Watching the Watchers: Nonce-based Inverse Surveillance to Remotely Detect Monitoring

05/15/2020
by   Laura M. Roberts, et al.
0

Internet users and service providers do not often know when traffic is being watched but desire a way to determine when, where, and by whom. We present NOISE, the Nonce Observatory for Inverse Surveillance of Eavesdroppers, a method and system that detects monitoring by disseminating nonces - unique, pseudorandom values - in traffic and seeing if they are acted upon unexpectedly, indicating that the nonce-laden traffic is being monitored. Specifically, we embed 64-bit nonces innocuously into IPv6 addresses and disseminate these nonces Internet-wide using a modified traceroute-like tool that makes each outbound probe's source address unique. We continually monitor for subsequent nonce propagation, i.e., activity or interest involving these nonces, e.g., via packet capture on our system's infrastructure. Across three experiments and four months, NOISE detects monitoring more than 200k times, ostensibly in 268 networks, for probes destined for 437 networks. Our results reveal: (a) data collection for security incident handling, (b) traffic information being shared with third parties, and (c) eavesdropping in or near a large commercial peering exchange.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
01/30/2023

Oscilloscope: Detecting BGP Hijacks in the Data Plane

The lack of security of the Internet routing protocol (BGP) has allowed ...
research
06/24/2019

Encrypted DNS --> Privacy? A Traffic Analysis Perspective

Virtually every connection to an Internet service is preceded by a DNS l...
research
01/14/2019

Uncovering Vulnerable Industrial Control Systems from the Internet Core

Industrial control systems (ICS) are managed remotely with the help of d...
research
08/26/2021

DeepFlow: Abnormal Traffic Flow Detection Using Siamese Networks

Nowadays, many cities are equipped with surveillance systems and traffic...
research
08/31/2022

Intelligent Traffic Monitoring with Hybrid AI

Challenges in Intelligent Traffic Monitoring (ITMo) are exacerbated by t...
research
06/11/2019

Chocolatine: Outage Detection for Internet Background Radiation

The Internet is a complex ecosystem composed of thousands of Autonomous ...
research
03/19/2022

Temporal Correlation of Internet Observatories and Outposts

The Internet has become a critical component of modern civilization requ...

Please sign up or login with your details

Forgot password? Click here to reset