Beruflich Dokumente
Kultur Dokumente
1. INTRODUCTION
User anonymity is one important confidentiality criterion for many applications, ranging from peer-to-peer file sharing and anonymous web browsing or e-mail, to various forms of electronic commerce, and finally to electronic voting. The nature of many such applications requires that the identity of either one or more of the participants remains confidential either from the other participant(s) or from third parties. The anonymity of a system can be passively attacked by an observer in two ways, either through inspection of payload or headers of the exchanged data packets, or, when encryption is used, through traffic analysis. Sufficiently effective encryption can be used to prevent packet content inspection, giving prevalence to the second form of attack. Traffic analysis is typically countered by the use of intermediary nodes, whose role is to perturb the traffic flow and thus confuse an external observer. Such intermediaries delay and reroute exchanged messages, reorder them, pad their size, or perform other operations. Chaum proposed such a mix network to handle mail traffic. The original Chaum mix network operates on entire mail messages at a time and therefore does not need to pay particular attention to latency added by the mixes. Increasingly, the data exchanged exceed by far the capacity of mixes, for example, in file-sharing applications. As a result, current mixes operate on individual packets of a flow rather than on entire messages. In conjunction with source routing at the sender, this allows for very efficient network-level implementations of mix networks. Mixes are also being used in applications where low latency is relevant, for example, voice-over-IP or video streaming. Many other applications, such as traditional FTP or file-sharing applications rely on delay-sensitive protocols, such as TCP, and are therefore in turn delay-sensitive as well. For such applications, it is well known that the level of traffic perturbation caused by the mix network must be carefully chosen in order to not unduly affect delay and throughput requirements of the applications. It is difficult to assess the improvement of anonymity that one attains for any given cost in form of added latency and perturbation to traffic streams. Moreover, few quantitative guidelines exist on how different perturbation mechanisms perform
2. SYSTEM STUDY
2.1. EXISTING SYSTEM
Idea of anonymous communication is introduced in 1981. Since then, researchers have applied the idea to different applications such as message-based e-mail and flowbased low-latency communications, and they have developed new defense techniques as more attacks have been proposed.
For anonymous e-mail applications, Chaum proposed using relay servers, called mixes, which encrypt and reroute messages. An encrypted message is analogous to an onion constructed by a sender, who sends the onion to the first mix: y Using its private key, the first mix peels off the firstlayer, which is encrypted using the public key of thefirst mix. y Inside the first layer is the second mixs address and the rest of the onion, which is encrypted with the second mixs public key. y After getting the second mixs address, the first mixforwards the peeled onion to the second mix. Thisprocess repeats all the way to the receiver. y The core part of the onion is the receivers addressand the real message to be sent to the receiver by thelast mix.
2.2.
PROPOSED SYSTEM
Focusing on the quantitative evaluation of mix performance and flow-correlation attack. In general, flow-correlation attacks attempt to reduce the anonymity degree by estimating the path of flows through the mix network. Flow correlation analyzes the traffic on a set of links inside the network and estimates the likelihood for each link to be on the path of the flow under consideration. An adversary analyzes the network traffic with the intention of identifying which of several output ports a flow at an input port of a mix is taking. Obviously, flow correlation helps the adversary identify the path of a flow and consequently reveal other critical information related to the flow.
2.3.
MODULES
Our Application has following Anonymity Client, Intermediate simple mix and Secured Server. Implementation includes two objectives. They are y Client and Server Response using a mix network, which includes Performance analysis. y On the other hand detecting the malicious packet data loss, this includes performance analysis using graph.
Sender
Mix Network
Receiver
Access File Whenever the server gets a request from the mix network or anonymity client it searches for the file in the database and sends the file over secured anonymity mix network. Eavesdropper cannot correlate the exact input flow and outflow of data packets.
3. LITERATURE SURVEY
Literature survey is the most important step in software development process. Before developing the tool it is necessary to determine the time factor, economy n company strength. Once these things are satisfied, then next step is to determine which operating system and language can be used for developing the tool. Once the programmers start building the tool the programmers need lot of external support. This support can be obtained from senior programmers, from book or from websites. Before building the system the above consideration r taken into account for developing the proposed system.
How to find the probability distribution in real situations? Understanding the real attacks?
