan Fast
IEEE International Conference on Blockchain (Blockchain), 2021 (acceptance rate: 24.7%)

Abstract

BibTeX

Decentralized cryptocurrency exchanges offer compelling security benefits over centralized exchanges: users control their funds and avoid the risk of an exchange hack or malicious operator. However, because user assets are fully accessible by a secret key, decentralized exchanges pose significant internal security risks for trading firms and automated trading systems, where a compromised system can result in total loss of funds. Centralized exchanges mitigate this risk through API key based security policies that allow professional users to give individual traders or automated systems specific and customizable access rights such as trading or withdrawal limits. Such policies, however, are not compatible with decentralized exchanges, where all exchange operations require a signature generated by the owner’s secret key. This paper introduces a protocol based upon multiparty computation that allows for the creation of API keys and security policies that can be applied to any existing decentralized exchange. Our protocol works with both ECDSA and EdDSA signature schemes and prioritizes efficient computation and communication. We have deployed this protocol on Nash exchange, as well as around several Ethereum-based automated market maker smart contracts, where it secures the trading accounts and wallets of thousands of users.

@misc{annessiMPC2021,
Author = {Robert Annessi and Ethan Fast},
Title = {Improving Security for Users of Decentralized Exchanges Through Multiparty Computation},
Year = {2021},
archivePrefix = "arXiv",
eprint = {2106.10972},
primaryClass = "cs.CR",
}

Preprint
Final version (Copyright IEEE)

Securing Group Communication in Critical Infrastructures

Robert Annessi
Dissertation, TU Wien, 2019

Abstract

BibTeX

Group communication is a ubiquitous concept in today's communication networks, and comprises broadcast, multicast, and anycast communication. Since group communication facilitates efficient data transmission to numerous receivers, it is more and more needed generally and specifically in critical infrastructures such as sensor data collection in Smart Grids, clock synchronization, and 5G networks. Surprisingly, no generally applicable method exists as yet to secure group communication from adversarial attacks. For this reason, group communication is often times either not secured at all or application-specific security measures are deployed that are not generally applicable and whose security is hard to assess.
In this thesis, we tackle a fundamental challenge in securing group communication: data origin authentication. We evaluate various data origin authentication schemes that were proposed during the last twenty-five years for their suitability to secure group communication for critical infrastructures in general and suggest a new classification for data origin authentication schemes that covers developments in recent years. With the advent of novel high-speed signature schemes, we furthermore suggest a new class of data origin authentication schemes: unrestricted-time high-speed signing. In this way, we revise the common assumption that signing every packet individually is computationally unfeasible. To validate the unrestricted-time high-speed signing class suggested in this thesis, we evaluate it for a set of applications in critical infrastructures: sensor data collection in Smart Grids, group communication in 5G networks, and clock synchronization. For clock synchronization we additionally propose a novel set of security measures against a wealth of attacks including delay attacks and discover a fundamental limitation in clock synchronization protocols: they can either be precise or secure.
An additional challenge may become prevalent when data origin authentication schemes are used on a large scale or in high-speed environments: subliminal channels in signatures. We analyze several high-speed signature schemes for their susceptibility to subliminal channels and find all of them to be susceptible. As a proof of concept, we introduce a method that exploits such subliminal channel for private botnet command and control communication over public blockchains. Given the results on data origin authentication, subliminal channels, and clock synchronization, we are confident that this thesis contributes to the foundation of secure group communication in critical infrastructures.

