DeepAI AI Chat
Log In Sign Up

Watching the Watchers: Nonce-based Inverse Surveillance to Remotely Detect Monitoring

by   Laura M. Roberts, et al.

Internet users and service providers do not often know when traffic is being watched but desire a way to determine when, where, and by whom. We present NOISE, the Nonce Observatory for Inverse Surveillance of Eavesdroppers, a method and system that detects monitoring by disseminating nonces - unique, pseudorandom values - in traffic and seeing if they are acted upon unexpectedly, indicating that the nonce-laden traffic is being monitored. Specifically, we embed 64-bit nonces innocuously into IPv6 addresses and disseminate these nonces Internet-wide using a modified traceroute-like tool that makes each outbound probe's source address unique. We continually monitor for subsequent nonce propagation, i.e., activity or interest involving these nonces, e.g., via packet capture on our system's infrastructure. Across three experiments and four months, NOISE detects monitoring more than 200k times, ostensibly in 268 networks, for probes destined for 437 networks. Our results reveal: (a) data collection for security incident handling, (b) traffic information being shared with third parties, and (c) eavesdropping in or near a large commercial peering exchange.


page 1

page 2

page 3

page 4


Oscilloscope: Detecting BGP Hijacks in the Data Plane

The lack of security of the Internet routing protocol (BGP) has allowed ...

Encrypted DNS --> Privacy? A Traffic Analysis Perspective

Virtually every connection to an Internet service is preceded by a DNS l...

Uncovering Vulnerable Industrial Control Systems from the Internet Core

Industrial control systems (ICS) are managed remotely with the help of d...

DeepFlow: Abnormal Traffic Flow Detection Using Siamese Networks

Nowadays, many cities are equipped with surveillance systems and traffic...

Intelligent Traffic Monitoring with Hybrid AI

Challenges in Intelligent Traffic Monitoring (ITMo) are exacerbated by t...

Chocolatine: Outage Detection for Internet Background Radiation

The Internet is a complex ecosystem composed of thousands of Autonomous ...

Temporal Correlation of Internet Observatories and Outposts

The Internet has become a critical component of modern civilization requ...