We still dont know how hard or easy to monitor part of or entire of an anonymity system. Degree of anonymity is then relative to attackers Any standardized absolute degree possible?
The global passive attacker. This is, perhaps, the most common threat model in the literature. The adversary is able to observe (but not modify) all network traffic, and is unable to see inside any of the mixes. The global active attacker. This adversary is able to observe and modify all network traffic. In particular, he is able to inject an arbitrary amount of traffic into the system in a very short time and delay traffic for an arbitrary length of time. The global passive attacker with many compromised mixes. This is a very strong attacker model used by, for instance, Berthold, Pfitzmann and Standtke in [13]. The only requirement is that there is at least one honest (uncompromised) mix on the path of the message. Recall that by compromised" Means that the attacker knows the private key of the mix or can otherwise determine the correspondence between the incoming and the outgoing messages of the mix. If the attacker is the superuser on the machine running the mix, he is an active attacker. The global active attacker with many compromised mixes. A combination of the latter two threat models. A sub-global attacker. This is a large class of attackers that have the ability to monitor some links in the anonymity system, and possibly have some of their own nodes forwarding traffic. All the real attackers almost certainly fall into this category. However, it is difficult to pin down precisely what a real attacker might look like within this class. Mix networks are much harder to analyze. First of all, their properties are heavily dependent on how routes are chosen. This is often done by the users, which are hard to model. Nevertheless, it is clear that the scalability and reliability of mix networks are better than that of cascades, though these properties have not been rigorously quantified or compared. Finally, quantifying the anonymity that a mix network provides has proved elusive for several years. In this thesis we make considerable progress towards this goal. An efficient way of calculating the anonymity of a mix network would enable us to look at properties of mix cascades and mix networks and make a detailed comparison. It has generally been considered that mix networks are secure against the global passive attacker; though they are not secure against the global passive attacker with many compromised mixes. The reader may and the above statements odd {what is Secure" in the context of an anonymity system? What we mean by \an anonymity system is secure
8
against X" is that the adversary X does not significantly reduce the anonymity of the system from that which it was designed to provide. Or, more simply (though more subjectively), a significant amount of anonymity is maintained against threat model X
4. SYSTEM ANALYSIS
4.1. ARCHITECTURE
10
In experiments, this flow carries packets at a rate of 100 packets per second (pps). The traffic from S1 to R2 serves as the random noise traffic to the FTP client. The traffic from node S1 to node R1 is the cross traffic through mix M from the perspective of the FTP flow. Adjust the rate of cross traffic and of the noise traffic so that the traffic rates on both output links of the mix is approximately 500 pps. The objective of the adversary here is to identify the output link that carries the FTP flow.
11
5. SOFTWARE ENIVIRONMENT
5.1. JAVA TECHNOLOGY
Java technology is both a programming language and a platform. With most programming languages, you either compile or interpret a program so that you can run it on your computer. The Java programming language is unusual in that a program is both compiled and interpreted. With the compiler, first you translate a program into an intermediate language called Java byte codes the platform-independent codes interpreted by the interpreter on the Java platform. The interpreter parses and runs each Java byte code instruction on the computer. Compilation happens just once; interpretation occurs each time the program is executed. The following figure illustrates how this works.
Assume Java byte codes as the machine code instructions for the Java Virtual Machine (Java VM). Every Java interpreter, whether its a development tool or a Web browser that can run applets, is an implementation of the Java VM. Java byte codes help make write once, run anywhere possible. You can compile your program into byte codes on any platform that has a Java compiler. The byte codes can then be run on any implementation of the Java VM. That means that as long as a computer has a Java VM, the same program written in the Java programming language can run on Windows 2000, a Solaris workstation, or on an iMac.
12
5.1.1. The Java Platform A platform is the hardware or software environment in which a program runs. Weve alreadymentioned some of the most popular platforms like Windows 2000, Linux, Solaris, and MacOS.Most platforms can be described as a combination of the operating system and hardware. The Java platform differs from most other platforms in that its a software-only platform that runs on top of other hardware based platforms. The Java platform has two components:
y y
The Java Virtual Machine (Java VM) The Java Application Programming Interface (Java API)
Youve already been introduced to the Java VM. Its the base for the Java platform and is ported onto various hardware-based platforms. The Java API is a large collection of ready-made software components that provide many useful capabilities, such as graphical user interface (GUI) widgets. The Java API is grouped into libraries of related classes and interfaces; these libraries are known as packages. The next section, What Can Java Technology Do? Highlights what functionality some of the packages in the Java API provide. The following figure depicts a program thats running on the Java platform. As the figure shows, the Java API and the virtual machine insulate the program from the hardware.