@phdthesis{annessi2019thesis,
title={Securing Group Communication in Critical Infrastructures},
author={Robert Annessi},
year={2019},
school={TU Wien},
}

Final version

Encryption is Futile: Delay Attacks on High-Precision Clock Synchronization

Robert Annessi, Joachim Fabini, Felix Iglesias, Tanja Zseby
preprint, 2018

Abstract

BibTeX

Clock synchronization has become essential to modern societies since many critical infrastructures depend on a precise notion of time. This paper analyzes security aspects of high-precision clock synchronization protocols, particularly their alleged protection against delay attacks when clock synchronization traffic is encrypted using standard network security protocols such as IPsec, MACsec, or TLS. We use the Precision Time Protocol (PTP), the most widely used protocol for high-precision clock synchronization, to demonstrate that statistical traffic analysis can identify properties that support selective message delay attacks even for encrypted traffic. We furthermore identify a fundamental conflict in secure clock synchronization between the need of deterministic traffic to improve precision and the need to obfuscate traffic in order to mitigate delay attacks.
A theoretical analysis of clock synchronization protocols isolates the characteristics that make these protocols vulnerable to delay attacks and argues that such attacks cannot be prevented entirely but only be mitigated. Knowledge of the underlying communication network in terms of one-way delays and knowledge on physical constraints of these networks can help to compute guaranteed maximum bounds for slave clock offsets. These bounds are essential for detecting delay attacks and minimizing their impact. In the general case, however, the precision that can be guaranteed in adversarial settings is orders of magnitude lower than required for high-precision clock synchronization in critical infrastructures, which, therefore, must not rely on a precise notion of time when using untrusted networks.

@misc{annessidelayattacks2018,
Author = {Robert Annessi and Joachim Fabini and Felix Iglesias and Tanja Zseby},
Title = {Encryption is Futile: Delay Attacks on High-Precision Clock Synchronization},
Year = {2018},
archivePrefix = "arXiv",
eprint = {1811.08569},
primaryClass = "cs.CR",
}

Preprint

To Trust or Not to Trust: Data Origin Authentication for Group Communication in 5G Networks

Robert Annessi, Joachim Fabini, Tanja Zseby
ARES Workshop on 5G Networks Security (5G-NS), 2018

Abstract

BibTeX

With the expected massive increase in high-bandwidth applications over 5G cellular networks, the efficient use of radio-network and core-network infrastructures becomes essential. Group communication is a method for transmitting data efficiently from one source to many receivers. In this paper we study the security provided in terms of authenticity and integrity for group communication in 5G networks. We identify that the current security solutions involve trusting the benignity and operational security of network operators as well as its users since the current security solutions do not provide data origin authentication. Based on this insight, we present two attack scenarios in which an adversary exploits the provided level of authenticity such that arbitrary data can be injected maliciously while receivers consider the data as if they were sent by the claimed source. We evaluate potential approaches to provide data origin authentication in 5G and show that future research is required for a general solution.

@inproceedings{annessi5G2018,
author = {Annessi, Robert and Fabini, Joachim and Zseby, Tanja},
title = {To Trust or Not to Trust: Data Origin Authentication for Group Communication in 5G Networks},
booktitle = {Proceedings of the 13th International Conference on Availability, Reliability and Security},
series = {ARES 2018},
year = {2018},
isbn = {978-1-4503-6448-5},
location = {Hamburg, Germany},
pages = {43:1--43:7},
articleno = {43},
numpages = {7},
url = {http://doi.acm.org/10.1145/3230833.3233252},
doi = {10.1145/3230833.3233252},
acmid = {3233252},
publisher = {ACM},
address = {New York, NY, USA},
}

Preprint
Final version

ChainChannels: Private Botnet Communication Over Public Blockchains

Davor Frkat, Robert Annessi, Tanja Zseby
IEEE International Conference on Blockchain (Blockchain), 2018 (acceptance rate: 15.3%)

Abstract

BibTeX

Botnets provide the basis for a wide range of malicious activities in the Internet. Sophisticated Command & Control infrastructures aim to prevent the detection and takedown of botnets and therefore pose a big challenge in the battle against network attacks of all kinds. In this paper we present a method for covert botnet communication that exploits the digital signatures used in blockchains to inject subliminal messages. We show how subliminal messages can be included in signatures and distributed in blockchain transactions to the bots. We also show how keying material required for extracting the subliminal information can be transmitted privately to bots by being stored in a public blockchain. As proof of concept we injected a subliminal message and a key in the Bitcoin blockchain and show how this information can be extracted from the transaction.
Our method allows to establish a hidden Command & Control infrastructure over blockchains and send instructions to all bots without any suspicious communication activities. The method relies only on digital signatures and is therefore applicable to numerous blockchains. The subliminal communication can not be distinguished from legitimate transactions and mitigation would require to redesign the blockchains to use new subliminal-free signature schemes. Our method provides a general hidden distribution channel over blockchains and can be also applied to other scenarios where information needs to be transmitted covertly. It scales extremely well with the number of receivers (here bots), and subliminal messages can even be distributed over different blockchains to exploit specific features of blockchains such as low transaction cost or fast confirmation times or to further obfuscate the existence of the C&C communication.

