Privacy Vulnerabilities in Encrypted HTTP
Streams
G. Bissias, M. Liberatore, D. Jensen and B. Levine. Privacy vulnerabilities in encrypted HTTP
streams. Proceedings of the Privacy Enhancing Technologies Workshop (PET 2005).
- Abstract
- Encrypting trace does not prevent an attacker from performing some types of trace analysis. We present a straightforward traffic analysis attack against encrypted HTTP streams that is surprisingly
effective in identifying the source of the traffic. An attacker starts by
creating a profile of the statistical characteristics of web requests from
interesting sites, including distributions of packet sizes and inter-arrival
times. Later, candidate encrypted streams are compared against these
profiles. In our evaluations using real traffic, we find that many web sites
are subject to this attack. With a training period of 24 hours and a 1
hour delay afterwards, the attack achieves only 23% accuracy. However,
an attacker can easily pre-determine which of trained sites are easily
identifiable. Accordingly, against 25 such sites, the attack achieves 40%
accuracy; with three guesses, the attack achieves 100% accuracy for our
data. Longer delays after training decrease accuracy, but not substantially. We also propose some countermeasures and improvements to our
current method. Previous work analyzed SSL traffic to a proxy, taking
advantage of a known flaw in SSL that reveals the length of each web object. In contrast, we exploit the statistical characteristics of web streams
that are encrypted as a single flow, which is the case with WEP/WPA,
IPsec, and SSH tunnels.
- Text
- A PDF version of this paper is available.
Fineprint