A Web Traffic Analysis Attack Using Only Timing Information

被引:49
|
作者
Feghhi, Saman [1 ]
Leith, Douglas J. [1 ]
机构
[1] Trinity Coll Dublin, Sch Comp Sci & Stat, Dublin 2, Ireland
来源
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY | 2016年 / 11卷 / 08期
基金
爱尔兰科学基金会;
关键词
Network privacy; timing-only attacks; traffic analysis; website fingerprinting; IDENTIFICATION;
D O I
10.1109/TIFS.2016.2551203
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
We introduce an attack against encrypted web traffic that makes use only of packet timing information on the uplink. This attack is therefore impervious to existing packet padding defenses. In addition, unlike existing approaches, this timing-only attack does not require the knowledge of the start/end of web fetches and so is effective against traffic streams. We demonstrate the effectiveness of the attack against both wired and wireless traffic, achieving mean success rates in excess of 90%. In addition to being of interest in its own right, this timing-only attack serves to highlight deficiencies in existing defenses and so to areas where it would be beneficial for virtual private network (VPN) designers to focus further attention.
引用
下载
收藏
页码:1758 / 1770
页数:13
相关论文
共 50 条
  • [1] Early web application attack detection using network traffic analysis
    Rajic, Branislav
    Stanisavljevic, Zarko
    Vuletic, Pavle
    INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 2023, 22 (01) : 77 - 91
  • [2] Early web application attack detection using network traffic analysis
    Branislav Rajić
    Žarko Stanisavljević
    Pavle Vuletić
    International Journal of Information Security, 2023, 22 : 77 - 91
  • [3] On representing signals using only timing information
    Kumaresan, R
    Wang, YD
    JOURNAL OF THE ACOUSTICAL SOCIETY OF AMERICA, 2001, 110 (05): : 2421 - 2439
  • [4] Neural Analysis of HTTP Traffic for Web Attack Detection
    Atienza, David
    Herrero, Alvaro
    Corchado, Emilio
    INTERNATIONAL JOINT CONFERENCE: CISIS'15 AND ICEUTE'15, 2015, 369 : 201 - 212
  • [5] Bucketing and information flow analysis for provable timing attack mitigation
    Terauchi, Tachio
    Antonopoulos, Timos
    JOURNAL OF COMPUTER SECURITY, 2020, 28 (06) : 607 - 634
  • [6] Traffic Simulation using Web Information of Activities Location
    Chen, Songhang
    Zhu, Fenghua
    2012 15TH INTERNATIONAL IEEE CONFERENCE ON INTELLIGENT TRANSPORTATION SYSTEMS (ITSC), 2012, : 758 - 763
  • [7] An Efficient Web Traffic Defence Against Timing-Analysis Attacks
    Feghhi, Saman
    Leith, Douglas J.
    IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 2019, 14 (02) : 525 - 540
  • [8] DoS Attack Inference Using Traffic Wave Analysis
    Jayashree, P.
    Aravinth, T.
    Kumar, S. Ashok
    Manikandan, S. K. R.
    RECENT TRENDS IN NETWORKS AND COMMUNICATIONS, 2010, 90 : 171 - 179
  • [9] Traffic Storing and Related Information Generation System for Cyber Attack Analysis
    Choi, Yangseo
    Lee, Joo-Young
    Choi, Sunoh
    Kim, Jong-Hyun
    Kim, Ikkyun
    2016 INTERNATIONAL CONFERENCE ON INFORMATION AND COMMUNICATION TECHNOLOGY CONVERGENCE (ICTC 2016): TOWARDS SMARTER HYPER-CONNECTED WORLD, 2016, : 1052 - 1057
  • [10] Applied web Traffic Analysis for Numerical Encoding of SQL Injection Attack Features
    Uwagbole, Solomon Ogbomon
    Buchanan, William
    Fan, Lu
    PROCEEDINGS OF THE 15TH EUROPEAN CONFERENCE ON CYBER WARFARE AND SECURITY (ECCWS 2016), 2016, : 393 - 401
12345