Privacy Vulnerabilities in Encrypted HTTP Streams

13 years 10 months ago

Download prisms.cs.umass.edu

Abstract. Encrypting traﬃc does not prevent an attacker from performing some types of traﬃc analysis. We present a straightforward trafﬁc analysis attack against encrypted HTTP streams that is surprisingly eﬀective in identifying the source of the traﬃc. An attacker starts by creating a proﬁle of the statistical characteristics of web requests from interesting sites, including distributions of packet sizes and inter-arrival times. Later, candidate encrypted streams are compared against these proﬁles. In our evaluations using real traﬃc, we ﬁnd that many web sites are subject to this attack. With a training period of 24 hours and a 1 hour delay afterwards, the attack achieves only 23% accuracy. However, an attacker can easily pre-determine which of trained sites are easily identiﬁable. Accordingly, against 25 such sites, the attack achieves 40% accuracy; with three guesses, the attack achieves 100% accuracy for our data. Longer delays after training decrease accuracy...

George Dean Bissias, Marc Liberatore, David Jensen

Real-time Traffic

Encrypted | PET 2005 | Security Privacy | Statistical Characteristics | Trafﬁc Analysis Attack |

claim paper

Post Info
More Details (n/a)

Added	28 Jun 2010
Updated	28 Jun 2010
Type	Conference
Year	2005
Where	PET
Authors	George Dean Bissias, Marc Liberatore, David Jensen, Brian Neil Levine

Comments (0)

Sciweavers

Privacy Vulnerabilities in Encrypted HTTP Streams

Encrypted | PET 2005 | Security Privacy | Statistical Characteristics | Trafﬁc Analysis Attack |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers