A Web Traffic Analysis Attack Using Only Timing Information

Feghhi, Saman; Leith, Douglas J.

doi:10.1109/tifs.2016.2551203

Cited by 55 publications

(35 citation statements)

References 13 publications

(22 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…At first glance, fingerprinting smartphone apps may seem to be a simple translation of existing work. While there are some similarities, such as end-to-end communication using IP addresses/ports, there are nuances in the type of traffic sent by smartphones and the way in which it is sent that makes traffic analysis in the realm of smartphones distinct from traffic analysis on traditional workstations [10]- [13]. With this in mind, we outline related work by first enumerating traffic analysis approaches on workstations (Section II-A), and then focusing on traffic analysis on smartphones (Section II-B).…”

Section: Related Workmentioning

confidence: 99%

Robust Smartphone App Identification via Encrypted Network Traffic Analysis

Taylor

Spolaor

Conti

et al. 2018

IEEE Trans.Inform.Forensic Secur.

279

113

View full text Add to dashboard Cite

Abstract-The apps installed on a smartphone can reveal much information about a user, such as their medical conditions, sexual orientation, or religious beliefs. Additionally, the presence or absence of particular apps on a smartphone can inform an adversary who is intent on attacking the device. In this paper, we show that a passive eavesdropper can feasibly identify smartphone apps by fingerprinting the network traffic that they send. Although SSL/TLS hides the payload of packets, sidechannel data such as packet size and direction is still leaked from encrypted connections. We use machine learning techniques to identify smartphone apps from this side-channel data. In addition to merely fingerprinting and identifying smartphone apps, we investigate how app fingerprints change over time, across devices and across different versions of apps. Additionally, we introduce strategies that enable our app classification system to identify and mitigate the effect of ambiguous traffic, i.e., traffic in common among apps such as advertisement traffic. We fully implemented a framework to fingerprint apps and ran a thorough set of experiments to assess its performance. We fingerprinted 110 of the most popular apps in the Google Play Store and were able to identify them six months later with up to 96% accuracy. Additionally, we show that app fingerprints persist to varying extents across devices and app versions.

show abstract

Section: Related Workmentioning

confidence: 99%

Robust Smartphone App Identification via Encrypted Network Traffic Analysis

Taylor

Spolaor

Conti

et al. 2018

IEEE Trans.Inform.Forensic Secur.

279

113

View full text Add to dashboard Cite

show abstract

“…We do not seek to conceal the fact that the client device is browsing the web, but rather to prevent an attacker from inferring which pages are being browsed. Packet timing data is a rich source of information, as discussed in more detail in Section II-B below, and in particular it is known to be sufficient to allow an attacker to infer with high probability the web page being browsed by a user [7] while in [5] it is shown that packet padding is not sufficient to hide coarse grained features such as bursts in traffic or the total size and load time of a page.…”

Section: A Threat Modelmentioning

confidence: 99%

An Efficient Web Traffic Defence Against Timing-Analysis Attacks

Feghhi

Leith

2019

IEEE Trans.Inform.Forensic Secur.

Self Cite

View full text Add to dashboard Cite

We introduce a new class of lower overhead tunnel that is resistant to traffic analysis. The tunnel opportunistically reduces the number of dummy packets transmitted during busy times when many flows are simultaneously active while maintaining well-defined privacy properties. We find that the dummy packet overhead is typically less than 20% on lightly loaded links and falls to zero as the traffic load increases i.e. the tunnel is capacity-achieving. The additional latency incurred is less than 100ms. We build an experimental prototype of the tunnel and carry out an extensive performance evaluation that demonstrates its effectiveness under a range of network conditions and real web page fetches.

show abstract

“…The timing of packets is less adaptable, since it would have a direct impact on the performance of the web service [14]. We combine both packet size and IAT to create a two-dimensional histogram.…”

Section: A Packet Size -Interarrival Timementioning

confidence: 99%

Fingerprinting encrypted network traffic types using machine learning

Leroux

Bohez

Maenhaut

et al. 2018

NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium

View full text Add to dashboard Cite

Abstract-Internet applications rely on strong encryption techniques to protect the content of all communications between client and server. These encryption algorithms ensure that third parties are unable to obtain the plain text data but also make it hard for the network administrator to enforce restrictions on the types of traffic that are allowed. In this paper we show that we can train accurate machine learning models which can predict the type of traffic going through an IPsec or TOR tunnel based on features extracted from the encrypted streams. We use small, fast to execute machine learning models that work on small windows of data. This makes it possible to use our approach in real-time, for example as part of a Quality of Service (QoS) system.

show abstract

A Web Traffic Analysis Attack Using Only Timing Information

Cited by 55 publications

References 13 publications

Robust Smartphone App Identification via Encrypted Network Traffic Analysis

Robust Smartphone App Identification via Encrypted Network Traffic Analysis

An Efficient Web Traffic Defence Against Timing-Analysis Attacks

Fingerprinting encrypted network traffic types using machine learning

Contact Info

Product

Resources

About