publication . Part of book or chapter of book . Preprint . 2011

Website Detection Using Remote Traffic Analysis

Gong, Xun; Kiyavash, Negar; Schear, Nabíl; Borisov, Nikita;
Open Access
  • Published: 01 Sep 2011
  • Publisher: Springer Berlin Heidelberg
Abstract
Recent work in traffic analysis has shown that traffic patterns leaked through side channels can be used to recover important semantic information. For instance, attackers can find out which website, or which page on a website, a user is accessing simply by monitoring the packet size distribution. We show that traffic analysis is even a greater threat to privacy than previously thought by introducing a new attack that can be carried out remotely. In particular, we show that, to perform traffic analysis, adversaries do not need to directly observe the traffic patterns. Instead, they can gain sufficient information by sending probes from a far-off vantage point th...
Subjects
free text keywords: Exploit, Queueing theory, Traffic analysis, Dynamic time warping, Broadband, Internet privacy, business.industry, business, Computer security, computer.software_genre, computer, Side channel attack, Network packet, Computer science, Communication channel, Computer Science - Cryptography and Security
Download fromView all 2 versions
http://arxiv.org/pdf/1109.0097...
Part of book or chapter of book
Provider: UnpayWall
http://www.springerlink.com/in...
Part of book or chapter of book
Provider: Crossref
35 references, page 1 of 3

[1] Aditya Akella, Srinivasan Seshan, and Anees Shaikh. An empirical evaluation of wide-area Internet bottlenecks. In Mark Crovella, editor, 3rd ACM SIGCOMM Conference on Internet Measurement, pages 101-114. ACM, October 2003. DOI: 10.1145/948205.948219.

[2] George Bissias, Marc Liberatore, David Jensen, and Brian Neil Levine. Privacy vulnerabilities in encrypted HTTP streams. In George Danezis and David Martin, editors, Privacy Enhancing Technologies, volume 3856 of Lecture Notes in Computer Science, pages 1-11. Springer, June 2006. DOI: 10.1007/11767831 1.

[3] Sambuddho Chakravarty, Angelos Stavrou, and Angelos D. Keromytis. Identifying proxy nodes in a Tor anonymization circuit. In Albert Dipanda, Richard Chbeir, and Kokou Yetongnon, editors, IEEE International Conference on Signal Image Technology and Internet Based Systems, pages 633-639. IEEE Computer Society, October 2008. DOI: 10.1109/SITIS.2008.93.

[4] Shuo Chen, Rui Wang, XiaoFeng Wang, and Kehuan Zhang. Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow. In David Evans and Giovanni Vigna, editors, IEEE Symposium on Security and Privacy, pages 191-206. IEEE Computer Society, May 2010. DOI: 10.1109/SP.2010.20.

[5] Heyning Cheng and Ron Avnur. Traffic Analysis of SSL Encrypted Web Browsing, 1998. http://www.cs.berkeley.edu/˜daw/teaching/cs261-f98/projects/ final-reports/ronathan-heyning.ps.

[6] Scott E. Coull, M. Patrick Collins, Charles V. Wright, Fabian Monrose, and Michael K. Reiter. On web browsing privacy in anonymized netflows. In Niels Provos, editor, 16th USENIX Security Symposium. USENIX Association, August 2007.

[7] George Danezis and Andrei Serjantov. Statistical disclosure or intersection attacks on anonymity systems. In Jessica Fridrich, editor, Information Hiding, volume 3200 of Lecture Notes in Computer Science, pages 293-308. Springer, May 2004. DOI: 10.1007/978-3-540-30114-1 21.

[8] Roger Dingledine, Nick Mathewson, and Paul Syverson. Tor: The Second-Generation Onion Router. In Matt Blaze, editor, USENIX Security Symposium, pages 303-320. USENIX Association, 2004. [OpenAIRE]

[9] Nathan S. Evans, Roger Dingledine, and Christian Grothoff. A practical congestion attack on Tor using long paths. In Fabian Monrose, editor, 18th USENIX Security Symposium, pages 33-50. USENIX Association, August 2009.

[10] Jason Franklin, Vern Paxson, Adrian Perrig, and Stefan Savage. An inquiry into the nature and causes of the wealth of Internet miscreants. In Sabrina De Capitani di Vemarcati and Paul Syverson, editors, 14th ACM conference on Computer and Communications Security, pages 375-388. ACM, October 2007. DOI: 10.1145/1315245.1315292.

[11] Dominik Herrmann, Rolf Wendolsky, and Hannes Federrath. Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial na¨ıve-Bayes classifier. In ACM Workshop on Cloud Computing Security, pages 31-42. ACM, October 2009. DOI: 10.1145/1655008.1655013.

[12] Andrew Hintz. Fingerprinting websites using traffic analysis. In Roger Dingledine and Paul Syverson, editors, Privacy Enhancing Technologies, volume 2482 of Lecture Notes in Computer Science, pages 229-233. Springer, April 2002. DOI: 10.1007/3-540-36467-6 13.

[13] Nicholas Hopper, Eugene Y. Vasserman, and Eric Chan-Tin. How much anonymity does network latency leak? In Sabrina De Capitani di Vimercati and Paul Syverson, editors, 14th ACM Conference on Computer and Communications Security, pages 82-91. ACM, October 2007. DOI: 10.1145/1315245.1315257.

[14] Nicholas Hopper, E.Y. Vasserman, and E. Chan-Tin. How much anonymity does network latency leak? ACM Transactions on Information and System Security, 13(2), 2010. DOI: 10.1145/1698750.1698753.

[15] Sachin Kadloor, Xun Gong, Negar Kiyavash, Tolga Tezcan, and Nikita Borisov. Low-Cost Side Channel Remote Traffic Analysis Attack in Packet Networks. In Chengshan Xiao and Jan C. Olivier, editors, 2010 IEEE International Conference on Communications. IEEE, May 2010. DOI: 10.1109/ICC.2010.5501972. [OpenAIRE]

35 references, page 1 of 3
Powered by OpenAIRE Open Research Graph
Any information missing or wrong?Report an Issue
publication . Part of book or chapter of book . Preprint . 2011

Website Detection Using Remote Traffic Analysis

Gong, Xun; Kiyavash, Negar; Schear, Nabíl; Borisov, Nikita;