{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,19]],"date-time":"2026-02-19T00:28:12Z","timestamp":1771460892510,"version":"3.50.1"},"reference-count":46,"publisher":"Privacy Enhancing Technologies Symposium Advisory Board","issue":"4","license":[{"start":{"date-parts":[[2017,10,1]],"date-time":"2017-10-01T00:00:00Z","timestamp":1506816000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc-nd\/3.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017,10,1]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Flow fingerprinting is a mechanism for linking obfuscated network flows at large scale. In this paper, we introduce the first<jats:italic>blind<\/jats:italic>flow fingerprinting system called TagIt. Our system works by modulating fingerprint signals into the timing patterns of network flows through slightly delaying packets into secret time intervals only known to the fingerprinting parties. We design TagIt to to enable reliable fingerprint extraction by legitimate fingerprinting parties despite natural network noise, but invisible to an adversary who does not possess the secret fingerprinting key. TagIt makes use of randomization to resist various detection attacks such as multi-flow attacks. We evaluate the performance and invisibility of TagIt through theoretical analysis as well as simulations and experimentation on live network flows.<\/jats:p>","DOI":"10.1515\/popets-2017-0050","type":"journal-article","created":{"date-parts":[[2017,10,17]],"date-time":"2017-10-17T10:01:46Z","timestamp":1508234506000},"page":"290-307","source":"Crossref","is-referenced-by-count":10,"title":["TagIt: Tagging Network Flows using Blind Fingerprints"],"prefix":"10.56553","volume":"2017","author":[{"given":"Fatemeh","family":"Rezaei","sequence":"first","affiliation":[{"name":"University of Massachusetts Amherst"}]},{"given":"Amir","family":"Houmansadr","sequence":"additional","affiliation":[{"name":"University of Massachusetts Amherst"}]}],"member":"35752","published-online":{"date-parts":[[2017,10,10]]},"reference":[{"key":"2021040807390470271_j_popets-2017-0050_ref_001_w2aab3b7c15b1b6b1ab1ab1Aa","doi-asserted-by":"crossref","unstructured":"[1] R. Archibald and D. Ghosal. A covert timing channel based on fountain codes. In International Conference on Trust, Security and Privacy in Computing and Communications, pages 970\u2013977, 2012.","DOI":"10.1109\/TrustCom.2012.21"},{"key":"2021040807390470271_j_popets-2017-0050_ref_002_w2aab3b7c15b1b6b1ab1ab2Aa","doi-asserted-by":"crossref","unstructured":"[2] A. Back, U. M\u00f6ller, and A. Stiglic. Traffic analysis attacks and trade-offs in anonymity providing systems. In Information Hiding, 4th International Workshop, IHW 2001, Pittsburgh, PA, USA, April 25-27, 2001, Proceedings, pages 245\u2013257, 2001.","DOI":"10.1007\/3-540-45496-9_18"},{"key":"2021040807390470271_j_popets-2017-0050_ref_003_w2aab3b7c15b1b6b1ab1ab3Aa","unstructured":"[3] B. A. Bash, D. Goeckel, D. Towsley, and S. Guha. Hiding information in noise: Fundamental limits of covert wireless communication. IEEE Communications Magazine, 53(12):26\u201331, 2015."