Skip to main content
SpringerLink
Log in

Website Detection Using Remote Traffic Analysis

  • Conference paper
Privacy Enhancing Technologies (PETS 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7384))

Included in the following conference series:

Abstract

Recent work in traffic analysis has shown that traffic patterns leaked through side channels can be used to recover important semantic information. For instance, attackers can find out which website, or which page on a website, a user is accessing simply by monitoring the packet size distribution. We show that traffic analysis is even a greater threat to privacy than previously thought by introducing a new attack that can be carried out remotely. In particular, we show that, to perform traffic analysis, adversaries do not need to directly observe the traffic patterns. Instead, they can gain sufficient information by sending probes from a far-off vantage point that exploits a queuing side channel in routers.

To demonstrate the threat of such remote traffic analysis, we study a remote website detection attack that works against home broadband users. Because the remotely observed traffic patterns are more noisy than those obtained using previous schemes based on direct local traffic monitoring, we take a dynamic time warping (DTW) based approach to detecting fingerprints from the same website. As a new twist on website fingerprinting, we consider a website detection attack, where the attacker aims to find out whether a user browses a particular web site, and its privacy implications. We show experimentally that, although the success of the attack is highly variable, depending on the target site, for some sites very low error rates. We also show how such website detection can be used to deanonymize message board users.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Akella, A., Seshan, S., Shaikh, A.: An empirical evaluation of wide-area Internet bottlenecks. In: Crovella, M. (ed.) 3rd ACM SIGCOMM Conference on Internet Measurement, pp. 101–114. ACM, New York (2003), http://dl.acm.org/citation.cfm?id=948205.948219

    Chapter  Google Scholar 

  2. Bissias, G.D., Liberatore, M., Jensen, D., Levine, B.N.: Privacy Vulnerabilities in Encrypted HTTP Streams. In: Danezis, G., Martin, D. (eds.) PET 2005. LNCS, vol. 3856, pp. 1–11. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  3. Chakravarty, S., Stavrou, A., Keromytis, A.D.: Identifying proxy nodes in a Tor anonymization circuit. In: Dipanda, A., Chbeir, R., Yetongnon, K. (eds.) IEEE International Conference on Signal Image Technology and Internet Based Systems, pp. 633–639. IEEE Computer Society, Los Alamitos (2008)

    Chapter  Google Scholar 

  4. Chen, S., Wang, R., Wang, X., Zhang, K.: Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow. In: Evans, D., Vigna, G. (eds.) IEEE Symposium on Security and Privacy, pp. 191–206. IEEE Computer Society (May 2010), http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=5504714

  5. Cheng, H., Avnur, R.: Traffic Analysis of SSL Encrypted Web Browsing (1998), http://www.cs.berkeley.edu/~daw/teaching/cs261-f98/projects/final-reports/ronathan-heyning.ps

  6. Coull, S.E., Collins, M.P., Wright, C.V., Monrose, F., Reiter, M.K.: On web browsing privacy in anonymized netflows. In: Provos, N. (ed.) 16th USENIX Security Symposium. USENIX Association, Berkeley (2007), http://www.usenix.org/events/sec07/tech/coull.html

    Google Scholar 

  7. Danezis, G., Serjantov, A.: Statistical Disclosure or Intersection Attacks on Anonymity Systems. In: Fridrich, J. (ed.) IH 2004. LNCS, vol. 3200, pp. 293–308. Springer, Heidelberg (2004), http://www.springerlink.com/index/TQLJB3HYBK4RUBLA.pdf

    Chapter  Google Scholar 

  8. Dingledine, R., Mathewson, N., Syverson, P.: Tor: The Second-Generation Onion Router. In: Blaze, M. (ed.) USENIX Security Symposium, pp. 303–320. USENIX Association, San Diego (2004), http://portal.acm.org/citation.cfm?id=1251396

    Google Scholar 

  9. Evans, N.S., Dingledine, R., Grothoff, C.: A practical congestion attack on Tor using long paths. In: Monrose, F. (ed.) 18th USENIX Security Symposium, pp. 33–50. USENIX Association (August 2009), http://www.usenix.org/events/sec09/tech/full_papers/evans.pdf

  10. Franklin, J., Paxson, V., Perrig, A., Savage, S.: An inquiry into the nature and causes of the wealth of Internet miscreants. In: De Capitani di Vemarcati, S., Syverson, P. (eds.) 14th ACM Conference on Computer and Communications Security, pp. 375–388. ACM, New York (2007), http://dl.acm.org/citation.cfm?id=1315245.1315292