@inproceedings{subliminalblockchain2018,
author = {Davor Frkat and Robert Annessi and Tanja Zseby},
title = {{ChainChannels: Private Botnet Communication Over Public Blockchains}},
booktitle = {Proceedings of the IEEE International Conference on Blockchain (Blockchain)},
year = {2018},
numpages = {9},
}

Preprint

Subliminal Channels in High-Speed Signatures

Alexander Hartl, R. Annessi, T. Zseby
Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), 2018

Abstract

BibTeX

Subliminal channels in digital signatures can be used to secretly transmit information between two or more communication partners. If subliminal messages are embedded in standard signatures in network protocols, neither network operators nor legitimate receivers notice any suspicious activity. Subliminal channels already exist in older signatures, such as ElGamal and ECDSA. Nevertheless, in classical network protocols such signatures are used only sparsely, e.g., during authentication in the protocol setup. Therefore, the overall potential subliminal bandwidth and their usability as carrier for hidden messages or information leakage is limited. However, with the advent of high-speed signatures such as EdDSA and MQ-based signatures such as PFlash or MQQ-SIG, scenarios such as signed broadcast clock synchronization or signed sensor data export become feasible. In those scenarios large sequences of packets are each individually signed and then transferred over the network. This increases the available bandwidth for transmitting subliminal information significantly and makes subliminal channels usable for large scale data exfiltration or even the operation of command and control structures. In this paper, we show the existence of subliminal channels in recent high-speed signatures and discuss the implications of the ability to hide information in a multitude of packets in different example scenarios: broadcast clock synchronization, signed sensor data export, and classical TLS. In a previous paper we already presented subliminal channels in the EdDSA signature scheme. We here extend this work by investigating subliminal channels in MQ signatures. We present specific results for existing MQ signatures but also show that whole classes of MQ-based methods for constructing signature schemes are prone to the existence of subliminal channels. We then discuss the applicability of different countermeasures against subliminal channels but conclude that none of the existing solutions can sufficiently protect against data exfiltration in network protocols secured by EdDSA or MQ signatures.

@ARTICLE{subliminal2018,
Author = {Alexander Hartl and Robert Annessi and Tanja Zseby},
title = {{Subliminal Channels in High-Speed Signatures}},
journal = {Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA)},
volume = {9},
number = {1},
year = {2018},
month = {March},
pages = {30--53},
ee = {http://dx.doi.org/10.22667/JOWUA.2018.03.31.030}
}

Final version

Analytic Study of Features for the Detection of Covert Timing Channels in Network Traffic

F. Iglesias Vazquez, R. Annessi, T. Zseby
Journal of Cyber Security and Mobility, 2017

Abstract

BibTeX

Covert timing channels are security threats that have concerned the expert community from the beginnings of secure computer networks. In this paper we explore the nature of covert timing channels by studying the behavior of a selection of features used for their detection. Insights are obtained from experimental studies based on ten covert timing channels techniques published in the literature, which include popular and novel approaches. The study digs into the shapes of flows containing covert timing channels from a statistical perspective as well as using supervised and unsupervised machine learning algorithms. Our experiments reveal which features are recommended for building detection methods and draw meaningful representations to understand the problem space. Covert timing channels show high histogram-distance based outlierness, but insufficient to clearly discriminate them from normal traffic. On the other hand, traffic features do show dependencies that allow separating subspaces and facilitate the identification of covert timing channels. The conducted study shows the detection difficulties due to the high shape variability of normal traffic and suggests the implementation of semi-supervised techniques to develop accurate and reliable detectors.

