Presentation is loading. Please wait.

Presentation is loading. Please wait.

Statistical Identification of Encrypted Web-Browsing Traffic

Published byLoren Ball Modified over 6 years ago

Similar presentations

Presentation on theme: "Statistical Identification of Encrypted Web-Browsing Traffic"— Presentation transcript:

1 Statistical Identification of Encrypted Web-Browsing Traffic
Qixiang Sun Stanford University Daniel R. Simon, Yi-Min Wang, Wilf Russell, Venkata N. Padmanabhan, Lili Qiu Microsoft Research

2 Outline Motivation & Problem Intuition Hypothetical Attacker
Attacker’s Success Rate Countermeasures Conclusion

3 Anonymous Web Browsing
Protect personal information from Attacker’s Inference Medical (Online support group) Questionable Activities Question: Is this REALLY anonymous? R1 R2 R3 R4

4 What’s Different? In anonymous Web browsing Implication:
The chain of routers are used for both sending and receiving data Can link HTTP requests and responses! The target Web pages are publicly accessible Responses are known! Implication: The first link/router is an exploitable weakness.

5 What Information is Available?
HTTP Get Response Browser 1st Router Number of objects Object sizes Ordering of the objects Delay between packets R1 R2 R3 R4

6 Intuition Number of objects and object sizes are sufficient to identify a Web page! On average, a Web page has 11 objects with each object yielding 8.4 bits of information 8.4*11 – log2(11!)  67 bits  1020 possibilities!! Currently, there are about 109 Web pages

7 An Hypothetical Attacker
List of target Sensitive sites URLs Programmatic Access to URL & Traffic recording Traffic pattern Construction & Database update Traffic Pattern Database R1 Traffic recording & Pattern construction Traffic Pattern Browser History Similarity scores Calculation Decision module Negative Positive

8 Guts of the Pattern Matching
Given two multisets of object sizes S1 and S2 Sim(S1, S2) = S1  S2 / S1  S2 Decision module uses an absolute threshold. Traffic Pattern Database Similarity scores Calculation Decision module For example: S1 = {3KB, 3KB, 5KB} S2 = {3KB, 5KB, 5KB} Sim(S1, S2) = = 0.5 | {3KB, 5KB} | | {3KB, 3KB, 5KB, 5KB} |

9 Experiment Setup Approximately 100,000 Web pages in total (URLs obtained from the Open Directory Project). The hypothetical attacker chooses about 2200 pages as target pages. Goal: Can these 2200 pages be identified without causing many false positives?

10 What is a Success and Failure?
Successful Identification: A target page passes the similarity threshold and is not confused with other pages in the target set. False Positive: A non-target page is incorrectly identified as one of the target pages. Potential False Positive: A page passes the similarity threshold when compared with a single selected target page.

11 Attacker’s Success Rate
A threshold of 0.5 is sufficient. 80.4% Is this small enough? 2.1%

12 A Detailed Look Inside False-positives are NOT generated uniformly!
HTTP 404s Common-looking pages 0-identifiable pages

13 Dynamism in Web Pages Most pages are relatively static
One-day-old pattern database is sufficient

14 Countermeasures Padding Morphing Mimicking Individual objects
Add random-sized objects Morphing Pipelining the HTTP GET requests Pre-fetching Mimicking Common templates or Web-hosting services

15 Padding Object Size Linear – Nearest multiple of padding size
Exponential – Nearest power of 2

16 Padding Random Objects

17 Two-chunk Pipelining Approximately 36% of the target pages are 0-identifiable. Very close to the theoretical limit of 1/e (assuming traffic patterns are random) Implication: Can harness the total entropy in the Web page traffic patterns.

18 One-chunk Pipelining

19 Conclusion Encrypted Web browsing can be identified by
the target page’s “unique” traffic pattern.

20

21 Linear Padding

22 Exponential Padding

23 Pad Random Objects

Download ppt "Statistical Identification of Encrypted Web-Browsing Traffic"

Similar presentations

Incident Handling & Log Analysis in a Web Driven World Manindra Kishore.

Incident Handling & Log Analysis in a Web Driven World Manindra Kishore.
Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.

Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.
11 PhishNet: Predictive Blacklisting to detect Phishing Attacks Reporter: Gia-Nan Gao Advisor: Chin-Laung Lei 2010/4/26.

11 PhishNet: Predictive Blacklisting to detect Phishing Attacks Reporter: Gia-Nan Gao Advisor: Chin-Laung Lei 2010/4/26.
Cooperative Caching of Dynamic Content on a Distributed Web Server Vegard Holmedahl, Ben Smith, Tao Yang Speaker: SeungLak Choi, DB Lab., CS Dept.

Cooperative Caching of Dynamic Content on a Distributed Web Server Vegard Holmedahl, Ben Smith, Tao Yang Speaker: SeungLak Choi, DB Lab., CS Dept.
Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis Presented by Yang Gao 11/2/2011 Charles V. Wright MIT Lincoln Laboratory Scott.

Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis Presented by Yang Gao 11/2/2011 Charles V. Wright MIT Lincoln Laboratory Scott.
Ph.D. DefenceUniversity of Alberta1 Approximation Algorithms for Frequency Related Query Processing on Streaming Data Presented by Fan Deng Supervisor:

Ph.D. DefenceUniversity of Alberta1 Approximation Algorithms for Frequency Related Query Processing on Streaming Data Presented by Fan Deng Supervisor:
EECS 598-2 Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.

EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.
Creating WordPress Websites. Creating a site on your computer Local server Local WordPress installation Setting Up Dreamweaver.

Creating WordPress Websites. Creating a site on your computer Local server Local WordPress installation Setting Up Dreamweaver.
1 BotGraph: Large Scale Spamming Botnet Detection Yao Zhao EECS Department Northwestern University.

1 BotGraph: Large Scale Spamming Botnet Detection Yao Zhao EECS Department Northwestern University.
Defending Against Low-rate TCP Attack: Dynamic Detection and Protection Haibin Sun John C.S.Lui CSE Dept. CUHK David K.Y.Yau CS Dept. Purdue U.

Defending Against Low-rate TCP Attack: Dynamic Detection and Protection Haibin Sun John C.S.Lui CSE Dept. CUHK David K.Y.Yau CS Dept. Purdue U.
Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.

Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.
Internet Basics.

Internet Basics.
Mr C Johnston ICT Teacher

Mr C Johnston ICT Teacher
Signatures As Threats to Privacy Brian Neil Levine Assistant Professor Dept. of Computer Science UMass Amherst.

Signatures As Threats to Privacy Brian Neil Levine Assistant Professor Dept. of Computer Science UMass Amherst.
PhishNet: Predictive Blacklisting to Detect Phishing Attacks Pawan Prakash Manish Kumar Ramana Rao Kompella Minaxi Gupta Purdue University, Indiana University.

PhishNet: Predictive Blacklisting to Detect Phishing Attacks Pawan Prakash Manish Kumar Ramana Rao Kompella Minaxi Gupta Purdue University, Indiana University.
Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.

Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.
John P., Fang Yu, Yinglian Xie, Martin Abadi, Arvind Krishnamurthy University of California, Santa Cruz USENIX SECURITY SYMPOSIUM, August, 2010 John P.,

John P., Fang Yu, Yinglian Xie, Martin Abadi, Arvind Krishnamurthy University of California, Santa Cruz USENIX SECURITY SYMPOSIUM, August, 2010 John P.,
Routing and Routing Protocols Dynamic Routing Overview.

Routing and Routing Protocols Dynamic Routing Overview.
Chapter 6 The World Wide Web. Web Pages Each page is an interactive multimedia publication It can include: text, graphics, music and videos Pages are.

Chapter 6 The World Wide Web. Web Pages Each page is an interactive multimedia publication It can include: text, graphics, music and videos Pages are.
1 On the Placement of Web Server Replicas Lili Qiu, Microsoft Research Venkata N. Padmanabhan, Microsoft Research Geoffrey M. Voelker, UCSD IEEE INFOCOM’2001,

1 On the Placement of Web Server Replicas Lili Qiu, Microsoft Research Venkata N. Padmanabhan, Microsoft Research Geoffrey M. Voelker, UCSD IEEE INFOCOM’2001,

Similar presentations

Ads by Google