13
Native code is code that after you compile it, the compiled code runs on a specific hardware platform. As a platform-independent environment, the Java platform can be a bit slower than native code. However, smart compilers, well-tuned interpreters, and justin-time byte code compilers can bring performance close to that of native code without threatening portability. 5.1.2. Advantages of Java
The most common types of programs written in the Java programming language are applets and applications. An applet is a program that adheres to certain conventions that allow it to run within a Java-enabled browser. However, the Java programming language is not just for writing cute, entertaining applets for the Web. The general-purpose, highlevel Java programming language is also a powerful software platform. Using the generous API, you can write many types of programs. An application is a standalone program that runs directly on the Java platform. A special kind of application known as a server serves and supports clients on a network. Examples of servers are Web servers, proxy servers, mail servers, and print servers. Another specialized program is a servlet. A servlet can almost be thought of as an applet that runs on the server side. Java Servlets are a popular choice for building interactive web applications, replacing the use of CGI scripts. Servlets are similar to applets in that they are runtime extensions of applications. Instead of working in browsers, though, servlets run within Java Web servers, configuring or tailoring the server. How does the API support all these kinds of programs? It does so with packages of software components that provides a wide range of functionality. Every full implementation of the Java platform gives you the following features:
y
The essentials: Objects, strings, threads, numbers, input and output, data structures, system properties, date and time, and so on.
14
y y
Applets: The set of conventions used by applets. Networking: URLs, TCP (Transmission Control Protocol), UDP (User Data gram Protocol) sockets, and IP (Internet Protocol) addresses.
Internationalization: Help for writing programs that can be localized for users worldwide. Programs can automatically adapt to specific locales and be displayed in the appropriate language.
Security: Both low level and high level, including electronic signatures, public and private key management, access control, and certificates.
Software components: Known as JavaBeans, can plug into existing component architectures.
Object serialization: Allows lightweight persistence and communication via Remote Method Invocation (RMI). Java Database Connectivity (JDBCTM): Provides uniform access to a wide range of relational databases. The Java platform also has APIs for 2D and 3D graphics, accessibility, servers, collaboration, telephony, speech, animation, and more. The following figure depicts what is included in the Java 2 SDK.
5.2. NETWORKING
5.2.1. TCP/IP Stack
Application
Application
OSI 5-7
TCP
UDP
OSI 4
IP
OSI 3
H/w Interface
OSI 1-2
TCP is a connection-oriented protocol; UDP (User Datagram Protocol) is a connectionless protocol. 5.2.2.
IP DATAGRAM
The IP layer provides a connectionless and unreliable delivery system. It considers each datagram independently of the others. Any association between datagram must be supplied by the higher layers. The IP layer supplies a checksum that includes its own header. The header includes the source and destination addresses. The IP layer handles routing through an Internet. It is also responsible for breaking up large datagram into smaller ones for transmission and reassembling them at the other end. 5.2.3. UDP
When UDP is used between a pair of Mixes, the approach is usually quite different: an application communicates directly with the server and is unaware of the MIX network. On the users computer, data is extracted after the IP-layer and after removal of information that could possibly identify the users computer such as its IP-address inserted into a UDP datagram. This data is then sent through the MIX network, hop-byhop. Note that since data has to be extracted from the IP-stack, i.e. from the kernel space, different operating systems have to be specially supported. Additionally, extracting data from the IP-stack is usually not possible without special privileges.
