Brian Neil Levine   Privacy, Internetworking, Security, and Mobile Systems (PRISMS) Lab

Associate Professor
Undergraduate Program Director
Dept. of Computer Science
UMass Amherst

Forensics/Privacy Research

My research group's work focuses on the limits of Internet privacy. The Internet poses significant challenges to personal privacy and law enforcement investigations alike. For users, a litany of identifiers tag their activities across the Internet or, for mobile users, across town, which stands in opposition to many users' expectations of privacy. For the average user, techniques that mask such identifiers, like an IP address, result in significantly reduced performance, forcing users to decide between quality and security. Moreover, the growing prevalence of these artifacts increases the chance that a novice user unknowingly leaves artifacts that are trackable. Ironically, these same identifiers are a challenge for law enforcement that seek to introduce sound evidence in the courtroom. Criminals are more apt to accept the performance/security tradeoff, and it can be a challenge to map the bits and bytes of digital evidence to higher concepts, such as intent or knowing possession required by law.

In other words, privacy and criminal forensics are not inverse fields; one does not gain traction when the other suffers. Moreover, the problems relevant to either are not limited to hacking or computer crimes. Digital artifacts are relevant to murder, child or adult sexual exploitation, identity theft, intellectual property theft, and consumer/healthcare safety, in addition to traditional incident response and intelligence fields.

Forensics
Our forensics work is currently focused on several problems.

  1. The first is investigations of peer-to-peer (p2p) network technology, which has become the standard instrumentality for the sharing and distribution of images of child sexual exploitation. Through a collaborative grant with Clay Shields (Georgetown Univ.) from the National Institute of Justice, Marc Liberatore and I are building a forensics system called RoundUp that enables law enforcement to identify users who are sharing known contraband based on known hash values on a p2p network. Our efforts are in cooperation with the MA State Police Crime Unit and the Department of Homeland Security ICE. The software system profilea the characteristics that identify a particular file, computer, or online user identity and produce output that can be quickly turned around to generate a warrant or subpoena, or to use as evidence in a court. This work leverages a great deal of my experience with p2p systems (e.g., Fast05, Bell04, Chu04, Bern03, and Chu02)
  2. Second, I have been working with Gerome Miklau on database forensics. We have examined several database systems to determine the amount of digital artifacts that remain as trace evidence during normal operations. And we have proposed principles for keeping databases transparent, that is, without unexpected trace artifacts. (Miklau07, Stahlberg07).
  3. Finally, we have examined problems in network forensics (and privacy). Encrypted connections can hide what a device was used for, and we have also proposed novel techniques for encrypted traffic analysis that determine the source of encrypted web traffic. We have shown that such identification is possible and reasonably accurate when a limited number of Internet destinations are involved and is robust to traffic shaping. (Bissias05, Liberatore06)

My newest projects concern mobile systems forensics. We seek to address the many challenges that are unique to laptops, cell phones, and embedded systems. For example, IP addresses assigned to mobile devices lead to no house, and thus common techniques for networking investigations do not apply. Secondly, data found on smaller, proprietary devices, such as phones are not easily parsed by techniques that have been developed for well known desktop operating systems. These efforts leverage my previous work on mobile systems and our large mobile systems testbed.

Privacy

The threat model for privacy is different than for criminal digital forensics. Works in network privacy seek to thwart any linkage of network traffic to a particular user, such that any sacrifice in performance is minimized. Several protocols for anonymous communication have been proposed over the years.

We have looked at several attacks that break protocols for anonymity, largely based on traffic analysis. For example, we have looked in great detail at the predecessor and intersection attack. Our attacks use only statistical information about other proxies in the network. Notably, our work on the predecessor attack was the first analysis to quantitatively compare all known protocols for anonymous communication.

One of the biggest threats to anonymous protocols are Sybil attackers. My work on the Sybil Attack is describe on another page.

  • Forensics: Databases and Traffic Analysis:
    • Brian Levine and Marc Liberatore "Digital Evidence Exchange for Reproducibility, Comparison, and Reliability." In Proc. Annual DFRWS Conference Aug 2009
    • Patrick Stahlberg, Gerome Miklau, and B.N. Levine, "Threats to Privacy in the Forensic Analysis of Database Systems." In Proc. ACM SIGMOD/PODS, June 2007.
    • Gerome Miklau, Patrick Stahlberg, and Brian Neil Levine. "Securing History: Privacy and Accountability in Database Systems." In Biennial ACM/VLDB Conference on Innovative Data Systems Research (CIDR), January 2007.
    • George Bissias, Marc Liberatore, David Jensen, and Brian Neil Levine, "Privacy Vulnerabilities in Encrypted HTTP Streams". In Proc. Privacy Enhancing Technologies Workshop (PET 2005).
    • Marc Liberatore, Brian Neil Levine, "Inferring the Source of Encrypted HTTP Connections". In Proc. ACM Computer and Communications Security (CCS) Alexandria, VA, October 2006.
  • Analysis of different Attacks on Anonymous Protocols
    • Matthew Wright, Micah Adler, Brian Neil Levine, and Clay Shields. Passive-Logging Attacks Against Anonymous Communications Systems. ACM Transactions on Information and System Security (TISSEC), 11(2), May 2008.
    • Matt Wright, Micah Adler, Brian Neil Levine, and Clay Shields, The Predecessor Attack: An Analysis of a Threat to Anonymous Communications Systems. ACM Transactions on Information and Systems Security (TISSEC). Vol 7. Num 4. (By invitation)
    • Brian Neil Levine, Michael Reiter, Chenxi Wang, Matthew Wright Stopping Timing Attacks in Low-Latency Mix-Based Systems. in Proc. Financial Cryptography. February 2004. Nominee for the 2004 PET award
    • Matthew Wright, Micah Adler, Brian Neil Levine, and Clay Shields, "Defending Anonymous Communication Against Passive Logging Attacks". IEEE Symposium on Security and Privacy, Oakland, CA. May 2003.
    • Matthew Wright, Micah Adler, Brian Neil Levine, and Clay Shields, "An Analysis of the Degradation of Anonymous Protocols".in Proc. ISOC Network and Distributed System Security Symposium (NDSS), February 2002. Received the Outstanding Paper Award.
    • Vincent Scarlata, Brian Neil Levine, and Clay Shields, "Responder Anonymity and Anonymous Peer-to-Peer File Sharing, in Proc. IEEE Intl. Conference on Network Protocols (ICNP). November 2001.
    • Clay Shields and Brian Neil Levine, "A Protocol for Anonymous Communication Over the Internet". Proc. ACM Conference on Computer and Communication Security (CCS). November 2000