@article{timing2017,
author = {Felix Iglesias Vazquez and Robert Annessi and Tanja Zseby},
title = {{Analytic Study of Features for the Detection of Covert Timing Channels in Network Traffic}},
journal = {Journal of Cyber Security and Mobility},
year = {2017},
volume = {6},
number = {3},
pages = {225--270},
doi = {10.13052/jcsm2245-1439.632}
}

Preprint
Final version

A new Direction for Research on Data Origin Authentication in Group Communication

Annessi, Robert and Zseby, Tanja and Fabini, Joachim
16th International Conference on Cryptology and Network Security (CANS), 2017 (acceptance rate: 27.2%)

Abstract

BibTeX

Group communication facilitates efficient data transmission to multiple receivers by reducing data replication efforts both at the sender and in the network. Group communication is used in today's communication networks in many ways, such as broadcasting in cellular networks, IP multicast on the network layer or as application layer multicast. Despite many efforts in providing data origin authentication for specific application areas in group communication, no efficient and secure all-purpose solution has been proposed so far.
In this paper, we analyze data origin authentication schemes from 25 years of research. We distinguish three general approaches to address the challenge and assign six conceptually different classes to the three approaches. We show that each class comprises a trade-off from a specific point of view such that it is not generally applicable to group communication. We then propose to add a new class of schemes based on recent high-performance digital signatures. We argue that the high-speed signing approach is secure, resource efficient and can be applied with acceptable communication overhead. This new class therefore provides a solution that is generally applicable and should be the foundation of future research on data origin authentication for group communication.

@inproceedings{AnnessiGroupPosition2017,
author = {Robert Annessi and Tanja Zseby and Joachim Fabini},
title = {{A new Direction for Research on Data Origin Authentication in Group Communication}},
booktitle = {Proceedings of the 16th International Conference on Cryptology and Network Security},
series = {CANS '17},
year = {2017},
numpages = {10},
}

Preprint
Final version

A Subliminal Channel in EdDSA: Information Leakage with High-Speed Signatures

Hartl, Alexander and Annessi, Robert and Zseby, Tanja
9th ACM CCS International Workshop on Managing Insider Security Threats (MIST), 2017, (acceptance rate: 39%)

Abstract

BibTeX

Subliminal channels in digital signatures provide a very effective method to clandestinely leak information from inside a system to a third party outside. Information can be hidden in signature parameters in a way that both, network operators and legitimate receivers, would not notice any suspicious traces.
Subliminal channels have previously been discovered in other signatures, such as ElGamal and ECDSA. Those signatures are usually just sparsely exchanged in network protocols, e.g. during authentication. Therefore the usability for leaking information is limited and the existence of the subliminal channel may be tolerable in some scenarios. However, with the advent of high-speed signatures, such as EdDSA, now scenarios become feasible where numerous packets with individual signatures are transferred between communicating parties. This significantly increases the bandwidth for transmitting subliminal information. Examples are broadcast clock synchronization or signed sensor data export. A subliminal channel in signatures appended to a large number of packets allows the transmission of a high amount of hidden information, suitable for large scale data exfiltration or even the operation of command and control structures.
In this paper, we show the existence of a broadband subliminal channel in the EdDSA signature scheme. We then discuss the implications of the subliminal channel in practice using thee different scenarios: broadcast clock synchronization, signed sensor data export and classical TLS. We perform several experiments to show the use of the subliminal channel and measure the actual bandwidth of the subliminal information that can be leaked. We then discuss the applicability of different countermeasures against subliminal channels from other signature schemes to EdDSA but conclude that none of the existing solutions can sufficiently protect against data exfiltration in network protocols that are secured by EdDSA.