16
With UDP, there are also no guarantees that the data gets through theMIX network. If the application uses TCP, the endpoints of the connection are the users computer and the server: if a UDP datagram is lost on the way from the server to the users computer, the TCP-layer in the server eventually realizes that no acknowledgement has arrived and therefore retransmits the data. An advantage of using UDP between Mixes is its transparency to the end-to-end transport and application protocols. Therefore, customization to a particular application is not needed. Using UDP also solves the potential performance problem imposed by stalled TCP-connections in a static MIX network with only a few Mixes. However, using UDP is also dangerous since a fast sender can easily overload a slow receiver, which results in large amounts of lost datagrams. UDP makes sense in an environment where all the Mixes have similar computing power and bandwidth. In such an environment, each link between two Mixes can be tuned to its maximum throughput without having too many lost datagrams. However, it is probably very difficult to achieve the same in a dynamic and heterogeneous environment when using UDP. Taking into account the advantages and disadvantages of the two protocols, I have decided to use the TCP protocol to communicate between two nodes. The reasons for this decision are the following: y It should be possible to use MorphMix on a variety of operating systems without special privileges. This is easier with TCP than with UDP, as no data has to be extracted from the kernel space. y Taking into account the heterogeneity of the nodes participating in our network, using TCP makes life much easier. With UDP, two nodes would have to employ some sort of ow control between them to achieve acceptable performance without losing too many packets. It is questionable if one could do much better than using TCP directly. y As we will make use of xed-length messages between nodes to improve the protection from attacks, UDP would waste a lot of bandwidth: since the ACK messages of the end-to-end TCP connections are transported within UDP datagrams, the effective payload of them is only short and the datagrams would have to be padded to the xed-length of messages. With TCP, this problem does not occur as the TCP messages only transport application data and there are no application level ACKs.
17
5.2.4.
TCP
When the TCP protocol is used between a pair of Mixes, the users application usually accesses the anonymizing network in the same way a web browser accesses a web proxy: a TCP-connection is set up to the access program running on the users computer, which in turn handles the communication with the MIX network. When the data travels through the network, it is sent across TCP-connections on each link between two adjacent Mixes. To function properly, the access program usually needs to understand the protocol of each application it provides access. For instance, if it is accessed by a web browser, it needs to know part of the HTTP protocol [2] to interpret the various methods such as GET or CONNECT correctly. The disadvantage of this is that the access program has to be extended whenever a new application should be supported. On the other hand, this approach makes it quite easy to support different platforms as the access program runs only on the application level accessing the socket interface without requiring special privileges. Using TCP-connections implies that the properties of TCP Flow control and correct delivery of all data in the right order are guaranteed hop-by-hop and not end-toend between the users application and the server. Consequently, a MIX must not lose any data of an end-to-end connection or the application will usually fail. On the other hand, TCP makes the reliable communication between Mixes that have very different bandwidth connections quite easy because the transport layer takes care that all data is delivered correctly. When a packet of a TCP-connection is lost, then every end-to-end connection using that particular link stalls. In an environment with relatively few static Mixes and consequently few connections between a pair of Mixes that each carry many end-to-end connections, this could be a potential performance problem. However, in a highly dynamic environment with very many Mixes, this shouldnt be a major problem, since a connection between two Mixes never carries very many end-to-end connections. y Internet addresses
In order to use a service, you must be able to find it. The Internet uses an address scheme for machines so that they can be located. The address is a 32 bit integer which gives the IP address. This encodes a network ID and more addressing. The network ID falls into various classes according to the size of the network address.
18
Network address
Class A uses 8 bits for the network address with 24 bits left over for other addressing. Class B uses 16 bit network addressing. Class C uses 24 bit network addressing and class D uses all 32. y Subnet address
Internally, the UNIX network is divided into sub networks. Building 11 is currently on one sub network and uses 10-bit addressing, allowing 1024 different hosts. y Host address
8 bits are finally used for host addresses within our subnet. This places a limit of 256 machines that can be on the subnet. y Total address
137.92.11.13
Network
Subnet
Host
The 32 bit address is usually written as 4 integers separated by dots. y Port addresses
A service exists on a host, and is identified by its port. This is a 16 bit number. To send a message to a server, you send it to the port for that service of the host that it is running on. This is not location transparency! Certain of these ports are well known. y Sockets
A socket is a data structure maintained by the system to handle network connections. A socket is created using the call socket. It returns an integer that is like a file descriptor. In fact, under Windows, this handle can be used with Read File and Write File functions.
19
#include <sys/types.h> #include <sys/socket.h> int socket(int family, int type, int protocol); Here family will be AF_INET for IP communications, protocol will be zero, and type will depend on whether TCP or UDP is used. Two processes wishing to communicate over a network create a socket each. These are similar to two ends of a pipe but the actual pipe does not yet exist.
