1

It is known that flows can quite easily be fingerprinted and watermarked [1] (usually observing or adding jitter to packets). Let's say someone added a watermark to my flow which then passes through a VPN connection where multiple flows with the same origin and destination are present (thus several flows are merged). Can the watermark still be detected in such a setting where a flow is indistinguishable from others? E.g. by some sort of traffic analysis where a flow is recovered?

[1] The Need for Flow Fingerprints to Link Correlated Network Flows

worxli
  • 11
  • 1
  • Adding to an encrypted 'flow' will damage it, so you're left with observing the flow, but then you have all those port numbers and other networking details that will identify the flows, so, I'm not sure what you are getting at. – schroeder Aug 21 '17 at 17:09
  • your assertion that 'flows' of a VPN are indistinguishable needs to be challenged – schroeder Aug 21 '17 at 17:10
  • What I mean is the following (VPN was just an example): if the traffic / the full packet, is encrypted and encapsulated into another packet (so no port numbers etc are visible to an outsider) and mixed with other flows, is someone still able to detect a fingerprint? So I can hide all content and packet information (flags etc), but not change content size and timings. – worxli Aug 21 '17 at 18:38
  • If the transport and network details are encrypted, then identifying flows will be very difficult - but if it is possible to "mix" the flows, then there must be a way to identify the flows so that they can be un-mixed. And that's where fingerprints will be evident. – schroeder Aug 22 '17 at 09:02

0 Answers0