    Google Scholar 

  11. Herrmann, D., Wendolsky, R., Federrath, H.: Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naïve-Bayes classifier. In: ACM Workshop on Cloud Computing Security, pp. 31–42. ACM, Chicago (2009), http://portal.acm.org/citation.cfm?id=1655013

    Chapter  Google Scholar 

  12. Hintz, A.: Fingerprinting Websites Using Traffic Analysis. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 171–178. Springer, Heidelberg (2003), http://www.springerlink.com/index/C4QWE6D608P2CJYV.pdf

    Chapter  Google Scholar 

  13. Hopper, N., Vasserman, E.Y., Chan-Tin, E.: How much anonymity does network latency leak? In: De Capitani di Vimercati, S., Syverson, P. (eds.) 14th ACM Conference on Computer and Communications Security, pp. 82–91. ACM, New York (2007), http://dl.acm.org/citation.cfm?id=1315245.1315257

    Chapter  Google Scholar 

  14. Hopper, N., Vasserman, E., Chan-Tin, E.: How much anonymity does network latency leak? ACM Transactions on Information and System Security 13(2) (2010), http://portal.acm.org/citation.cfm?id=1698753

  15. Kadloor, S., Gong, X., Kiyavash, N., Tezcan, T., Borisov, N.: Low-Cost Side Channel Remote Traffic Analysis Attack in Packet Networks. In: Xiao, C., Olivier, J.C. (eds.) 2010 IEEE International Conference on Communications. IEEE (May 2010), http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=5501972

  16. Lakshminarayanan, K., Padmanabhan, V.N.: Some findings on the network performance of broadband hosts. In: Crovella, M. (ed.) Proceedings of the 2003 ACM SIGCOMM Conference on Internet Measurement, IMC 2003, pp. 101–114. ACM Press, New York (2003), http://portal.acm.org/citation.cfm?doid=948205.948212

    Google Scholar 

  17. Liberatore, M., Levine, B.N.: Inferring the source of encrypted HTTP connections. In: Wright, R., De Capitani di Vemarcati, S. (eds.) 13th ACM Conference on Computer and Communications Security, pp. 255–263. ACM, New York (2006), http://portal.acm.org/citation.cfm?id=1180437

    Chapter  Google Scholar 

  18. Lyon, G.F.: Nmap Network Scanning. Nmap Project (1999)

    Google Scholar 

  19. Murdoch, S., Danezis, G.: Low-Cost Traffic Analysis of Tor. In: Paxson, V., Waidner, M. (eds.) 2005 IEEE Symposium on Security and Privacy, pp. 183–195. IEEE Computer Society, Berkeley (2005), http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=1425067

    Chapter  Google Scholar 

  20. Prasad, R., Davrolis, C., Murray, M., Claffy, K.: Bandwidth estimation: metrics, measurement techniques, and tools. IEEE Network 17(6), 27–35 (2003), http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=1248658

    Article  Google Scholar 

  21. Rennhard, M., Plattner, B.: Introducing MorphMix: peer-to-peer based anonymous Internet usage with collusion detection. In: Samarati, P. (ed.) ACM Workshop on Privacy in Electronic Society, pp. 91–102. ACM Press, New York (2002), http://portal.acm.org/citation.cfm?id=644537

    Chapter  Google Scholar 

  22. Ribeiro, V., Riedi, R., Baraniuk, R., Navratil, J., Cottrell, L.: pathchirp: Efficient available bandwidth estimation for network paths. In: Passive and Active Measurement Workshop, vol. 4. Citeseer (March 2003)

    Google Scholar 

  23. Rizzo, L.: Dummynet: a simple approach to the evaluation of network protocols. ACM SIGCOMM Computer Communication Review 27(1), 31–41 (1997), http://portal.acm.org/citation.cfm?doid=251007.251012

    Article  Google Scholar 

  24. Sakoe, H., Chiba, S.: Dynamic programming algorithm optimization for spoken word recognition. IEEE Transactions on Acoustics, Speech, and Signal Processing 26(1), 43–49 (1978), http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=1163055