20
Creating an appropriate dataset interface (plus default implementation), a rendered, and integrating this with the existing XYPlot class in JfreeChart; Testing, documenting, testing some more, documenting some more. 5.3.2. Time Series Implement a new (to JfreeChart) feature for interactive time series charts --- to display a separate control that shows a small version of ALL the time series data, with a sliding view rectangle that allows you to select the subset of the time series data to display in the main chart. 5.3.3. Dashboards There is currently a lot of interest in dashboard displays. Create a flexible dashboard mechanism that supports a subset of JfreeChart chart types (dials, pies, thermometers, bars, and lines/time series) that can be delivered easily via both Java Web Start and an applet. 5.3.4. Property Editors The property editor mechanism in JfreeChart only handles a small subset of the properties that can be set for charts. Extend this mechanism to provide greater end-user control over the appearance of the charts.
21
6. SYSTEM DESIGN
6.1. STRUCTURAL DIAGRAM
6.1.1. Class Diagram Class diagrams identify the class structure of a system, including the properties and methods of each class. Also depicted are the various relationships that can exist between classes, such as an inheritance relationship. The Class diagram is one of the most widely used diagrams from the UML specification
Anonymity Client +Search: String +Status_Info: String +Available Network() +Search Pages() +Transfer Rate()
Mix Network +IPAdress: String +PortNumber: Int +Start() +Receive Request() +Transfer Request() +Respond Request()
Secure Data Server Performance +Response Time() +Received Page() +Transfer Rate() +IPAdress: String +PortNumber: Int +Start() +Receive Request() +Encrypt Response() +Send Response()
6.1.2.
Object Diagram
Object diagrams model instances of classes. This type of diagram is used to describe the system at a particular point in time. Using this technique, you can validating the class diagram and it's multiplicity rules with real-world data, and record test scenarios. From a notation standpoint, Object diagrams borrow elements from Class diagrams.
22
6.1.3. Component Diagram Component diagrams fall under the category of an implementation diagram, a kind of diagram that models the implementation and deployment of the system. A Component Diagram, in particular, is used to describe the dependencies between various software components such as the dependency between executable files and source files. This information is similar to that within make files, which describe source code dependencies and can be used to properly compile an application.
6.1.4. Deployment Diagram Deployment diagrams are another model in the implementation diagram category. The Deployment diagram models the hardware used in implementing a system and the association between those hardware components. Components can also be shown on a Deployment diagram to show the location of their deployment. Deployment diagrams can also be used early on in the design phase to document the physical architecture of a system.
Providing a high-level view of what the system does Identifying the users ("actors") of the system Determining areas needing human-computer interfaces
Use Cases extend beyond pictorial diagrams. In fact, text-based use case descriptions are often used to supplement diagrams, and explore use case functionality in more detail.
23
Select a page
Performance
All proceses
Start Server
Anonymity Client
Select a Page
24
Encrypt Response
Receive Response
Request a page
Encrypt response
Send
25
Clear
Receive packets
Packet Status
26
Packet Sender
Send
Packet Receiver
Result Analysis
End Application
6.2.2. Sequence Diagram Sequence diagrams document the interactions between classes to achieve a result, such as a use case. The Sequence diagram lists objects horizontally, and time vertically, and models these messages over time.
27
Client
Search
Performance
Mix Server
Data Server
1 : Start Application()
6 : Response Sent()
7 : Response Decrypted()
8 : Content Received()
11 : Page Received()
28
Sender
Computer
Router
Receiver
Analysis
Graph
1 : Start Application()
2 : Browse for file() 3 : Seperate the File() 4 : Send the packets() 5 : Queue Packets()
6.2.3.
Collaboration Diagram
Collaboration diagrams model the interactions between objects. This type of diagram is a cross between an object diagram and a sequence diagram. It uses free-form arrangement of objects which makes it easier to see all iterations involving a particular object.
29
11 : Page Received()
10 : Send Request()
Search 7 : Response Decrypted() Mix Server 3 : Send Request() 2 : Search available pages() 8 : Content Received() 9 : Select a page()
Sender
Receiver
6 : Send the packets() 9 : Analyze the performance() 7 : packets deleted abnormally() 5 : Queue Packets() 1 : Start Application() 2 : Browse for file() Router 10 : Display results in a Graph() Analysis
30
6.2.4. State Chart Diagram State diagrams, are used to document the various modes ("state") that a class can go through, and the events that cause a state transition. 6.2.5. Activity Diagram Activity diagrams are used to document workflows in a system, from the business level down to the operational level. The general purpose of Activity diagrams is to focus on flows driven by internal processing vs. external events.
