Privacy Vulnerabilities in Encrypted HTTP Streams. Bissias, G., Liberatore, M., Jensen, D., & Levine, B. Volume 3856. Privacy Vulnerabilities in Encrypted HTTP Streams, pages 1-11. Springer, 9, 2006. Website abstract bibtex Encrypting traffic does not prevent an attacker from performing some types of traffic analysis. We present a straightforward traffic analysis attack against encrypted HTTP streams that is surprisingly effective in identifying the source of the traffic. An attacker starts by creating a profile of the statistical characteristics of web requests from interesting sites, including distributions of packet sizes and inter-arrival times. Later, candidate encrypted streams are compared against these profiles. In our evaluations using real traffic, we find that many web sites are subject to this attack. With a training period of 24 hours and a 1 hour delay afterwards, the attack achieves only 23% accuracy. However, an attacker can easily pre-determine which of trained sites are easily identifiable. Accordingly, against 25 such sites, the attack achieves 40% accuracy; with three guesses, the attack achieves 100% accuracy for our data. Longer delays after training decrease accuracy, but not substantially. We also propose some countermeasures and improvements to our current method. Previous work analyzed SSL traffic to a proxy, taking advantage of a known flaw in SSL that reveals the length of each web object. In contrast, we exploit the statistical characteristics of web streams that are encrypted as a single flow, which is the case with WEP/WPA, IPsec, and SSH tunnels.
@inBook{
title = {Privacy Vulnerabilities in Encrypted HTTP Streams},
type = {inBook},
year = {2006},
identifiers = {[object Object]},
keywords = {privacy,traffic-analysis},
pages = {1-11},
volume = {3856},
websites = {http://dx.doi.org/10.1007/11767831_1},
month = {9},
publisher = {Springer},
series = {Lecture Notes in Computer Science},
editors = {[object Object],[object Object]},
id = {62dbb382-e2c0-3cf1-88c3-80636f30dd25},
created = {2018-07-12T21:32:24.764Z},
file_attached = {false},
profile_id = {f954d000-ce94-3da6-bd26-b983145a920f},
group_id = {b0b145a3-980e-3ad7-a16f-c93918c606ed},
last_modified = {2018-07-12T21:32:24.764Z},
read = {false},
starred = {false},
authored = {false},
confirmed = {true},
hidden = {false},
citation_key = {bissias:privacy06},
source_type = {incollection},
private_publication = {false},
abstract = {Encrypting traffic does not prevent an attacker from performing some types of traffic analysis. We present a straightforward traffic analysis attack against encrypted HTTP streams that is surprisingly effective in identifying the source of the traffic. An attacker starts by creating a profile of the statistical characteristics of web requests from interesting sites, including distributions of packet sizes and inter-arrival times. Later, candidate encrypted streams are compared against these profiles. In our evaluations using real traffic, we find that many web sites are subject to this attack. With a training period of 24 hours and a 1 hour delay afterwards, the attack achieves only 23% accuracy. However, an attacker can easily pre-determine which of trained sites are easily identifiable. Accordingly, against 25 such sites, the attack achieves 40% accuracy; with three guesses, the attack achieves 100% accuracy for our data. Longer delays after training decrease accuracy, but not substantially. We also propose some countermeasures and improvements to our current method. Previous work analyzed SSL traffic to a proxy, taking advantage of a known flaw in SSL that reveals the length of each web object. In contrast, we exploit the statistical characteristics of web streams that are encrypted as a single flow, which is the case with WEP/WPA, IPsec, and SSH tunnels.},
bibtype = {inBook},
author = {Bissias, George and Liberatore, Marc and Jensen, David and Levine, Brian},
book = {Privacy Enhancing Technologies}
}
Downloads: 0
{"_id":"GeePJ72NQAt6ccMe7","bibbaseid":"bissias-liberatore-jensen-levine-privacyvulnerabilitiesinencryptedhttpstreams-2006","downloads":0,"creationDate":"2019-02-15T15:15:01.527Z","title":"Privacy Vulnerabilities in Encrypted HTTP Streams","author_short":["Bissias, G.","Liberatore, M.","Jensen, D.","Levine, B."],"year":2006,"bibtype":"inBook","biburl":null,"bibdata":{"title":"Privacy Vulnerabilities in Encrypted HTTP Streams","type":"inBook","year":"2006","identifiers":"[object Object]","keywords":"privacy,traffic-analysis","pages":"1-11","volume":"3856","websites":"http://dx.doi.org/10.1007/11767831_1","month":"9","publisher":"Springer","series":"Lecture Notes in Computer Science","editors":"[object Object],[object