A Web Traffic Analysis Attack Using Only Timing Information

A Web Traffic Analysis Attack Using Only Timing Information

We introduce an attack against encrypted Web traffic that makes use only of packet timing information on the uplink. This attack is therefore impervious to existing packet padding defenses. In addition, unlike existing approaches, this timing-only attack does not require the knowledge of the start/e...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE transactions on information forensics and security 2016-08, Vol.11 (8), p.1747-1759
Hauptverfasser: Feghhi, Saman, Leith, Douglas J.
Format: Artikel
Sprache:eng
Schlagworte:
Cryptography
Downlink
Servers
Timing
Uplink
Web pages
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 1759
container_issue 8
container_start_page 1747
container_title IEEE transactions on information forensics and security
container_volume 11
creator Feghhi, Saman
Leith, Douglas J.
description We introduce an attack against encrypted Web traffic that makes use only of packet timing information on the uplink. This attack is therefore impervious to existing packet padding defenses. In addition, unlike existing approaches, this timing-only attack does not require the knowledge of the start/end of web fetches and so is effective against traffic streams. We demonstrate the effectiveness of the attack against both wired and wireless traffic, achieving mean success rates in excess of 90%. In addition to being of interest in its own right, this timing-only attack serves to highlight deficiencies in existing defenses and so to areas where it would be beneficial for virtual private network (VPN) designers to focus further attention.
doi_str_mv 10.1109/TIFS.2016.2551203
format Article
fullrecord <record><control><sourceid>proquest_RIE</sourceid><recordid>TN_cdi_ieee_primary_7448393</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>7448393</ieee_id><sourcerecordid>4053393911</sourcerecordid><originalsourceid>FETCH-LOGICAL-c359t-371e5f1105e40ebbde48d6332e5c144f2e2efa424f63acf2403bbd1b7be028da3</originalsourceid><addsrcrecordid>eNo9kEtLw0AUhQdRsFZ_gLgZcJ06dx554CoUq4VCF6a4HCbJHZnaJnUmXfTfNyGlq3sW37kcPkKegc0AWPZWLBffM84gnnGlgDNxQyagVBzFjMPtNYO4Jw8hbBmTEuJ0Qt5z-oMlLbyx1lU0b8zuFFygedeZ6o9ugmt-6brZnWjh9kNeNrb1e9O5tnkkd9bsAj5d7pRsFh_F_CtarT-X83wVVUJlXSQSQGX7lQolw7KsUaZ1LARHVYGUliNHaySXNhamslwy0UNQJiUyntZGTMnr-Pfg2_8jhk5v26PvlwYNSZqKhGeJ6ikYqcq3IXi0-uDd3viTBqYHR3pwpAdH-uKo77yMHYeIVz6RMhWZEGeF72Fs</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1788372975</pqid></control><display><type>article</type><title>A Web Traffic Analysis Attack Using Only Timing Information</title><source>IEEE Electronic Library (IEL)</source><creator>Feghhi, Saman ; Leith, Douglas J.</creator><creatorcontrib>Feghhi, Saman ; Leith, Douglas J.</creatorcontrib><description>We introduce an attack against encrypted Web traffic that makes use only of packet timing information on the uplink. This attack is therefore impervious to existing packet padding defenses. In addition, unlike existing approaches, this timing-only attack does not require the knowledge of the start/end of web fetches and so is effective against traffic streams. We demonstrate the effectiveness of the attack against both wired and wireless traffic, achieving mean success rates in excess of 90%. In addition to being of interest in its own right, this timing-only attack serves to highlight deficiencies in existing defenses and so to areas where it would be beneficial for virtual private network (VPN) designers to focus further attention.</description><identifier>ISSN: 1556-6013</identifier><identifier>EISSN: 1556-6021</identifier><identifier>DOI: 10.1109/TIFS.2016.2551203</identifier><identifier>CODEN: ITIFA6</identifier><language>eng</language><publisher>New York: IEEE</publisher><subject>Cryptography ; Downlink ; Servers ; Timing ; Uplink ; Web pages</subject><ispartof>IEEE transactions on information forensics and security, 2016-08, Vol.11 (8), p.1747-1759</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2016</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c359t-371e5f1105e40ebbde48d6332e5c144f2e2efa424f63acf2403bbd1b7be028da3</citedby><cites>FETCH-LOGICAL-c359t-371e5f1105e40ebbde48d6332e5c144f2e2efa424f63acf2403bbd1b7be028da3</cites><orcidid>0000-0003-1988-9615</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/7448393$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,776,780,792,27901,27902,54733</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/7448393$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Feghhi, Saman</creatorcontrib><creatorcontrib>Leith, Douglas J.