Anonymity Client
Mix Server
Mix Server
Performance Analysis
31
7. IMPLEMENTATION
Implementation is the stage of the project when the theoretical design is turned out into a working system. Thus it can be considered to be the most critical stage in achieving a successful new system and in giving the user, confidence that the new system will work and be effective. The implementation stage involves careful planning, investigation of the existing system and its constraints on implementation, designing of methods to achieve changeover and evaluation of changeover methods.
extend our work to larger and complicated mix networks in . In fact, if we view a mix network (for example, any portion of a Tor network as one super mix, the analytical techniques in this paper can be directly applied. Description y Batching Strategies for a Mix
Batching strategies are designed to prevent not only simple timing analysis attacks, but also powerful trickle attacks. The attacks focus on the traffic characteristics. As reordering does not significantly change packet inter-arrival times for mixes that use batching, these attacks are unaffected by reordering. Thus, our results are applicable to systems that use any kind of reordering methods. More precisely, reorderings are in all cases caused by packets being delayed by the batcher, and can therefore be handled by modifying the batching algorithm accordingly. Any of the batching strategies can be implemented in two ways y Link-Based Batching
With this method, each output link has a separate queue. A newly arrived packet is put into a queue depending on its destination (and hence the link associated with the queue). Once a batch is ready from a particular queue (per the batching strategy), the packets are taken out of the queue and transmitted over the corresponding link. y Mix-Based Batching
The entire mix has only one queue. The selected batching strategy is applied to this queue. That is, once a batch is ready (per the batching strategy, the packets are taken out the queue and transmitted over links based on the packets destination.Each of these two methods has its own advantages and disadvantages. The control of link-based batching is distributed inside the mix and hence may have good efficiency. On the other hand, mixbased batching uses only one queue and hence is easier to manage.
Strategy index S0 S1 S2 Name Simple Proxy Threshold Mix Timed Mix Adjustable Parameters none <m> <t> Algorithms No batching or reordering If n = m, send n packets If timer times out, send n packets
33
S3
Threshold or Timed Mix Threshold and Timed Mix Threshold Pool Mix
< m, t >
S4 S5
S6 S7
If timer times out, send n packets; elseifn = m { send n packets; reset the timer } If (timer times out) and n m, send n packets If (timer times out) and (n > f), send n f randomly chosen packets If n = m + f, send m randomly chosen packets If (timer times out) and (n m + f), send max(1, [p( nf)]) randomly chosen packets
Step 1:
Data Collection
Step 2:
Step 3: Distance Function Selection to Measure the To Measure the Dependency between Two Flows
Step 4:
Flow Correlation
34
Algorithm: Data Collection. Assume that the adversary is able to collect information about all the packets on both input and output links. For each collected packet, the arrival time is recorded using tools such as tcpdump or Ciscos NetFlow. We assume that all the packets are encrypted and padded to the same size, and hence, only the arrival time is of interest. The arrival times of packets at input link I form a time series Ai=(ai,1,,,ai,r), Where ai,k is the kth packets arrival time at input link i, and r is the size of the sample collected during a given sampling interval. Similarly, the arrival times of packets at output link j form a time series Bj=(bj,1,,,bi,s), Where bj,k is the kth packets arrival time at output link j, and s is the size of the sample collected during a given sampling interval. The packets come out from mixes in batches. Select sampling interval that is usually much longer than the duration of a batch. Hence, a sampling interval typically contains many batches. Make the simplifying assumption that the traffic characteristic of the flow under consideration (the input flow) is known. This can be the case, for example, when the flow traffic characteristics indeed observable on a link either inside or at the edge of the mix network. Flow Pattern Vector Extraction. The strategy of the adversary is to analyze the time series Ais and Bjs in order to determine if there is any dependency between an input flow and an output flow of the mix. However, a direct analysis over these time series will not be effective. They need to be transformed into so called pattern vectors that can facilitate further analysis. Its found that effective transformation depends on batching strategies utilized by the mix. Distance Function Selection. Define the distance function d(Xi,Yj), which measures the distance between an input flow at input link i and the traffic at output link j. The smaller the distance, the more likely the flow on an input link is correlated to the corresponding flow on the output link. Clearly, the definition of the distance function is the key in the correlation analysis.
