This Repository contains the sourcode and generated data of a IT-Securtiy Testbed for "Flow-Correlation Attacks".
It is part of the Bachelorthesis "Testbed-for-Flow-Correlation-Attacks-on-Encrypted-Messenger-Applications"
Current political developments highlight the importance of encrypted and anonymous communication for safeguarding our human rights. Therefore, attacks on applications that provide such services are extremely concerning.
Recent research has presented fully passive attacks on encrypted messenger applications, which disclose the anonymity of the communicating parties. By utilizing traffic analysis, Instant-Messaging (IM) users can be identified as members of an IM-channel with an accuracy of 97 %.
These developments are highly alarming and call for further research into these techniques. To investigate such attacks regarding their applicability and potential countermeasures in real-world scenarios, this work develops a testbed for analysis and exploration of this attack.
The developed testbed integrates various physical devices such as desktop PCs and smartphones to simulate realistic environmental conditions.
To support its use in a scientific context and achieve meaningful results, the testbed was designed with a clear focus on reproducibility and fidelity.
Several key technology decisions were made with cost-effective and open-source usage in mind. Thus, the testmanagement system is based on the open-source solution OpenTAP.
The testbed proved to be a suitable tool for exposing various aspects and impacts on the success of the attack. It demonstrated that the configuration of the end devices strongly influences the detection rate and, consequently, the success of the attack. An end device with a locked screen could no longer be consistently identified as a member of a channel.
The modular structure of the testbed also facilitated the analysis of published detection algorithms and datasets. It was found that the datasets exhibit inconsistencies, which could be improved through the use of the testbed. Furthermore, it was determined that the current version of the detection algorithm does not achieve the stated accuracy. With the deployment of the testbed, the detection accuracy of this version could be improved by 30 %.
The development of this testbed aims to further investigate such attacks — not only to raise greater awareness of such threats but also to advance research in the field of countermeasures.