@inproceedings{SubliminalEdDSA2017,
author = {Alexander Hartl and Robert Annessi and Tanja Zseby},
title = {A Subliminal Channel in EdDSA: Information Leakage with High-Speed Signatures},
booktitle = {Proceedings of the 2017 International Workshop on Managing Insider Security Threats},
series = {MIST '17},
year = {2017},
isbn = {978-1-4503-5177-5},
location = {Dallas, Texas, USA},
pages = {67--78},
numpages = {12},
doi = {10.1145/3139923.3139925},
acmid = {3139925},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {censorship circumvention, cyber-physical systems, data exfiltration, digital signatures, ed25519, eddsa, information hiding, information leakage, network protocols, network security, subliminal channels},
}

Preprint
Final version

SecureTime: Securing Multicast Time Synchronization

Annessi, Robert and Fabini, Joachim and Zseby, Tanja
preprint, 2017

Abstract

BibTeX

Due to the increasing dependency of critical infrastructure on synchronized clocks, network time synchronization protocols have become an attractive target for attackers. We identify data origin authentication as the key security objective and suggest to employ recently proposed high-performance digital signature schemes (Ed25519 and MQQ-SIG)) as foundation of a novel set of security measures to secure multicast time synchronization. We conduct experiments to verify the computational and communication efficiency for using these signatures in the standard time synchronization protocols NTP and PTP. We propose additional security measures to prevent replay attacks and to mitigate delay attacks. Our proposed solutions cover 1-step mode for NTP and PTP and we extend our security measures specifically to 2-step mode (PTP) and show that they have no impact on time synchronization's precision.

@misc{SecureTime2017,
Author = {Robert Annessi and Joachim Fabini and Tanja Zseby},
Title = {SecureTime: Secure Multicast Time Synchronization},
Year = {2017},
archivePrefix = "arXiv",
eprint = {1705.10669},
primaryClass = "cs.CR",
}

Preprint

Decision Tree Rule Induction for Detecting Covert Timing Channels in TCP/IP Traffic

Felix Iglesias, Valentin Bernhardt, Robert Annessi and Tanja Zseby
International Cross Domain Conference for Machine Learning & Knowledge Extraction (CD-MAKE), 2017, (acceptance rate: 24%)

Abstract

BibTeX

The detection of covert channels in communication networks is a current security challenge. By clandestinely transferring information, covert channels are able to circumvent security barriers, compromise systems, and facilitate data leakage. A set of statistical methods called DAT (Descriptive Analytics of Traffic) has been previously proposed as a general approach for detecting covert channels. In this paper, we implement and evaluate DAT detectors for the specific case of covert timing channels. Additionally, we propose machine learning models to induce classification rules and enable the fine parameterization of DAT detectors. A testbed has been created to reproduce main timing techniques published in the literature; consequently, the testbed allows the evaluation of covert channel detection techniques. We specifically applied Decision Trees to infer DAT-rules, achieving high accuracy and detection rates. This paper is a step forward for the actual implementation of effective covert channel detection plugins in modern network security devices.

@inproceedings{timingDAT2017,
author = {Felix Iglesias and Valentin Bernhardt and Robert Annessi and Tanja Zseby},
title = {Decision Tree Rule Induction for Detecting Covert Timing Channels in TCP/IP Traffic},
booktitle = {International Cross Domain Conference for Machine Learning \& Knowledge Extraction (CD-MAKE)},
year = {2017},
}

Preprint
Final version (Copyright Springer)

It's About Time: Securing Broadcast Time Synchronization with Data Origin Authentication

Annessi, Robert and Fabini, Joachim and Zseby, Tanja
IEEE International Conference on Computer Communications and Networks (ICCCN), 2017 (acceptance rate: 33%)

Abstract

BibTeX

Network time synchronization protocols are an attractive target for attackers due to the increasing dependency of critical infrastructure on synchronized clocks. We identify data origin authentication as the key security objective to prevent malicious time announcements. In this paper, we therefore conduct a comprehensive, theoretical evaluation of data origin authentication schemes from different application fields with regard to their applicability to secure broadcast time synchronization. Some of the evaluated schemes were found to be susceptible to message delay attacks in the context of time synchronization - including TESLA, the approach currently favored by the IETF NTP group and also on the shortlist of the P1588 Security Subcommittee for PTP. Whereas, two of the evaluated schemes come somewhat close to meeting the evaluation criteria derived from our time synchronization specific threat analysis, and therefore qualify as promising candidates to secure broadcast time synchronization.