Object]","id":"62dbb382-e2c0-3cf1-88c3-80636f30dd25","created":"2018-07-12T21:32:24.764Z","file_attached":false,"profile_id":"f954d000-ce94-3da6-bd26-b983145a920f","group_id":"b0b145a3-980e-3ad7-a16f-c93918c606ed","last_modified":"2018-07-12T21:32:24.764Z","read":false,"starred":false,"authored":false,"confirmed":"true","hidden":false,"citation_key":"bissias:privacy06","source_type":"incollection","private_publication":false,"abstract":"Encrypting traffic does not prevent an attacker from performing some types of traffic analysis. We present a straightforward traffic analysis attack against encrypted HTTP streams that is surprisingly effective in identifying the source of the traffic. An attacker starts by creating a profile of the statistical characteristics of web requests from interesting sites, including distributions of packet sizes and inter-arrival times. Later, candidate encrypted streams are compared against these profiles. In our evaluations using real traffic, we find that many web sites are subject to this attack. With a training period of 24 hours and a 1 hour delay afterwards, the attack achieves only 23% accuracy. However, an attacker can easily pre-determine which of trained sites are easily identifiable. Accordingly, against 25 such sites, the attack achieves 40% accuracy; with three guesses, the attack achieves 100% accuracy for our data. Longer delays after training decrease accuracy, but not substantially. We also propose some countermeasures and improvements to our current method. Previous work analyzed SSL traffic to a proxy, taking advantage of a known flaw in SSL that reveals the length of each web object. In contrast, we exploit the statistical characteristics of web streams that are encrypted as a single flow, which is the case with WEP/WPA, IPsec, and SSH tunnels.","bibtype":"inBook","author":"Bissias, George and Liberatore, Marc and Jensen, David and Levine, Brian","book":"Privacy Enhancing Technologies","bibtex":"@inBook{\n title = {Privacy Vulnerabilities in Encrypted HTTP Streams},\n type = {inBook},\n year = {2006},\n identifiers = {[object Object]},\n keywords = {privacy,traffic-analysis},\n pages = {1-11},\n volume = {3856},\n websites = {http://dx.doi.org/10.1007/11767831_1},\n month = {9},\n publisher = {Springer},\n series = {Lecture Notes in Computer Science},\n editors = {[object Object],[object Object]},\n id = {62dbb382-e2c0-3cf1-88c3-80636f30dd25},\n created = {2018-07-12T21:32:24.764Z},\n file_attached = {false},\n profile_id = {f954d000-ce94-3da6-bd26-b983145a920f},\n group_id = {b0b145a3-980e-3ad7-a16f-c93918c606ed},\n last_modified = {2018-07-12T21:32:24.764Z},\n read = {false},\n starred = {false},\n authored = {false},\n confirmed = {true},\n hidden = {false},\n citation_key = {bissias:privacy06},\n source_type = {incollection},\n private_publication = {false},\n abstract = {Encrypting traffic does not prevent an attacker from performing some types of traffic analysis. We present a straightforward traffic analysis attack against encrypted HTTP streams that is surprisingly effective in identifying the source of the traffic. An attacker starts by creating a profile of the statistical characteristics of web requests from interesting sites, including distributions of packet sizes and inter-arrival times. Later, candidate encrypted streams are compared against these profiles. In our evaluations using real traffic, we find that many web sites are subject to this attack. With a training period of 24 hours and a 1 hour delay afterwards, the attack achieves only 23% accuracy. However, an attacker can easily pre-determine which of trained sites are easily identifiable. Accordingly, against 25 such sites, the attack achieves 40% accuracy; with three guesses, the attack achieves 100% accuracy for our data. Longer delays after training decrease accuracy, but not substantially. We also propose some countermeasures and improvements to our current method. Previous work analyzed SSL traffic to a proxy, taking advantage of a known flaw in SSL that reveals the length of each web object. In contrast, we exploit the statistical characteristics of web streams that are encrypted as a single flow, which is the case with WEP/WPA, IPsec, and SSH tunnels.},\n bibtype = {inBook},\n author = {Bissias, George and Liberatore, Marc and Jensen, David and Levine, Brian},\n book = {Privacy Enhancing Technologies}\n}","author_short":["Bissias, G.","Liberatore, M.","Jensen, D.","Levine, B."],"urls":{"Website":"http://dx.doi.org/10.1007/11767831_1"},"bibbaseid":"bissias-liberatore-jensen-levine-privacyvulnerabilitiesinencryptedhttpstreams-2006","role":"author","keyword":["privacy","traffic-analysis"],"downloads":0},"search_terms":["privacy","vulnerabilities","encrypted","http","streams","bissias","liberatore","jensen","levine"],"keywords":["privacy","traffic-analysis"],"authorIDs":[]}