},{"key":"2021040807390470271_j_popets-2017-0050_ref_004_w2aab3b7c15b1b6b1ab1ab4Aa","unstructured":"[4] A. C. Bavier, M. Bowman, B. N. Chun, D. E. Culler, S. Karlin, S. Muir, L. L. Peterson, T. Roscoe, T. Spalink, and M. Wawrzoniak. Operating systems support for planetary-scale network services. In 1st Symposium on Networked Systems Design and Implementation (NSDI 2004), March 29-31, 2004, San Francisco, California, USA, Proceedings, pages 253\u2013266, 2004."},{"key":"2021040807390470271_j_popets-2017-0050_ref_005_w2aab3b7c15b1b6b1ab1ab5Aa","unstructured":"[5] A. Blum, D. X. Song, and S. Venkataraman. Detection of interactive stepping stones: Algorithms and confidence bounds. In Recent Advances in Intrusion Detection: 7th International Symposium, RAID 2004, Sophia Antipolis, France, September 15-17, 2004. Proceedings, pages 258\u2013277, 2004."},{"key":"2021040807390470271_j_popets-2017-0050_ref_006_w2aab3b7c15b1b6b1ab1ab6Aa","unstructured":"[6] S. Cabuk. Network covert channels: Design, analysis, detection, and elimination. PhD thesis, Purdue University, Jan. 2006."},{"key":"2021040807390470271_j_popets-2017-0050_ref_007_w2aab3b7c15b1b6b1ab1ab7Aa","unstructured":"[7] G. Danezis. The traffic analysis of continuous-time mixes. In Privacy Enhancing Technologies, 4th International Workshop, PET 2004, Toronto, Canada, May 26-28, 2004, Revised Selected Papers, pages 35\u201350, 2004."},{"key":"2021040807390470271_j_popets-2017-0050_ref_008_w2aab3b7c15b1b6b1ab1ab8Aa","doi-asserted-by":"crossref","unstructured":"[8] R. Dingledine, N. Mathewson, and P. F. Syverson. Tor: The second-generation onion router. In Proceedings of the 13th USENIX Security Symposium, August 9-13, 2004, San Diego, CA, USA, pages 303\u2013320, 2004.","DOI":"10.21236\/ADA465464"},{"key":"2021040807390470271_j_popets-2017-0050_ref_009_w2aab3b7c15b1b6b1ab1ab9Aa","doi-asserted-by":"crossref","unstructured":"[9] D. L. Donoho, A. G. Flesia, U. Shankar, V. Paxson, J. Coit, and S. Staniford. Multiscale stepping-stone detection: Detecting pairs of jittered interactive streams by exploiting maximum tolerable delay. In RAID, pages 17\u201335, 2002.","DOI":"10.1007\/3-540-36084-0_2"},{"key":"2021040807390470271_j_popets-2017-0050_ref_010_w2aab3b7c15b1b6b1ab1ac10Aa","doi-asserted-by":"crossref","unstructured":"[10] B. P. Dunn, M. Bloch, and J. N. Laneman. Secure bits through queues. In Networking and Information Theory, 2009. ITW 2009. IEEE Information Theory Workshop on, pages 37\u201341. IEEE, 2009.","DOI":"10.1109\/ITWNIT.2009.5158537"},{"key":"2021040807390470271_j_popets-2017-0050_ref_011_w2aab3b7c15b1b6b1ab1ac11Aa","doi-asserted-by":"crossref","unstructured":"[11] J. A. Elices and F. P\u00e9rez-Gonz\u00e1lez. The flow fingerprinting game. In 2013 IEEE International Workshop on Information Forensics and Security, WIFS 2013, Guangzhou, China, November 18-21, 2013, pages 97\u2013102, 2013.","DOI":"10.1109\/WIFS.2013.6707801"},{"key":"2021040807390470271_j_popets-2017-0050_ref_012_w2aab3b7c15b1b6b1ab1ac12Aa","unstructured":"[12] J. A. Elices and F. P\u00e9rez-Gonz\u00e1lez. A highly optimized flow-correlation attack. CoRR, abs\/1310.4577, 2013."