@INPROCEEDINGS{8038418,
author={Robert Annessi and Joachim Fabini and Tanja Zseby},
booktitle={2017 26th International Conference on Computer Communication and Networks (ICCCN)},
title={It's about Time: Securing Broadcast Time Synchronization with Data Origin Authentication},
year={2017},
pages={1-11},
keywords={Authentication;Delays;Protocols;Servers;Synchronization;Unicast},
doi={10.1109/ICCCN.2017.8038418},
month={July},}

Preprint
Final version (Copyright IEEE)

DAT detectors - uncovering TCP/IP covert channels by descriptive analytics

Iglesias, Felix and Annessi, Robert and Zseby, Tanja
Security and Communication Networks, Wiley, 2016

Abstract

BibTeX

Covert channels provide means to conceal information transfer between hosts and bypass security barriers in communication networks. Hidden communication is of paramount concern for governments and companies, because it can conceal data leakage and malware communication, which are crucial building blocks used in cyber crime. We propose detectors based on descriptive analytics of traffic (DAT) to facilitate revealing network and transport layer covert channels originated from a wide spectrum of published data-hiding techniques. DAT detectors transform communication data into flexible feature vectors that represent traffic by a set of extracted calculations and estimations. For the case of covert channels, the core of the detection is performed by the combined application of autocorrelation calculations and multimodality measures built upon kernel density estimations and Pareto charts. DAT detectors are devised to be embedded as extensions of network intrusion detection systems, being able to perform fast, lightweight analysis of numerous flows. The present paper focuses specifically on TCP/IP traffic and provides suitable classifications of TCP/IP fields and related covert channel techniques from the perspective of the statistical detection. The proposed methodology is evaluated with public traffic datasets as well as covert channels generated according to main techniques described in the related literature.

@article{iglesias2016dat,
author = {Felix Iglesias Vazquez and Robert Annessi and Tanja Zseby},
title = {DAT detectors: uncovering TCP/IP covert channels by descriptive analytics},
journal = {Security And Communication Networks},
year = {2016},
doi = {10.1002/sec.1531},
keywords = {covert channels, network security, statistical analysis}
}

Preprint
Final version

NavigaTor: Finding Faster Paths to Anonymity

Annessi, Robert and Schmiedecker, Martin
IEEE European Symposium on Security and Privacy (Euro S&P), 2016 (acceptance rate: 17.3%)

Abstract

BibTeX

The Tor network is currently by far the most popular system for providing anonymity on the Internet. Even though both latency and throughput have been significantly improved in recent years, Tor users still experience variable delays on connecting to servers. Such delays have been shown to be especially harmful for browsing the web and prevent altogether the use of protocols where a certain quality of service is indispensable.
In this paper we propose and evaluate methods to measure and improve performance in the Tor network. To estimate the quality of circuits for future traffic, we use active Round-Trip-Time (RTT) measurements and a-priori information of the distribution of RTT values. In this way, slow circuits can be discarded before having negative impact on user experience. Using NavigaTor, our high performance measurement software which includes a custom Tor path generator, we are the first to conduct large-scale performance measurements on the live Tor network, building millions of circuits within days, without stressing the anonymity network. As part of our study, we conduct several experiments from PlanetLab on the live Tor network to analyze the trade-off between the quality of protection and the quality of service. We compare our Circuit-RTT method to the current state-of-the-art method Circuit Build Time (CBT) and the more recently proposed congestion-aware scheme, finding that the congestion-aware scheme in its original design achieves only minor improvements on the current Tor network and that Circuit-RTT improves latency and throughput more effectively than CBT.

