You Can Obfuscate, but You Cannot Hide: CrossPoint Attacks against Network Topology Obfuscation

Authors: 

Xuanbo Huang, Kaiping Xue, Lutong Chen, and Mingrui Ai, University of Science and Technology of China; Huancheng Zhou, Texas A&M University; Bo Luo, The University of Kansas; Guofei Gu, Texas A&M University; Qibin Sun, University of Science and Technology of China

Abstract: 

Link-flooding attacks (LFAs) may disrupt Internet connections in targeted areas by flooding specific links. One effective mitigation strategy against these attacks is network topology obfuscation (NTO), which aims to obscure the network map and conceal critical links, preventing attackers from identifying bottleneck links.

However, we argue that the attackers can still discover critical links in the presence of NTO defenses. In this paper, we introduce the CrossPoint attacks to escape the security protections of state-of-the-art NTO defenses by exploiting two network traffic features: correlated congestion and statistical disparities. Although NTO defenses create a complex and seemingly robust virtual topology, distinct information is still discoverable due to conflicting design objectives and inherent features of the Internet, resulting in novel side channels. Through comprehensive experiments, including a measurement study on the Internet, we demonstrate CrossPoint attacks' high success rate (80%-95%), minor overhead (10%-20%), as well as attack stealthiness and feasibility.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {299637,
author = {Xuanbo Huang and Kaiping Xue and Lutong Chen and Mingrui Ai and Huancheng Zhou and Bo Luo and Guofei Gu and Qibin Sun},
title = {You Can Obfuscate, but You Cannot Hide: {CrossPoint} Attacks against Network Topology Obfuscation},
booktitle = {33rd USENIX Security Symposium (USENIX Security 24)},
year = {2024},
isbn = {978-1-939133-44-1},
address = {Philadelphia, PA},
pages = {5735--5750},
url = {https://www.usenix.org/conference/usenixsecurity24/presentation/huang-xuanbo},
publisher = {USENIX Association},
month = aug
}