Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail
Top Cited Papers
Open Access
- 1 May 2012
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
- p. 332-346
- https://doi.org/10.1109/sp.2012.28
Abstract
We consider the setting of HTTP traffic over encrypted tunnels, as used to conceal the identity of websites visited by a user. It is well known that traffic analysis (TA) attacks can accurately identify the website a user visits despite the use of encryption, and previous work has looked at specific attack/countermeasure pairings. We provide the first comprehensive analysis of general-purpose TA countermeasures. We show that nine known countermeasures are vulnerable to simple attacks that exploit coarse features of traffic (e.g., total time and bandwidth). The considered countermeasures include ones like those standardized by TLS, SSH, and IPsec, and even more complex ones like the traffic morphing scheme of Wright et al. As just one of our results, we show that despite the use of traffic morphing, one can use only total upstream and downstream bandwidth to identify -- with 98% accuracy - which of two websites was visited. One implication of what we find is that, in the context of website identification, it is unlikely that bandwidth-efficient, general-purpose TA countermeasures can ever provide the type of security targeted in prior work.Keywords
This publication has 13 references indexed in Scilit:
- Automated black-box detection of side-channel vulnerabilities in web applicationsPublished by Association for Computing Machinery (ACM) ,2011
- Website fingerprinting in onion routing based anonymization networksPublished by Association for Computing Machinery (ACM) ,2011
- Phonotactic Reconstruction of Encrypted VoIP Conversations: Hookt on Fon-iksPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2011
- Uncovering Spoken Phrases in Encrypted Voice over IP ConversationsACM Transactions on Information and System Security, 2010
- Website Fingerprinting and Identification Using Ordered Feature SequencesLecture Notes in Computer Science, 2010
- Side-Channel Leaks in Web Applications: A Reality Today, a Challenge TomorrowPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2010
- Dependent link padding algorithms for low latency anonymity systemsPublished by Association for Computing Machinery (ACM) ,2008
- Spot Me if You Can: Uncovering Spoken Phrases in Encrypted VoIP Conversations2008 IEEE Symposium on Security and Privacy (SP 2008), 2008
- Inferring the source of encrypted HTTP connectionsPublished by Association for Computing Machinery (ACM) ,2006
- On Flow Correlation Attacks and Countermeasures in Mix NetworksLecture Notes in Computer Science, 2005