},{"key":"2021040807390470271_j_popets-2017-0050_ref_013_w2aab3b7c15b1b6b1ab1ac13Aa","doi-asserted-by":"crossref","unstructured":"[13] B. F. U. Filho, R. D. Souza, C. Pimentel, and M. Jar. Convolutional codes under a minimal trellis complexity measure. IEEE Trans. Communications, 57(1):1\u20135, 2009.10.1109\/TCOMM.2009.0901.060437","DOI":"10.1109\/TCOMM.2009.0901.060437"},{"key":"2021040807390470271_j_popets-2017-0050_ref_014_w2aab3b7c15b1b6b1ab1ac14Aa","doi-asserted-by":"crossref","unstructured":"[14] G. Garrammone. On decoding complexity of reed-solomon codes on the packet erasure channel. IEEE Communications Letters, 17(4):773\u2013776, 2013.10.1109\/LCOMM.2013.021913.122427","DOI":"10.1109\/LCOMM.2013.021913.122427"},{"key":"2021040807390470271_j_popets-2017-0050_ref_015_w2aab3b7c15b1b6b1ab1ac15Aa","unstructured":"[15] S. Gianvecchio, H. Wang, D. Wijesekera, and S. Jajodia. Model-Based Covert Timing Channels: Automated Modeling and Evasion. In R. Lippmann, E. Kirda, and A. Trachtenberg, editors, Recent Advances in Intrusion Detection, 11th International Symposium, RAID 2008, Cambridge, MA, USA, September 15-17, 2008. Proceedings, volume 5230 of Lecture Notes in Computer Science, pages 211\u2013230. Springer, 2008."},{"key":"2021040807390470271_j_popets-2017-0050_ref_016_w2aab3b7c15b1b6b1ab1ac16Aa","doi-asserted-by":"crossref","unstructured":"[16] A. Houmansadr and N. Borisov. CoCo: Coding-Based Covert Timing Channels for Network Flows. In The 13th Information Hiding Conference (IH), 2011.","DOI":"10.1007\/978-3-642-24178-9_22"},{"key":"2021040807390470271_j_popets-2017-0050_ref_017_w2aab3b7c15b1b6b1ab1ac17Aa","unstructured":"[17] A. Houmansadr and N. Borisov. SWIRL: A scalable watermark to detect correlated network flows. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2011, San Diego, California, USA, 6th February - 9th February 2011, 2011."},{"key":"2021040807390470271_j_popets-2017-0050_ref_018_w2aab3b7c15b1b6b1ab1ac18Aa","unstructured":"[18] A. Houmansadr and N. Borisov. BotMosaic: Collaborative network watermark for the detection of IRC-based botnets. Journal of Systems and Software, 86(3):707 \u2013 715, 2013."},{"key":"2021040807390470271_j_popets-2017-0050_ref_019_w2aab3b7c15b1b6b1ab1ac19Aa","doi-asserted-by":"crossref","unstructured":"[19] A. Houmansadr and N. Borisov. The need for flow fingerprints to link correlated network flows. In Privacy Enhancing Technologies - 13th International Symposium, PETS 2013, Bloomington, IN, USA, July 10-12, 2013. Proceedings, pages 205\u2013224, 2013.","DOI":"10.1007\/978-3-642-39077-7_11"},{"key":"2021040807390470271_j_popets-2017-0050_ref_020_w2aab3b7c15b1b6b1ab1ac20Aa","unstructured":"[20] A. Houmansadr, N. Kiyavash, and N. Borisov. RAINBOW: A robust and invisible non-blind watermark for network flows. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2009, San Diego, California, USA, 8th February - 11th February 2009, 2009."},{"key":"2021040807390470271_j_popets-2017-0050_ref_021_w2aab3b7c15b1b6b1ab1ac21Aa","doi-asserted-by":"crossref","unstructured":"[21] A. Houmansadr, N. Kiyavash, and N. Borisov. Non-Blind Watermarking of Network Flows. IEEE\/ACM Transactions on Networking, 22(4):1232\u20131244, Aug 2014.10.1109\/TNET.2013.2272740","DOI":"10.1109\/TNET.2013.2272740"},{"key":"2021040807390470271_j_popets-2017-0050_ref_022_w2aab3b7c15b1b6b1ab1ac22Aa","unstructured":"[22] N. Kiyavash, A. Houmansadr, and N. Borisov. Multi-flow attacks against network flow watermarking schemes. In Proceedings of the 17th USENIX Security Symposium, July 28-August 1, 2008, San Jose, CA, USA, pages 307\u2013320, 2008."