@inproceedings{annessi2016navigator,
author = {Robert Annessi and Martin Schmiedecker},
title = {NavigaTor: Finding Faster Paths to Anonymity},
booktitle = {IEEE European Symposium on Security and Privacy (Euro S{\&}P)},
year = {2016},
numpages = {13},
doi = {10.1109/EuroSP.2016.26},
keywords = {Tor, Quality of Service, RTT, Anonymity}
}

Preprint
Final version (Copyright IEEE)

A Network Steganography Lab on Detecting TCP/IP Covert Channels

Zseby, Tanja and Iglesias Vazquez, Felix and Bernhardt, Valentin and Frkat, Davor and Annessi, Robert
IEEE Transactions on Education, 2016

Abstract

BibTeX

This paper presents a network security laboratory to teach data analysis for detecting TCP/IP covert channels. The laboratory is mainly designed for students of electrical engineering but is open to students of other technical disciplines with similar background. Covert channels provide a method for leaking data from protected systems, which is a major concern for big enterprises and governments. The inclusion of covert channels in the curricula of network security students and network data analysts is therefore considered a valuable extension. In the lab exercises presented, students learn how covert channels in TCP/IP network traffic can be hidden and detected. Since the detection of covert channels requires an in-depth understanding of protocol standards and typical behavior of TCP/IP flows, the lab also provides a "playground" in which students can deepen their communication networks knowledge. Students learn how to use and interpret statistical analysis to discover abnormal patterns and footprints in network data. They are also trained to deal with noisy scenarios which increase ambiguity and uncertainty. The laboratory was first implemented during the winter semester 2014 with a class of 18 students at TU Wien, Austria. This experience showed that students consolidated the targeted skills as well as increased their interest in the topics explored. All exercises and datasets for the introduced "Network Security Advanced" lab are made publicly available.

@article{zseby2016network,
author = {Tanja Zseby and Felix Iglesias Vazquez and Valentin Bernhardt and Davor Frkat and Robert Annessi},
title = {A Network Steganography Lab on Detecting TCP/IP Covert Channels},
journal = {IEEE Transactions on Education},
year = {2016},
volume = {PP},
number = {99},
pages = {1--9},
doi = {10.1109/TE.2016.2520400},
keywords = {Communication system security;data analysis;engineering education;steganography;covert channels}
}

Preprint
Final version (Copyright IEEE)

Lower-Latency Anonymity - Latency Reduction in the Tor Network using Circuit-Level Round-Trip-Time Measurements

Annessi, Robert
Master's thesis, Vienna University of Technology, 2014

Abstract

BibTeX

With the tremendous increases in communication over the Internet, privacy issues have become more and more important. In the interest of allowing people to communicate without revealing potentially identifying information, much research and effort has been put forth to develop anonymous communication protocols, which became the technical basis for promoting freedom of speech, achieving privacy, and overcoming censorship on the Internet. The most widespread and well researched anonymity system is Tor, which achieves a reasonable balance between the conflicting demands of performance and security.
Although both latency and throughput have been improved significantly in recent years, Tor users still occasionally experience long and variable delays. Such delays are not only harmful for interactive web users, who create the vast majority of connections in the Tor network, but they also prevent altogether the use of real-time protocols, such as the Voice-over-Internet Protocol, where a certain quality of service is indispensable.
In this thesis we find our means to decrease latency, the most important property from users’ perspective. In our approach, clients actively measure Round-Trip-Times (RTT) of circuits after they have been established and drop slow circuits before they begin to be used. We conduct several experiments on the live Tor network, to verify our assumption that the use of lightweight, active RTT measurements can achieve latency improvements. Our results show that this approach achieves an improvement not only in latency, but also in throughput, and in anonymity.

@mastersthesis{annessi2014lower,
title={Lower-Latency Anonymity - Latency Reduction in the Tor Network using Circuit-Level Round-Trip-Time Measurements},
author={Robert Annessi},
year={2014},
school={Vienna University of Technology},
url = {http://publik.tuwien.ac.at/files/PubDat_237768.pdf},
keywords = {Anonymity, Tor, Latency}
}

“... everything is interesting

if you go into it

deeply enough.”

Richard Feynman

Research Statement

Contact