</creatorcontrib><title>A Web Traffic Analysis Attack Using Only Timing Information</title><title>IEEE transactions on information forensics and security</title><addtitle>TIFS</addtitle><description>We introduce an attack against encrypted Web traffic that makes use only of packet timing information on the uplink. This attack is therefore impervious to existing packet padding defenses. In addition, unlike existing approaches, this timing-only attack does not require the knowledge of the start/end of web fetches and so is effective against traffic streams. We demonstrate the effectiveness of the attack against both wired and wireless traffic, achieving mean success rates in excess of 90%. In addition to being of interest in its own right, this timing-only attack serves to highlight deficiencies in existing defenses and so to areas where it would be beneficial for virtual private network (VPN) designers to focus further attention.</description><subject>Cryptography</subject><subject>Downlink</subject><subject>Servers</subject><subject>Timing</subject><subject>Uplink</subject><subject>Web pages</subject><issn>1556-6013</issn><issn>1556-6021</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2016</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><recordid>eNo9kEtLw0AUhQdRsFZ_gLgZcJ06dx554CoUq4VCF6a4HCbJHZnaJnUmXfTfNyGlq3sW37kcPkKegc0AWPZWLBffM84gnnGlgDNxQyagVBzFjMPtNYO4Jw8hbBmTEuJ0Qt5z-oMlLbyx1lU0b8zuFFygedeZ6o9ugmt-6brZnWjh9kNeNrb1e9O5tnkkd9bsAj5d7pRsFh_F_CtarT-X83wVVUJlXSQSQGX7lQolw7KsUaZ1LARHVYGUliNHaySXNhamslwy0UNQJiUyntZGTMnr-Pfg2_8jhk5v26PvlwYNSZqKhGeJ6ikYqcq3IXi0-uDd3viTBqYHR3pwpAdH-uKo77yMHYeIVz6RMhWZEGeF72Fs</recordid><startdate>20160801</startdate><enddate>20160801</enddate><creator>Feghhi, Saman</creator><creator>Leith, Douglas J.</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>7TB</scope><scope>8FD</scope><scope>FR3</scope><scope>JQ2</scope><scope>KR7</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><orcidid>https://orcid.org/0000-0003-1988-9615</orcidid></search><sort><creationdate>20160801</creationdate><title>A Web Traffic Analysis Attack Using Only Timing Information</title><author>Feghhi, Saman ; Leith, Douglas J.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c359t-371e5f1105e40ebbde48d6332e5c144f2e2efa424f63acf2403bbd1b7be028da3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2016</creationdate><topic>Cryptography</topic><topic>Downlink</topic><topic>Servers</topic><topic>Timing</topic><topic>Uplink</topic><topic>Web pages</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Feghhi, Saman</creatorcontrib><creatorcontrib>Leith, Douglas J.</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics &amp; Communications Abstracts</collection><collection>Mechanical &amp; Transportation Engineering Abstracts</collection><collection>Technology Research Database</collection><collection>Engineering Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Civil Engineering Abstracts</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>IEEE transactions on information forensics and security</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Feghhi, Saman</au><au>Leith, Douglas J.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A Web Traffic Analysis Attack Using Only Timing Information</atitle><jtitle>IEEE transactions on information forensics and security</jtitle><stitle>TIFS</stitle><date>2016-08-01</date><risdate>2016</risdate><volume>11</volume><issue>8</issue><spage>1747</spage><epage>1759</epage><pages>1747-1759</pages><issn>1556-6013</issn><eissn>1556-6021</eissn><coden>ITIFA6</coden><abstract>We introduce an attack against encrypted Web traffic that makes use only of packet timing information on the uplink. This attack is therefore impervious to existing packet padding defenses. In addition, unlike existing approaches, this timing-only attack does not require the knowledge of the start/end of web fetches and so is effective against traffic streams. We demonstrate the effectiveness of the attack against both wired and wireless traffic, achieving mean success rates in excess of 90%. In addition to being of interest in its own right, this timing-only attack serves to highlight deficiencies in existing defenses and so to areas where it would be beneficial for virtual private network (VPN) designers to focus further attention.</abstract><cop>New York</cop><pub>IEEE</pub><doi>10.1109/TIFS.2016.2551203</doi><tpages>13</tpages><orcidid>https://orcid.org/0000-0003-1988-9615</orcidid></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 1556-6013
ispartof IEEE transactions on information forensics and security, 2016-08, Vol.11 (8), p.1747-1759
issn 1556-6013
1556-6021
language eng
recordid cdi_ieee_primary_7448393
source IEEE Electronic Library (IEL)
subjects Cryptography
Downlink
Servers
Timing
Uplink
Web pages
title A Web Traffic Analysis Attack Using Only Timing Information
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-04T00%3A56%3A08IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20Web%20Traffic%20Analysis%20Attack%20Using%20Only%20Timing%20Information&rft.jtitle=IEEE%20transactions%20on%20information%20forensics%20and%20security&rft.au=Feghhi,%20Saman&rft.date=2016-08-01&rft.volume=11&rft.issue=8&rft.spage=1747&rft.epage=1759&rft.pages=1747-1759&rft.issn=1556-6013&rft.eissn=1556-6021&rft.coden=ITIFA6&rft_id=info:doi/10.1109/TIFS.2016.2551203&rft_dat=%3Cproquest_RIE%3E4053393911%3C/proquest_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1788372975&rft_id=info:pmid/&rft_ieee_id=7448393&rfr_iscdi=true