},{"key":"2021040807390470271_j_popets-2017-0050_ref_023_w2aab3b7c15b1b6b1ab1ac23Aa","unstructured":"[23] K. Kothari and M. Wright. Mimic: An active covert channel that evades regularity-based detection. Computer Networks, 57(3):647\u2013657, 2013.10.1016\/j.comnet.2012.10.008"},{"key":"2021040807390470271_j_popets-2017-0050_ref_024_w2aab3b7c15b1b6b1ab1ac24Aa","doi-asserted-by":"crossref","unstructured":"[24] B. N. Levine, M. K. Reiter, C. Wang, and M. K. Wright. Timing attacks in low-latency mix systems (extended abstract). In Financial Cryptography, 8th International Conference, FC 2004, Key West, FL, USA, February 9-12, 2004. Revised Papers, pages 251\u2013265, 2004.","DOI":"10.1007\/978-3-540-27809-2_25"},{"key":"2021040807390470271_j_popets-2017-0050_ref_025_w2aab3b7c15b1b6b1ab1ac25Aa","unstructured":"[25] Libnetfilter queue. http:\/\/www.netfilter.org\/projects\/libnetfilter_queue."},{"key":"2021040807390470271_j_popets-2017-0050_ref_026_w2aab3b7c15b1b6b1ab1ac26Aa","unstructured":"[26] J. H. V. Lint. Introduction to Coding Theory. Springer-Verlag New York, Inc., Secaucus, NJ, USA, 3rd edition, 1998."},{"key":"2021040807390470271_j_popets-2017-0050_ref_027_w2aab3b7c15b1b6b1ab1ac27Aa","doi-asserted-by":"crossref","unstructured":"[27] Y. Liu, D. Ghosal, F. Armknecht, A.-R. Sadeghi, S. Schulz, and S. Katzenbeisser. Hide and Seek in Time - Robust Covert Timing Channels. In M. Backes and P. Ning, editors, European Symposium on Research in Computer Security (ESORICS), volume 5789 of Lecture Notes in Computer Science, pages 120\u2013135. Springer, 2009.","DOI":"10.1007\/978-3-642-04444-1_8"},{"key":"2021040807390470271_j_popets-2017-0050_ref_028_w2aab3b7c15b1b6b1ab1ac28Aa","doi-asserted-by":"crossref","unstructured":"[28] Y. Liu, D. Ghosal, F. Armknecht, A.-R. Sadeghi, S. Schulz, and S. Katzenbeisser. Robust and Undetectable Steganographic Timing Channels for i.i.d. Traffic. In R. B\u00f6hme, P. W. L. Fong, and R. Safavi-Naini, editors, Information Hiding, volume 6387 of Lecture Notes in Computer Science, pages 193\u2013207. Springer, 2010.","DOI":"10.1007\/978-3-642-16435-4_15"},{"key":"2021040807390470271_j_popets-2017-0050_ref_029_w2aab3b7c15b1b6b1ab1ac29Aa","doi-asserted-by":"crossref","unstructured":"[29] R. J. McEliece and W. Lin. The trellis complexity of convolutional codes. IEEE Trans. Information Theory, 42(6):1855\u20131864, 1996.10.1109\/18.556680","DOI":"10.1109\/18.556680"},{"key":"2021040807390470271_j_popets-2017-0050_ref_030_w2aab3b7c15b1b6b1ab1ac30Aa","doi-asserted-by":"crossref","unstructured":"[30] P. Peng, P. Ning, and D. S. Reeves. On the secrecy of timing-based active watermarking trace-back techniques. In 2006 IEEE Symposium on Security and Privacy (S&P 2006), 21-24 May 2006, Berkeley, California, USA, pages 334\u2013349, 2006.","DOI":"10.1109\/SP.2006.28"},{"key":"2021040807390470271_j_popets-2017-0050_ref_031_w2aab3b7c15b1b6b1ab1ac31Aa","doi-asserted-by":"crossref","unstructured":"[31] Y. J. Pyun, Y. H. Park, X. Wang, D. S. Reeves, and P. Ning. Tracing traffic through intermediate hosts that repacketize flows. In INFOCOM 2007. 