    Article  MATH  Google Scholar 

  25. Saponas, T.S., Lester, J., Hartung, C., Agarwal, S., Kohno, T.: Devices that tell on you: Privacy trends in consumer ubiquitous computing. In: Provos, N. (ed.) 16th USENIX Security Symposium, pp. 55–70. USENIX Association (2007), http://portal.acm.org/citation.cfm?id=1362908

  26. Shreedhar, M., Varghese, G.: Efficient fair queuing using deficit round-robin. IEEE/ACM Transactions on Networking 4(3), 375–385 (1996), http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=502236

    Article  Google Scholar 

  27. Song, D.X., Wagner, D., Tian, X.: Timing analysis of keystrokes and SSH timing attacks. In: Wallach, D.S. (ed.) 10th USENIX Security Symposium. USENIX Association (August 2001), http://www.usenix.org/events/sec01/song.html

  28. Strauss, J., Katabi, D., Kaashoek, F.: A measurement study of available bandwidth estimation tools. In: Crovella, M. (ed.) 3rd ACM SIGCOMM Conference on Internet Measurement, pp. 39–44. ACM, New York (2003), http://portal.acm.org/citation.cfm?id=948211

    Chapter  Google Scholar 

  29. Sun, Q., Simon, D.R., Wang, Y.M., Russell, W., Padmanabhan, V.N., Qiu, L.: Statistical identification of encrypted Web browsing traffic. In: Abadi, M., Bellovin, S.M. (eds.) IEEE Symposium on Security and Privacy, pp. 19–30. IEEE Computer Society (May 2002), http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=1004359

  30. Wagner, D., Schneier, B.: Analysis of the SSL 3.0 Protocol. In: Tygar, D. (ed.) USENIX Workshop on Electronic Commerce. USENIX Association (November 1996), http://www.usenix.org/publications/library/proceedings/ec96/wagner.html

  31. White, A.M., Matthews, A.R., Snow, K.Z., Monrose, F.: Phonotactic reconstruction of encrypted VoIP conversations: Hookt on Foniks. In: Vigna, G., Jha, S. (eds.) IEEE Symposium on Security and Privacy, pp. 3–18. IEEE Computer Society (May 2011), http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=5958018

  32. Wright, C.V., Ballard, L., Coull, S.E., Monrose, F., Masson, G.M.: Spot me if you can: Uncovering spoken phrases in encrypted VoIP conversations. In: IEEE Symposium on Security and Privacy, pp. 35–49. IEEE Computer Society, Washington, DC (2008), http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=4531143

    Google Scholar 

  33. Wright, C.V., Ballard, L., Coull, S.E., Monrose, F., Masson, G.M.: Uncovering Spoken Phrases in Encrypted Voice over IP Conversations. ACM Transactions on Information and System Security 13(4), 1–30 (2010), http://doi.acm.org/10.1145/1880022.1880029

    Article  Google Scholar 

  34. Zhang, K., Wang, X.: Peeping Tom in the neighborhood: Keystroke eavesdropping on multi-user systems. In: Monrose, F. (ed.) 18th USENIX Security Symposium USENIX Security. USENIX Association (August 2009), http://www.usenix.org/events/sec09/tech/full_papers/zhang.pdf

  35. Zhu, Y., Bettati, R.: Unmixing Mix Traffic. In: Danezis, G., Martin, D. (eds.) PET 2005. LNCS, vol. 3856, pp. 110–127. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Electrical and Computer Engineering, UIUC, USA

    Xun Gong & Nikita Borisov

  2. Department of Industrial and Enterprise Systems Engineering, UIUC, USA

    Negar Kiyavash

  3. Department of Computer Science, UIUC, USA

    Nabil Schear

Authors
  1. Xun Gong
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nikita Borisov
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Negar Kiyavash
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Nabil Schear
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Karlstad University, Universitetsgatan 2, 65188, Karlstad, Sweden

    Simone Fischer-Hübner

  2. Department of Computer Science and Engineering, University of Texas at Arlington, 500 UTA Blvd., 76019, Arlington, TX, USA

    Matthew Wright

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Gong, X., Borisov, N., Kiyavash, N., Schear, N. (2012). Website Detection Using Remote Traffic Analysis. In: Fischer-Hübner, S., Wright, M. (eds) Privacy Enhancing Technologies. PETS 2012. Lecture Notes in Computer Science, vol 7384. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31680-7_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-31680-7_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-31679-1

  • Online ISBN: 978-3-642-31680-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation