Network flow fingerprinting can be used to de-anonymize communications on anonymity systems such as Tor by linking the ingress and egress segments of anonymized connections. Assume Alice and Bob have access to the input and the output links of an anonymous network, respectively, and they wish to collaboratively reveal the connections between the input and the output links without being detected by Willie who protects the network. Alice generates a codebook where each codeword is a unique fingerprint indicating a sequence of interpacket delays, and shares it only with Bob. To trace each flow, Alice selects a fingerprint and manipulates the packet timings of the flow to follow the packet timings suggested by the fingerprint, and Bob extracts the fingerprints from it after it passes through the network. We model the network as parallel M/M/1 queues where each queue is shared by a flow f _i from Alice to Bob and other flows independent of f _i . Packet timings of the flows are governed by independent Poisson processes. Assuming all input flows have equal packet rates and that Bob observes only flows with fingerprints, we first present two scenarios: 1) Alice fingerprints all the flows and 2) Alice fingerprints a subset of the flows, unknown to Willie. Then, we extend the construction and analysis to the case of arbitrary flow rates and the case where Bob observes flows with and without fingerprints. For each scenario, we derive the number of flows that Alice and Bob can trace by fingerprinting.

中文翻译：

---

隐形流程指纹识别的基本限制

通过链接匿名连接的入口和出口段，网络流指纹可用于使匿名系统（例如Tor）上的通信去匿名。假设Alice和Bob可以分别访问匿名网络的输入和输出链接，并且他们希望以协作方式揭示输入和输出链接之间的连接，而不会被保护网络的Willie检测到。爱丽丝生成一个密码本，其中每个密码字都是一个唯一的指纹，指示一组数据包之间的延迟，并仅与鲍勃共享。为了跟踪每个流，Alice选择一个指纹并操纵该流的数据包时序以遵循该指纹建议的数据包时序，然后Bob在它通过网络后从其中提取指纹。 _我从Alice给Bob和其他流量独立F的 _我 。流的分组定时由独立的泊松过程控制。假设所有输入流具有相等的数据包速率，并且鲍勃仅观察带有指纹的流，我们首先提出两种情况：1）艾丽斯对所有流进行指纹识别，以及2）艾丽斯对流的一个子集进行指纹识别，这对于威利是未知的。然后，我们将构造和分析扩展到任意流速的情况以及Bob观察带有或不带有指纹的流量的情况。对于每种情况，我们都可以通过指纹推导Alice和Bob可以跟踪的流量数量。