26th IEEE International Conference on Computer Communications, Joint Conference of the IEEE Computer and Communications Societies, 6-12 May 2007, Anchorage, Alaska, USA, pages 634\u2013642, 2007.","DOI":"10.1109\/INFCOM.2007.80"},{"key":"2021040807390470271_j_popets-2017-0050_ref_032_w2aab3b7c15b1b6b1ab1ac32Aa","doi-asserted-by":"crossref","unstructured":"[32] D. Ramsbrock, X. Wang, and X. Jiang. A first step towards live botmaster traceback. In The International Symposium on Research in Attacks, Intrusions and Defenses (RAID), pages 59\u201377, 2008.","DOI":"10.1007\/978-3-540-87403-4_4"},{"key":"2021040807390470271_j_popets-2017-0050_ref_033_w2aab3b7c15b1b6b1ab1ac33Aa","doi-asserted-by":"crossref","unstructured":"[33] J.-F. Raymond. Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems. In H. Federrath, editor, Proceedings of Designing Privacy Enhancing Technologies: Workshop on Design Issues in Anonymity and Unobservability, pages 10\u201329. Springer-Verlag, LNCS 2009, July 2000.","DOI":"10.1007\/3-540-44702-4_2"},{"key":"2021040807390470271_j_popets-2017-0050_ref_034_w2aab3b7c15b1b6b1ab1ac34Aa","doi-asserted-by":"crossref","unstructured":"[34] S. H. Sellke, C.-C. Wang, S. Bagchi, and N. B. Shroff. TCP\/IP Timing Channels: Theory to Implementation. In INFOCOM, pages 2204\u20132212, 2009.","DOI":"10.1109\/INFCOM.2009.5062145"},{"key":"2021040807390470271_j_popets-2017-0050_ref_035_w2aab3b7c15b1b6b1ab1ac35Aa","unstructured":"[35] G. Shah, A. Molina, and M. Blaze. Keyboards and covert channels. In Proceedings of the 15th conference on USENIX Security Symposium - Volume 15, Berkeley, CA, USA, 2006. USENIX Association."},{"key":"2021040807390470271_j_popets-2017-0050_ref_036_w2aab3b7c15b1b6b1ab1ac36Aa","doi-asserted-by":"crossref","unstructured":"[36] R. Soltani, D. Goeckel, D. Towsley, , and A. Houmansadr. Covert Communications on Poisson Packet Channels. In The 53rd Annual Allerton Conference on Communication, Control, and Computing, 2015.","DOI":"10.1109\/ALLERTON.2015.7447124"},{"key":"2021040807390470271_j_popets-2017-0050_ref_037_w2aab3b7c15b1b6b1ab1ac37Aa","doi-asserted-by":"crossref","unstructured":"[37] R. Soltani, D. Goeckel, D. Towsley, , and A. Houmansadr. Covert Communications on Renewal Packet Channels. In The 54th Annual Allerton Conference on Communication, Control, and Computing, 2016.","DOI":"10.1109\/ALLERTON.2016.7852279"},{"key":"2021040807390470271_j_popets-2017-0050_ref_038_w2aab3b7c15b1b6b1ab1ac38Aa","unstructured":"[38] S. Staniford-Chen and T. L. Heberlein. Holding intruders accountable on the internet. In Proceedings of the 1995 IEEE Symposium on Security and Privacy, Oakland, California, USA, May 8-10, 1995, pages 39\u201349, 1995."},{"key":"2021040807390470271_j_popets-2017-0050_ref_039_w2aab3b7c15b1b6b1ab1ac39Aa","unstructured":"[39] R. J. Walls, K. Kothari, and M. Wright. Liquid: A detection-resistant covert timing channel based on ipd shaping. Computer networks, 55(6):1217\u20131228, 2011."