Traffic Analysis of SSL Encrypted Web Browsing
نویسندگان
چکیده
The SSL protocol, an application-layer mechanism widely used for encrypted Web browsing, was not designed to address traffic analysis attacks. We investigate the threat to privacy posed by such attacks and consider possible defenses. We implement a prototype of a traffic analysis attack and employ it to identify the pages visited by users browsing a Web site. Numerical models and simulations are used to predict the effectiveness of traffic analysis on various sites, as well as the efficacy of several possible defenses. Our results show that an attack using simple techniques can identify the pages visited with very high accuracy, and suggest that defenses exist which may provide some degree of privacy protection in many cases.
منابع مشابه
Privacy Vulnerabilities in Encrypted HTTP Streams
Encrypting traffic does not prevent an attacker from performing some types of traffic analysis. We present a straightforward traffic analysis attack against encrypted HTTP streams that is surprisingly effective in identifying the source of the traffic. An attacker starts by creating a profile of the statistical characteristics of web requests from interesting sites, including distributions of p...
متن کاملDetecting Bot Networks Based On HTTP And TLS Traffic Analysis
Abstract— Bot networks are a serious threat to cyber security, whose destructive behavior affects network performance directly. Detecting of infected HTTP communications is a big challenge because infected HTTP connections are clearly merged with other types of HTTP traffic. Cybercriminals prefer to use the web as a communication environment to launch application layer attacks and secretly enga...
متن کاملPreventing SSL Traffic Analysis with Realistic Cover Traffic
As more sensitive information is transmitted over computer networks, there has been a steady increase in the deployment of encryption to protect data in-flight. Myriad encrypted network protocols have emerged [8, 2, 1] that enable various applications like encrypted browsing, VPNs, secure shells, and VoIP. Since the data payload of an encrypted protocol is protected by strong encryption, attack...
متن کاملNetwork Forensics of SSL/TLS Encrypted Channels
Network forensics is increasingly hampered by the ubiquitous use of encrypted channels by legitimate and illegitimate network traffic. Both types of traffic are frequently tunneled over application-layer encryption mechanisms, generally using the ubiquitous TLS (SSL) protocol. This results in traditional network forensics tools being largely limited to recording external characteristics (source...
متن کاملTraffic Morphing: An Efficient Defense Against Statistical Traffic Analysis
Recent work has shown that properties of network traffic that remain observable after encryption, namely packet sizes and timing, can reveal surprising information about the traffic’s contents (e.g., the language of a VoIP call [29], passwords in secure shell logins [20], or even web browsing habits [21, 14]). While there are some legitimate uses for encrypted traffic analysis, these techniques...
متن کامل