Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail
Title | Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail |
Publication Type | Conference Paper |
Year of Publication | 2012 |
Authors | Dyer, K.P., Coull, S.E., Ristenpart, T., Shrimpton, T. |
Conference Name | Security and Privacy (SP), 2012 IEEE Symposium on |
Date Published | May |
Keywords | Accuracy, attack/countermeasure pairings, Bandwidth, cryptography, downstream bandwidth, encrypted traffic, encrypted tunnel, Encryption, general-purpose TA countermeasures, HTTP traffic, hypermedia, IPsec, machine learning, padding, privacy, security, SSH, Support vector machines, TA attack, telecommunication traffic, TLS, traffic analysis attack, traffic analysis countermeasures, traffic morphing scheme, upstream bandwidth, Vectors, Web pages, Web site identification, Web sites |
Abstract | We consider the setting of HTTP traffic over encrypted tunnels, as used to conceal the identity of websites visited by a user. It is well known that traffic analysis (TA) attacks can accurately identify the website a user visits despite the use of encryption, and previous work has looked at specific attack/countermeasure pairings. We provide the first comprehensive analysis of general-purpose TA countermeasures. We show that nine known countermeasures are vulnerable to simple attacks that exploit coarse features of traffic (e.g., total time and bandwidth). The considered countermeasures include ones like those standardized by TLS, SSH, and IPsec, and even more complex ones like the traffic morphing scheme of Wright et al. As just one of our results, we show that despite the use of traffic morphing, one can use only total upstream and downstream bandwidth to identify - with 98% accuracy - which of two websites was visited. One implication of what we find is that, in the context of website identification, it is unlikely that bandwidth-efficient, general-purpose TA countermeasures can ever provide the type of security targeted in prior work. |
URL | http://ieeexplore.ieee.org/document/6234422/?reload=true |
DOI | 10.1109/SP.2012.28 |
Citation Key | 6234422 |
- privacy
- Web sites
- Web site identification
- Web pages
- Vectors
- upstream bandwidth
- traffic morphing scheme
- traffic analysis countermeasures
- traffic analysis attack
- TLS
- telecommunication traffic
- TA attack
- Support vector machines
- SSH
- security
- Accuracy
- padding
- machine learning
- IPsec
- hypermedia
- HTTP traffic
- general-purpose TA countermeasures
- encryption
- encrypted tunnel
- encrypted traffic
- downstream bandwidth
- Cryptography
- Bandwidth
- attack/countermeasure pairings