Abstract
Encrypting traffic does not prevent an attacker from performing some types of traffic analysis. We present a straightforward traffic analysis attack against encrypted HTTP streams that is surprisingly effective in identifying the source of the traffic. An attacker starts by creating a profile of the statistical characteristics of web requests from interesting sites, including distributions of packet sizes and inter-arrival times. Later, candidate encrypted streams are compared against these profiles. In our evaluations using real traffic, we find that many web sites are subject to this attack. With a training period of 24 hours and a 1 hour delay afterwards, the attack achieves only 23% accuracy. However, an attacker can easily pre-determine which of trained sites are easily identifiable. Accordingly, against 25 such sites, the attack achieves 40% accuracy; with three guesses, the attack achieves 100% accuracy for our data. Longer delays after training decrease accuracy, but not substantially. We also propose some countermeasures and improvements to our current method. Previous work analyzed SSL traffic to a proxy, taking advantage of a known flaw in SSL that reveals the length of each web object. In contrast, we exploit the statistical characteristics of web streams that are encrypted as a single flow, which is the case with WEP/WPA, IPsec, and SSH tunnels.
This paper was supported in part by National Science Foundation awards CNS-0133055, ANI-0325868, and EIA-0080199.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Raymond, J.-F.: Traffic analysis: Protocols, attacks, design issues, and open problems. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 10–29. Springer, Heidelberg (2001)
Sun, Q., Simon, D.R., Wang, Y.M., Russell, W., Padmanabhan, V., Qiu, L.: Statistical identification of encrypted web browsing traffic. In: Proceedings of the IEEE Security and Privacy Conference (2003)
Dierks, T., Allen, C.: RFC 2246: The TLS protocol version 1 (1999)
Freier, A.O., Karlton, P., Kocher, P.C.: Secure Socket Layer. IETF Draft (1996), http://home.netscape.com/eng/ssl3
Fu, X., Graham, B., Bettati, R., Zhao, W.: Active Traffic Analysis Attacks and Countermeasures. In: Proceedings of the 2003 International Conference on Computer Networks and Mobile Computing, pp. 31–39 (2003)
Fu, X., Graham, B., Bettati, R., Zhao, W.: Analytical and Empirical Analysis of Countermeasures to Traffic Analysis Attacks. In: Proceedings of the 2003 International Conference on Parallel Processing, pp. 483–492 (2003)
Wright, M., Adler, M., Levine, B.N., Shields, C.: Defending Anonymous Communication Against Passive Logging Attacks. In: Proceedings of the IEEE Symposium on Security and Privacy (Oakland), pp. 28–41 (2003)
Levine, B.N., Reiter, M., Wang, C., Wright, M.: Stopping Timing Attacks in Low-Latency Mix-Based Systems. In: Proceedings of Financial Cryptography, FC (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bissias, G.D., Liberatore, M., Jensen, D., Levine, B.N. (2006). Privacy Vulnerabilities in Encrypted HTTP Streams. In: Danezis, G., Martin, D. (eds) Privacy Enhancing Technologies. PET 2005. Lecture Notes in Computer Science, vol 3856. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11767831_1
Download citation
DOI: https://doi.org/10.1007/11767831_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34745-3
Online ISBN: 978-3-540-34746-0
eBook Packages: Computer ScienceComputer Science (R0)