APPARATUS AND METHOD FOR CLIENT IDENTIFICATION IN ANONYMOUS COMMUNICATION NETWORKS

US 20150033347A1
Filed: 07/29/2013
Published: 01/29/2015
Est. Priority Date: 07/29/2013
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented client identification method for an anonymous communication network, the method comprising:

analyzing path vulnerabilities associated with transmission of traffic through the anonymous communication network;

generating results of the path vulnerabilities analysis to determine probability of selection of unpopular ports in the anonymous communication network;

accessing a web server associated with the anonymous communication network to compromise the web server, the web server being communicatively linked to an anonymous client machine;

modifying the compromised web server with a script that enables injection of a hidden program into the anonymous client machine based on the results of the path vulnerability analysis; and

wherein the hidden program modifies the anonymous client machine to establish a new path in the anonymous communication network and activates the anonymous client machine to communicate over the new path, wherein traffic from the anonymous client machine is routed through at least one unpopular port in the new path to determine the identity of the anonymous client machine in the anonymous communication network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus and methods for client identification in anonymous communication networks are provided to identify an anonymous client by guiding a network path selection algorithm to select from a small set of relays. A large percentage of the relays in the set are controlled, thus probabilistically forming a pathway connection in which the traffic is routed through the set of relays which are configured to identify client traffic. From the set of controlled relays, if both an entry node and an exit node are selected by the anonymous client, then client identification is possible. Path vulnerabilities are analyzed and results of the analysis determine a probability of selection of unpopular ports. A hidden program modifies the anonymous client machine and traffic from the anonymous client machine is routed through at least one unpopular port in the new path to determine the identity of the anonymous client machine.

14 Citations

View as Search Results

20 Claims

1. A computer-implemented client identification method for an anonymous communication network, the method comprising:
- analyzing path vulnerabilities associated with transmission of traffic through the anonymous communication network;
  
  generating results of the path vulnerabilities analysis to determine probability of selection of unpopular ports in the anonymous communication network;
  
  accessing a web server associated with the anonymous communication network to compromise the web server, the web server being communicatively linked to an anonymous client machine;
  
  modifying the compromised web server with a script that enables injection of a hidden program into the anonymous client machine based on the results of the path vulnerability analysis; and
  
  wherein the hidden program modifies the anonymous client machine to establish a new path in the anonymous communication network and activates the anonymous client machine to communicate over the new path, wherein traffic from the anonymous client machine is routed through at least one unpopular port in the new path to determine the identity of the anonymous client machine in the anonymous communication network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The computer-implemented method according to claim 1, wherein the determination of the identity of the anonymous client machine includes a script server, the script server configured to listen to the traffic transiting through the at least one unpopular port in the new path, the at least one unpopular port in the new path configured to allow traffic to be listened to by the script server.
  - 3. The computer-implemented method according to claim 1, wherein based on the results of the path vulnerabilities, injecting a predetermined increase in perceived bandwidth and a predetermined increase in perceived uptime into the unpopular ports and associated malicious routers.
  - 4. The computer-implemented method according to claim 1, wherein the anonymous communication network comprises a transmission communication protocol (TCP) based public network environment, the public network environment being unsecured and providing access to a plurality of users.
  - 5. The computer-implemented method according to claim 1, wherein the analyzing path vulnerabilities comprises:
    - obtaining an active router set of active routers in the anonymous communication network from at least one directory server in the anonymous communication network, the active router set comprising router information for the active routers, the router information comprising a first preprocessed data set including one or more of a router name, a router version, a router perceived bandwidth, and a router exit policy;
      
      conducting one or more first simulations of unpopular application protocols on the first preprocessed data set to determine a probability of selection of one or more unpopular ports in the active router set;
      
      injecting into the first preprocessed data set one or more malicious routers to form a second preprocessed data set;
      
      conducting one or more second simulations, the one or more second simulations comprising generating one or more circuits, wherein the one or more unpopular application protocols are simulated on the second preprocessed data set to generate a third preprocessed data set, the third preprocessed data set associated with probabilities of the path vulnerabilities to the one or more unpopular ports; and
      
