Change search
ReferencesLink to record
Permanent link

Direct link
Traffic Analysis Attacks in Anonymity Networks: Relationship Anonymity-Overhead Trade-off
KTH, School of Electrical Engineering (EES), Communication Networks.
KTH, School of Electrical Engineering (EES), Communication Networks.ORCID iD: 0000-0002-4876-0223
KTH, School of Electrical Engineering (EES), Communication Networks.ORCID iD: 0000-0002-3704-1338
2013 (English)Report (Other academic)
Abstract [en]

Mix networks and anonymity networks provide anonymous communication via relaying, which introduces overhead and increases the end-to-end message delivery delay. In practice overhead and delay must often be low, hence it is important to understand how to optimize anonymity for limited overhead and delay. In this work we address this question under passive traffic analysis attacks, whose goal is to learn the traffic matrix. For our study, we use two anonymity networks: MCrowds, an extension of Crowds, which provides unbounded communication delay and Minstrels, which provides bounded communication delay. We derive exact and approximate analytical expressions for the relationship anonymity for these systems. Using MCrowds and Minstrels we show that, contrary to intuition, increased overhead does not always improve anonymity. We investigate the impact of the system's parameters on anonymity, and the sensitivity anonymity to the misestimation of the number of attackers.

Place, publisher, year, edition, pages
2013. , 26 p.
Trita-EE, ISSN 1653-5146 ; 2013:007
Keyword [en]
Relationship anonymity, communication overhead, traffic analysis, Bayesian analysis
National Category
Communication Systems Computer Systems
URN: urn:nbn:se:kth:diva-122444OAI: diva2:622410

QC 20130522

Available from: 2013-05-21 Created: 2013-05-21 Last updated: 2013-09-09Bibliographically approved
In thesis
1. Data Integrity and Availability in Power System Communication Infrastructures
Open this publication in new window or tab >>Data Integrity and Availability in Power System Communication Infrastructures
2013 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

Society is increasingly dependent on the proper functioning of electric power systems. Today's electric power systems rely heavily on information and networking technology in order to achieve efficient and secure operation. Recent initiatives to upgrade power systems into smart grids target an even tighter integration with information and communication technologies in order to enable the integration of renewable energy sources, local and bulk generation and demand response. Therefore for a proper functioning of smart grids, it is essential that the communication network is secure and reliable both in the face of network failures and in the face of attacks. This thesis contributes to improving the security of power system applications against attacks on the communication infrastructure. The contributions lie in two areas.

The first area is the interaction of network and transport layer protocols with power system application layer security. We consider single and multi-area power system state estimation based on redundant telemetry measurements. The state estimation is a basis for a set of applications used for information support in the control center, and therefore its security is an important concern. For the case of single-area state estimation, we look at the security of measurement aggregation over a wide area communication network. Due to the size and complexity of power systems, it can be prohibitively expensive to introduce cryptographic security in every component of the communication infrastructure. Therefore, we investigate how the application layer logic can be leveraged to optimize the deployment of network, transport and application layer security solutions. We define security metrics that quantify the importance of particular components of the network infrastructure. We provide efficient algorithms to calculate the metrics, and that allow identification of the weakest points in the infrastructure that have to be secured. For the case of multi-area state estimation, we look at the security of data exchange between the control centers of neighboring areas. Although the data exchange is typically cryptographically secure, the communication infrastructure of a control center may get compromised by a targeted trojan that could attack the data before the cryptographic protection is applied or after it is removed. We define multiple attack strategies for which we show that they can significantly disturb the state estimation. We also show a possible way to detect and to mitigate the attack.

The second area is a study of the communication availability at the application layer. Communication availability in power systems has to be achieved in the case of network failures as well as in the case of attacks. Availability is not necessarily achieved by cryptography, since traffic analysis attacks combined with targeted denial-of-service attacks could significantly disturb the communication. Therefore, we study how anonymity networks can be used to improve availability, which comes at the price of increased communication overhead and delay. Because of the way anonymity networks operate, one would expect that availability would be improved with more overhead and delay. We show that surprisingly this is not always the case. Moreover, we show that it is better to overestimate than to underestimate the attacker's capabilities when configuring anonymity networks.

Place, publisher, year, edition, pages
Stockholm: KTH Royal Institute of Technology, 2013. iii, 36 p.
Trita-EE, ISSN 1653-5146 ; 2013:016
Cyber security, power systems, communications, state estimation, distributed
National Category
Communication Systems Telecommunications
urn:nbn:se:kth:diva-122447 (URN)978-91-7501-772-3 (ISBN)
2013-05-30, Hörsal F3, Lindstedtsvägen 26, KTH, Stockholm, 13:00 (English)

QC 20130522

Available from: 2013-05-22 Created: 2013-05-21 Last updated: 2013-05-24Bibliographically approved

Open Access in DiVA

fulltext(251 kB)236 downloads
File information
File name FULLTEXT01.pdfFile size 251 kBChecksum SHA-512
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Vuković, OgnjenDán, GyörgyKarlsson, Gunnar
By organisation
Communication Networks
Communication SystemsComputer Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 236 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 111 hits
ReferencesLink to record
Permanent link

Direct link