35
We have two effective distance functions: one is based on mutual information and the other is based on the frequency-spectrum-based matched filter. Flow Correlation. Once the distance function has been defined between an input flow and an output link, we can easily carry out the correlation analysis by selecting the output link whose traffic has the minimum distance to input flow pattern vector Xi. I have analyzed mix networks in terms of their effectiveness in providing anonymity and quality-of-service. Output control is flexible in controlling the overhead by adjusting the maximum packet delay Mean Time Detection. Mean Time Recovery.
36
8. SYSTEM TESTING
The purpose of testing is to discover errors. Testing is the process of trying to discover every conceivable fault or weakness in a work product. It provides a way to check the functionality of components, sub-assemblies, assemblies and/or a finished product It is the process of exercising software with the intent of ensuring that the Software system meets its requirements and user expectations and does not fail in an unacceptable manner. There are various types of test. Each test type addresses a specific testing requirement.
37
Such regressions occur whenever software functionality that was previously working correctly stops working as intended. Typically, regressions occur as an unintended consequence of program changes, when the newly developed part of the software collides with the previously existing code. Common methods of regression testing include rerunning previously run tests and checking whether previously fixed faults have reemerged. The depth of testing depends on the phase in the release process and the risk of the added features. They can either be complete, for changes added late in the release or deemed to be risky, to very shallow, consisting of positive tests on each feature, if the changes are early in the release or deemed to be of low risk. Security Testing Security testing is essential for software that processes confidential data to prevent system intrusion by hackers.
39
9. TEST CASES
Testcase for anonymity client
TEST CASE # 1 PRIORITY(H,M,L): MEDIUM
TEST OBJECTIVE: To check whether searching pages available or not. TEST DESCRIPTION: To check whether searching pages have available access permissions. REQUIREMENTS VERIFIED: Yes TEST SETUP/PRE-CONDITIONS: Should select search button to search ACTIONS: User must click on search button PASS: Yes PROBLEMS/ISSUES: No NOTES: Successfully executed EXPECTED RESULTS: Should be able to search the available pages. FAIL: No
TEST CASE # 2
PRIORITY(H,M,L): MEDIUM
TEST OBJECTIVE: To check whether the server gets request and response properly or not TEST DESCRIPTION: To check whether mix accepts the request and forwards to the data server properly or not. REQUIREMENTS VERIFIED: Yes TEST SETUP/PRE-CONDITIONS: Should send requests and responses properly ACTIONS: User must start the mix server EXPECTED RESULTS: Should be able to send requests and responses. PASS: Yes PROBLEMS/ISSUES: No NOTES: Successfully executed FAIL: No
40
TEST OBJECTIVE: To check whether data server gets requests and response properly or not TEST DESCRIPTION: To check whether data server accepts the request and encrypts the response properly or not. REQUIREMENTS VERIFIED: Yes TEST SETUP/PRE-CONDITIONS: Should accept requests and encrypt responses properly ACTIONS: User must start the data server EXPECTED RESULTS: Should be able to accept requests and responses. PASS: Yes PROBLEMS/ISSUES: No NOTES: Successfully executed FAIL: No
TEST OBJECTIVE: To check whether the packets separated and sent properly or not TEST DESCRIPTION: To check whether the packets separated and sent properly or not. Also check the status of the separated file. REQUIREMENTS VERIFIED: Yes TEST SETUP/PRE-CONDITIONS: Should select a file to separate them into packets ACTIONS: User must select a file to send. EXPECTED RESULTS: Should be able to send packets to router. PASS: Yes PROBLEMS/ISSUES: No NOTES: Successfully executed FAIL: No
41
TEST OBJECTIVE: To check whether the packets are routed successfully or not? TEST DESCRIPTION: To check whether the packets are routed properly , if not check for the status of receiving packets. REQUIREMENTS VERIFIED: Yes TEST SETUP/PRE-CONDITIONS: Should start receiving packets. ACTIONS: User must start router. EXPECTED RESULTS: Should be able to detect packet losses. PASS: Yes PROBLEMS/ISSUES: No NOTES: Successfully executed FAIL: No
TEST OBJECTIVE: To check whether all packets received properly or not? TEST DESCRIPTION: To check whether packets are lost or not, if any packet loss occurs perform result analysis and preview a graph REQUIREMENTS VERIFIED: Yes TEST SETUP/PRE-CONDITIONS: packets are sent from the router ACTIONS: User must click on result button. EXPECTED RESULTS: Should be able to send packets to router. PASS: Yes PROBLEMS/ISSUES: No NOTES: Successfully executed FAIL: No
42
43
Request Processing (Mix Network Server) In this screen, Mix network server displaying all the processes. Initially mix network started and then it gets the request from the client, and then transfers the request to the data server. Later it gets the response from server with access to the requested files and response is sent back to the client.