},{"key":"2021040807390470271_j_popets-2017-0050_ref_040_w2aab3b7c15b1b6b1ab1ac40Aa","doi-asserted-by":"crossref","unstructured":"[40] X. Wang, S. Chen, and S. Jajodia. Tracking anonymous peer-to-peer voip calls on the internet. In Proceedings of the 12th ACM Conference on Computer and Communications Security, CCS 2005, Alexandria, VA, USA, November 7-11, 2005, pages 81\u201391, 2005.","DOI":"10.1145\/1102120.1102133"},{"key":"2021040807390470271_j_popets-2017-0050_ref_041_w2aab3b7c15b1b6b1ab1ac41Aa","doi-asserted-by":"crossref","unstructured":"[41] X. Wang, S. Chen, and S. Jajodia. Network flow watermarking attack on low-latency anonymous communication systems. In 2007 IEEE Symposium on Security and Privacy (S&P 2007), 20-23 May 2007, Oakland, California, USA, pages 116\u2013130, 2007.","DOI":"10.1109\/SP.2007.30"},{"key":"2021040807390470271_j_popets-2017-0050_ref_042_w2aab3b7c15b1b6b1ab1ac42Aa","doi-asserted-by":"crossref","unstructured":"[42] X. Wang and D. S. Reeves. Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays. In Proceedings of the 10th ACM Conference on Computer and Communications Security, CCS 2003, Washington, DC, USA, October 27-30, 2003, pages 20\u201329, 2003.","DOI":"10.1145\/948109.948115"},{"key":"2021040807390470271_j_popets-2017-0050_ref_043_w2aab3b7c15b1b6b1ab1ac43Aa","doi-asserted-by":"crossref","unstructured":"[43] X. Wang, D. S. Reeves, and S. F. Wu. Inter-packet delay based correlation for tracing encrypted connections through stepping stones. In Computer Security - ESORICS 2002, 7th European Symposium on Research in Computer Security, Zurich, Switzerland, October 14-16, 2002, Proceedings, pages 244\u2013263, 2002.","DOI":"10.1007\/3-540-45853-0_15"},{"key":"2021040807390470271_j_popets-2017-0050_ref_044_w2aab3b7c15b1b6b1ab1ac44Aa","doi-asserted-by":"crossref","unstructured":"[44] K. Yoda and H. Etoh. Finding a connection chain for tracing intruders. In Computer Security - ESORICS 2000, 6th European Symposium on Research in Computer Security, Toulouse, France, October 4-6, 2000, Proceedings, pages 191\u2013205, 2000.","DOI":"10.1007\/10722599_12"},{"key":"2021040807390470271_j_popets-2017-0050_ref_045_w2aab3b7c15b1b6b1ab1ac45Aa","doi-asserted-by":"crossref","unstructured":"[45] W. Yu, X. Fu, S. Graham, D. Xuan, and W. Zhao. Dsss-based flow marking technique for invisible traceback. In 2007 IEEE Symposium on Security and Privacy (S&P 2007), 20-23 May 2007, Oakland, California, USA, pages 18\u201332, 2007.","DOI":"10.1109\/SP.2007.14"},{"key":"2021040807390470271_j_popets-2017-0050_ref_046_w2aab3b7c15b1b6b1ab1ac46Aa","unstructured":"[46] Y. Zhang and V. Paxson. Detecting stepping stones. In 9th USENIX Security Symposium, Denver, Colorado, USA, August 14-17, 2000, 2000."}],"container-title":["Proceedings on Privacy Enhancing Technologies"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/content.sciendo.com\/view\/journals\/popets\/2017\/4\/article-p290.xml","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.sciendo.com\/article\/10.1515\/popets-2017-0050","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,8,4]],"date-time":"2022-08-04T19:45:32Z","timestamp":1659642332000},"score":1,"resource":{"primary":{"URL":"https:\/\/petsymposium.org\/popets\/2017\/popets-2017-0050.php"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,10,1]]},"references-count":46,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2017,10,10]]},"published-print":{"date-parts":[[2017,10,1]]}},"alternative-id":["10.1515\/popets-2017-0050"],"URL":"https:\/\/doi.org\/10.1515\/popets-2017-0050","relation":{},"ISSN":["2299-0984"],"issn-type":[{"value":"2299-0984","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017,10,1]]}}}