Traffic analysis: protocols, attacks, design issues, and open problems
International workshop on Designing privacy enhancing technologies: design issues in anonymity and unobservability
Statistical Identification of Encrypted Web Browsing Traffic
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Defending Anonymous Communications Against Passive Logging Attacks
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Active Traffic Analysis Attacks and Countermeasures
ICCNMC '03 Proceedings of the 2003 International Conference on Computer Networks and Mobile Computing
Jamming and sensing of encrypted wireless ad hoc networks
Proceedings of the 7th ACM international symposium on Mobile ad hoc networking and computing
Proceedings of the 13th annual ACM international conference on Mobile computing and networking
Passive-Logging Attacks Against Anonymous Communications Systems
ACM Transactions on Information and System Security (TISSEC)
On web browsing privacy in anonymized NetFlows
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Performance Analysis of Real Traffic Carried with Encrypted Cover Flows
Proceedings of the 22nd Workshop on Principles of Advanced and Distributed Simulation
New directions in privacy-preserving anomaly detection for network traffic
Proceedings of the 1st ACM workshop on Network data anonymization
Tunnel Hunter: Detecting application-layer tunnels with statistical fingerprinting
Computer Networks: The International Journal of Computer and Telecommunications Networking
Improving stream correlation attacks on anonymous networks
Proceedings of the 2009 ACM symposium on Applied Computing
Simulating low-latency anonymous networks
SpringSim '09 Proceedings of the 2009 Spring Simulation Multiconference
Proceedings of the 2009 ACM workshop on Cloud computing security
Large scale simulation of Tor: modelling a global passive adversary
ASIAN'07 Proceedings of the 12th Asian computing science conference on Advances in computer science: computer and network security
Fingerprinting websites using remote traffic analysis
Proceedings of the 17th ACM conference on Computer and communications security
Website fingerprinting and identification using ordered feature sequences
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Website fingerprinting in onion routing based anonymization networks
Proceedings of the 10th annual ACM workshop on Privacy in the electronic society
Beyond TOR: the truenyms protocol
SIIS'11 Proceedings of the 2011 international conference on Security and Intelligent Information Systems
Review: A survey on solutions and main free tools for privacy enhancing Web communications
Journal of Network and Computer Applications
Website detection using remote traffic analysis
PETS'12 Proceedings of the 12th international conference on Privacy Enhancing Technologies
SkypeMorph: protocol obfuscation for Tor bridges
Proceedings of the 2012 ACM conference on Computer and communications security
StegoTorus: a camouflage proxy for the Tor anonymity system
Proceedings of the 2012 ACM conference on Computer and communications security
Touching from a distance: website fingerprinting attacks and defenses
Proceedings of the 2012 ACM conference on Computer and communications security
DupLESS: server-aided encryption for deduplicated storage
SEC'13 Proceedings of the 22nd USENIX conference on Security
A privacy-aware access control model for distributed network monitoring
Computers and Electrical Engineering
| Hi-index | 0.00 |
Encrypting traffic does not prevent an attacker from performing some types of traffic analysis. We present a straightforward traffic analysis attack against encrypted HTTP streams that is surprisingly effective in identifying the source of the traffic. An attacker starts by creating a profile of the statistical characteristics of web requests from interesting sites, including distributions of packet sizes and inter-arrival times. Later, candidate encrypted streams are compared against these profiles. In our evaluations using real traffic, we find that many web sites are subject to this attack. With a training period of 24 hours and a 1 hour delay afterwards, the attack achieves only 23% accuracy. However, an attacker can easily pre-determine which of trained sites are easily identifiable. Accordingly, against 25 such sites, the attack achieves 40% accuracy; with three guesses, the attack achieves 100% accuracy for our data. Longer delays after training decrease accuracy, but not substantially. We also propose some countermeasures and improvements to our current method. Previous work analyzed SSL traffic to a proxy, taking advantage of a known flaw in SSL that reveals the length of each web object. In contrast, we exploit the statistical characteristics of web streams that are encrypted as a single flow, which is the case with WEP/WPA, IPsec, and SSH tunnels.