I can still see you: Layer 2 correlation attack in LTE Tor network
Zhifan Lu
Department of Computer Science, University of Virginia
Time: 2024-03-27, 12:15 - 13:00 ET
Location: Rice 540 and Zoom
Abstract Long Term Evolution(LTE) is a global standard that offers significant boosts to mobile network capabilities such as network speed and service availability compared to older networks (e.g. 3G) and forms the backbone in the 5G network. However, few works have been devoted to studying its privacy from a protocol stack perspective.
In this work, we investigate the possibility of performing correlation attacks on the LTE Tor network. We demonstrate how attackers can extract layer-2(PDCP) information from encrypted LTE traffic and then correlate with layer-3(IP) exit Tor traffic directly. This indicates even using Tor, users are still vulnerable to traffic correlation attacks on the LTE network. Correlation is performed using triplet feature embedding network.
Bio Zhifan is a current PhD student at University of Virginia. His research is on network security with a focus on Tor-related issues. Zhifan received his B.S. from McIntire school of Commerce and M.S. from School of Engineering & Applied Science from University of Virginia. He has worked cross-industry from digital marketing to fintech.