      wherein the generated results of the path vulnerabilities analysis includes statistics related to a relative unpopularity associated with an exit policy of a plurality of servers, wherein traffic is transmitted through the one or more unpopular ports to exit the anonymous communication network.
  - 6. The computer-implemented method according to claim 5, further comprising the step of:
    - injecting the one or more of the unpopular ports generated from the results associated with malicious exit routers in the active router set with a predetermined increase in perceived bandwidth and a predetermined increase in perceived uptime to select at least one unpopular port communicatively linked to the client machine in the new path.
  - 7. The computer-implemented method according to claim 6, wherein the predetermined increase in perceived bandwidth provides a perceived bandwidth value that is above the median value of perceived bandwidths of other routers in the network, and the predetermined increase in perceived uptime provides a perceived uptime value that is greater than the median value of perceived uptime of other routers in the network.
  - 8. The computer-implemented method according to claim 5, wherein one or more of the malicious routers is configured with an advertised exit policy including a perceived bandwidth to allow traffic associated with the client machine through at least one unpopular port.
  - 9. The computer-implemented method according to claim 1, wherein accessing the web server comprises injecting a script into a web site, the web site being hosted by the web server, the injection and the script being configured to exploit vulnerabilities of the web server, the vulnerabilities of the web server including web site vulnerabilities.
  - 10. The computer-implemented method according to claim 9, wherein the script is configured to modify the compromised web server to inject the hidden program in response to a request by the anonymous client machine, the request including a request to visit the web site, the response including the hidden program.
  - 11. The computer-implemented method according to claim 9, wherein the anonymous client machine, the web server, and a script server are communicatively linked in accordance with WebSocket protocols, wherein the script server listens to traffic of the anonymous client machine transiting through the at least one unpopular port, and wherein the response is an embedded HTTP-based response, the embedded HTTP-based response including the hidden program configured to modify the anonymous client machine to open the new path.
  - 12. The computer-implemented method according to claim 1, wherein the anonymous communication network selects a plurality of routers in accordance with a non-entrance router selection method, the non-entrance router selection method comprising the steps of:
    - establishing a list of all known routers as an input;
      
      computing the total perceived bandwidth, B, for all available routers in the list;
      
      selecting a pseudo-random number, C, the pseudo-random number, C, having a value between 1 and B;
      
      selecting for each of the routers from the list a corresponding router, each of the routers having a perceived bandwidth, the perceived bandwidth being added to a value of a variable T;
      
      comparing the variable T to the pseudo-random number C for the selected corresponding router;
      
      selecting the router for inclusion into the path if the variable T is greater than the pseudo-random number C;
      
      selecting additional routers for inclusion into the path if the variable T is less than the pseudo-random number C, and further adding the perceived bandwidth of each additional router to the value of the variable T, the value of the variable T increasing until the value of the variable T is greater than the pseudo-random number C; and
      
      repeating the selecting of additional routers for inclusion into the path if the variable T is less than the pseudo-random number C until the variable T is greater than the pseudo-random number C to establish a probability distribution showing a greater probability of selecting the routers having a greater magnitude of the perceived bandwidth,wherein the hidden program modifies the anonymous client machine to route traffic through the at least one unpopular port, the at least one unpopular port having a perceived bandwidth related to the perceived bandwidth of the selected routers.
  - 13. The computer-implemented method according to claim 1, wherein the anonymous communication network is an onion-routing based communication network.

14. An apparatus to identify a client machine in an anonymous communication network, the apparatus comprising:
- a controller including a processor to analyze path vulnerabilities associated with transmission of traffic in an anonymous communication network to identify a client machine, wherein the controller;
  
  performs a path vulnerability analysis in the anonymous communication network;
  
  generates results of the path vulnerabilities analysis to determine probability of selection of unpopular ports in the anonymous communication network;
  
  accesses a web server associated with the anonymous communication network to compromise the web server, the web server being communicatively linked to a client machine; and
  
  modifies the compromised web server with a script that enables injection of a hidden program into the anonymous client machine based on the results of the path vulnerability analysis; and
  
  a memory associated with the processor,wherein the controller generates the hidden program to modify the anonymous client machine to establish a new path in the anonymous communication network based on the path vulnerability analysis, wherein traffic from the anonymous client machine is routed through at least one unpopular port in the new path to determine the identity of the client machine in the anonymous communication network.
- View Dependent Claims (15, 16, 17)
- - 15. The apparatus according to claim 14, wherein the controller generates one or more instructions to configure a script server to listen to traffic of the anonymous client machine transiting through the at least one unpopular port to determine the identity of the anonymous client machine.
  - 16. The apparatus according to claim 14, wherein the controller is configured to analyze the path vulnerabilities, the analysis comprising:
    - obtaining an active router set of active routers in the anonymous communication network from at least one directory server in the anonymous communication network, the active router set comprising router information for the active routers, the router information comprising a first preprocessed data set including one or more of a router name, a router version, a router perceived bandwidth, and a router exit policy;
      