44
Response Processing (Secure Data Server) In this screen, secure data server is started and gets request from the mix server. It scans for the available files and Check for its access permissions then encrypt the response and sent back to mix server.
45
Received Content (Anonymity Network) In this screen, Anonymity has got the requested file and the contents of the file are displayed in a preview window as shown in here.
46
Performance Analysis In this screen, Performance analysis of the anonymity mix application can be measured by calculating the response time and transfer rate.
47
48
Separating the File In this screen, the selected file is being separated and sent to the packet router. It also shows the status of the file before and after separation. A popup window shows the packet separation has done.
49
Window Indicating as Packets Lost In this screen, It shows the receiver window with highlighted color to show the packets are not routed correctly.
50
Packet Receiver Showing Packet loss In this screen, It shows the receiver window that packets are not received correctly and popup opens to show the status of remaining packets whether routed or not.
51
Result Analysis for Packet Loss In this screen, It shows the result analysis of the data loss application with packet size, transfer rate and time.
52
Graph Showing the Received Packets & Losses In this screen, It shows the graph depicting the comparison between received packets and lost packets.
53
11. CONCLUSION
Modeling flow correlation attacksmay severely degrade anonymous communication systems. Use queuing models to analyze the performance of a continuous-time mix, which randomly assign a deadline to each incoming packet. While the effectiveness of flow correlation attacks was known and empirically demonstrated, analytically model the relationship between the amount of information available to attackers and the detection rate. An adversary correctly determines the outgoing link taken by Alices flow.Our application clearly shows how an anonymity network ultimately fails under flow correlation attacks.
54
55
13. REFERENCES
1. Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms, Dr. Chaum. 2. Towards an Information Theoretic Metric for Anonymity, A. Serjantov and G. Danezis, 3. 4. 5. 6. Towards Measuring Anonymity,C. D az, S. Seys, J. Claessens, and B. Preneel. Anonymity vs. Information Leakage in Anonymity Systems, Y. Zhu and R. Bettati. Link Padding and the Intersection Attack, O.R.D. Achives. Anonymous Connections and Onion Routing, P.F. Syverson, D.M. Goldschlag, and M.G. Reed. 7. Tor: The Second- Generation Onion Router, R. Dingledine, N. Mathewson, and P. Syverson. 8. Crowds: Anonymity for Web Transactions, M.K. Reiter and A.D. Rubin. 9. Tarzan: A Peer-to-Peer Anonymizing Network Layer, M.J. Freedman and R. Morris. 10. Introducing MorphMix: Peer-to- Peer Based Anonymous Internet Usage with Collusion Detection, M. Rennhard and B. Plattner. 11. p5: A Protocol for Scalable Anonymous Communication, R. Sherwood, B. Bhattacharjee, and A. Srinivasan. 12. Statistical Identification of Encrypted Web Browsing Traffic, Q. Sun, D.R. Simon, Y.-M. Wang, W. Russell, V.N. Padmanabhan, and L. Qiu. 13. The disadvantages of free MIX routes and how to overcome them , In H. Federrath, editor, Proceedings of Designing Privacy Enhancing Technologies: Workshop on Design Issues in Anonymity and Unobservability, pages 30{45.Springer-Verlag, LNCS 2009, 2000, O. Berthold, A. Pfitzmann, and R. Standtke. 14. netfilter.org, Netfilter, http://netfilter.samba.org/, 2003.
56