      conducting one or more first simulations of unpopular application protocols on the first preprocessed data set to determine a probability of selection of one or more unpopular ports in the active router set;
      
      injecting in the first preprocessed data set one or more malicious routers to form a second preprocessed data set;
      
      conducting one or more second simulations, the one or more second simulations comprising generating one or more circuits, wherein the one or more unpopular application protocols are simulated on the second preprocessed data set to generate a third preprocessed data set, the third preprocessed data set associated with probabilities of the path vulnerabilities to the one or more unpopular ports; and
      
      generating results, the results including statistics related to a relative unpopularity associated with an exit policy of a plurality of servers, wherein traffic is transmitted through the one or more unpopular ports to exit the anonymous communication network.
  - 17. The apparatus according to claim 14, wherein the controller, based on the results of the path vulnerabilities analysis, injects a predetermined increase in perceived bandwidth and a predetermined increase in perceived uptime into one or more malicious routers associated with one or more unpopular ports.

18. A computer software product, comprising a non-transitory storage medium readable by a processor, the non-transitory storage medium having stored thereon a set of instructions for performing computer-implemented client identification in an anonymous communication network, the set of instructions comprising:
- (a) a first sequence of instructions which, when executed by the processor, causes said processor to analyze path vulnerabilities and generate results associated with transmission of traffic through the anonymous communication network to determine probability of selection of unpopular ports in the anonymous communication network;
  
  (b) a second sequence of instruction which, when executed by the processor, causes said processor to inject an increase in perceived bandwidth and an increase in perceived uptime into one or more unpopular ports and one or more associated malicious routers based on the results of the path vulnerability analysis;
  
  (c) a third sequence of instructions which, when executed by the processor, causes said processor to access a web server associated with the anonymous communication network to compromise the web server, the web server being communicatively linked to a client machine; and
  
  (d) a fourth sequence of instructions which, when executed by the processor, causes said processor to modify the compromised web server with a script that enables injection of a hidden program into the client machine based on the results of the path vulnerability analysis,wherein the hidden program modifies the client machine to establish a new path in the anonymous communication network, wherein traffic from the client machine is routed through at least one unpopular port in the new path to determine the identity of the client machine in the anonymous communication network.
- View Dependent Claims (19, 20)
- - 19. The computer software product according to claim 18, wherein the set of instructions further comprises:
    - a fifth sequence of instructions which, when executed by the processor, causes the processor to obtain an active router set of active routers in the anonymous communication network from at least one directory server in the anonymous communication network, the active router set comprising router information for the active routers, the router information comprising a first preprocessed data set including one or more of a router name, a router version, a router perceived bandwidth, and a router exit policy;
      
      a sixth sequence of instructions which, when executed by the processor, causes the processor to conduct one or more first simulations of unpopular application protocols on the first preprocessed data set to determine a probability of selection of one or more unpopular ports in the active router set;
      
      a seventh sequence of instructions which, when executed by the processor, causes the processor to inject in the first preprocessed data set one or more malicious routers to form a second preprocessed data set;
      
      an eighth sequence of instructions which, when executed by the processor, causes the processor to conduct one or more second simulations, the one or more second simulations comprising generating one or more circuits, wherein the one or more unpopular application protocols are simulated on the second preprocessed data set to generate a third preprocessed data set, the third preprocessed data set associated with probabilities of the path vulnerabilities to the one or more unpopular ports; and
      
      a ninth sequence of instructions which, when executed by the processor, causes the processor to generate results, the results including statistics related to the relative unpopularity associated with an exit policy of a plurality of servers, wherein traffic is transmitted through the one or more unpopular ports to exit the anonymous communication network.
  - 20. The computer software product according to claim 18, wherein the set of instructions further comprises:
    - a fifth sequence of instructions which, when executed by the processor, causes the processor to configure a script sever to listen to the one or more unpopular ports through which traffic of the anonymous client machine passes to identify the anonymous client machine in the anonymous communication network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
King Fahd University Of Petroleum And Minerals
Original Assignee
King Fahd University Of Petroleum And Minerals
Inventors
SULAIMAN, MUHAMMAD ALIYU, ZHIOUA, SAMI

Application Number

US13/953,723
Publication Number

US 20150033347A1
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

H04L 63/0421   Anonymous communication, i....

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

APPARATUS AND METHOD FOR CLIENT IDENTIFICATION IN ANONYMOUS COMMUNICATION NETWORKS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

14 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

APPARATUS AND METHOD FOR CLIENT IDENTIFICATION IN ANONYMOUS COMMUNICATION NETWORKS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links