Skip to main content
SpringerLink
Log in

k-Indistinguishable Traffic Padding in Web Applications

  • Conference paper
Privacy Enhancing Technologies (PETS 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7384))

Included in the following conference series:

Abstract

While web-based applications are becoming increasingly ubiquitous, they also present new security and privacy challenges. In particular, recent research revealed that many high profile Web applications might cause private user information to leak from encrypted traffic due to side-channel attacks exploiting packet sizes and timing. Moreover, existing solutions, such as random padding and packet-size rounding, are shown to incur prohibitive cost while still not ensuring sufficient privacy protection. In this paper, we propose a novel k-indistinguishable traffic padding technique to achieve the optimal tradeoff between privacy protection and communication and computational cost. Specifically, we first present a formal model of the privacy-preserving traffic padding (PPTP). We then formulate PPTP problems under different application scenarios, analyze their complexity, and design efficient heuristic algorithms. Finally, we confirm the effectiveness and efficiency of our algorithms by comparing them to existing solutions through experiments using real-world Web applications.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aggarwal, G., Feder, T., Kenthapadi, K., Motwani, R., Panigrahy, R., Thomas, D., Zhu, A.: Anonymizing Tables. In: Eiter, T., Libkin, L. (eds.) ICDT 2005. LNCS, vol. 3363, pp. 246–258. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  2. Askarov, A., Zhang, D., Myers, A.C.: Predictive black-box mitigation of timing channels. In: CCS 2010, pp. 297–307 (2010)

    Google Scholar 

  3. Asonov, D., Agrawal, R.: Keyboard acoustic emanations. In: IEEE Symposium on Security and Privacy, p. 3 (2004)

    Google Scholar 

  4. Backes, M., Doychev, G., Dürmuth, M., Köpf, B.: Speaker Recognition in Encrypted Voice Streams. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 508–523. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  5. Bauer, K., McCoy, D., Greenstein, B., Grunwald, D., Sicker, D.: Physical Layer Attacks on Unlinkability in Wireless LANs. In: Goldberg, I., Atallah, M.J. (eds.) PETS 2009. LNCS, vol. 5672, pp. 108–127. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  6. Bilogrevic, I., Jadliwala, M., Kalkan, K., Hubaux, J.-P., Aad, I.: Privacy in Mobile Computing for Location-Sharing-Based Services. In: Fischer-Hübner, S., Hopper, N. (eds.) PETS 2011. LNCS, vol. 6794, pp. 77–96. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  7. Brumley, D., Boneh, D.: Remote timing attacks are practical. In: USENIX (2003)

    Google Scholar 

  8. Castelluccia, C., De Cristofaro, E., Perito, D.: Private Information Disclosure from Web Searches. In: Atallah, M.J., Hopper, N.J. (eds.) PETS 2010. LNCS, vol. 6205, pp. 38–55. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  9. Chen, S., Wang, R., Wang, X., Zhang, K.: Side-channel leaks in web applications: A reality today, a challenge tomorrow. In: IEEE Symposium on Security and Privacy 2010, pp. 191–206 (2010)

    Google Scholar 

  10. Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Samarati, P.: k-anonymous data mining: A survey. In: Privacy-Preserving Data Mining: Models and Algorithms (2008)

    Google Scholar 

  11. Danezis, G., Aura, T., Chen, S., Kıcıman, E.: How to Share Your Favourite Search Results while Preserving Privacy and Quality. In: Atallah, M.J., Hopper, N.J. (eds.) PETS 2010. LNCS, vol. 6205, pp. 273–290. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  12. Dwork, C.: Differential Privacy. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006, Part II. LNCS, vol. 4052, pp. 1–12. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  13. Fung, B.C.M., Wang, K., Chen, R., Yu, P.S.: Privacy-preserving data publishing: A survey of recent developments. ACM Comput. Surv. 42, 14:1–14:53 (2010)

    Article  Google Scholar 

  14. Kann, V.: Maximum bounded h-matching is max snp-complete. Inf. Process. Lett. 49, 309–318 (1994)

    Article  MathSciNet  MATH  Google Scholar 

  15. Kanungo, T., Mount, D.M., Netanyahu, N.S., Piatko, C., Silverman, R., Wu, A.Y.: An efficient k-means clustering algorithm: Analysis and implementation. IEEE Trans. Pattern Anal. Mach. Intell. 24, 881–892 (2002)

    Article  Google Scholar 

  16. LeFevre, K., DeWitt, D.J., Ramakrishnan, R.: Incognito: Efficient fulldomain k-anonymity. In: SIGMOD, pp. 49–60 (2005)

    Google Scholar 

  17. Li, N., Li, T., Venkatasubramanian, S.: t-closeness: Privacy beyond k-anonymity and l-diversity. In: ICDE 2007, pp. 106–115 (2007)

    Google Scholar 

  18. Liu, W.M., Wang, L., Cheng, P., Debbabi, M.: Privacy-preserving traffic padding in web-based applications. In: WPES 2011, pp. 131–136 (2011)

    Google Scholar 

  19. Luo, X., Zhou, P., Chan, E.W.W., Lee, W., Chang, R.K.C., Perdisci, R.: Httpos: Sealing information leaks with browser-side obfuscation of encrypted flows. In: NDSS 2011 (2011)

    Google Scholar 

  20. Machanavajjhala, A., Kifer, D., Gehrke, J., Venkitasubramaniam, M.: L-diversity: Privacy beyond k-anonymity. ACM Trans. Knowl. Discov. Data 1(1), 3 (2007)

    Article  Google Scholar 

  21. Nagaraja, S., Jalaparti, V., Caesar, M., Borisov, N.: P3CA: Private Anomaly Detection Across ISP Networks. In: Fischer-Hübner, S., Hopper, N. (eds.) PETS 2011. LNCS, vol. 6794, pp. 38–56. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  22. Narayanan, A., Shmatikov, V.: De-anonymizing social networks. In: IEEE Symposium on Security and Privacy 2009, pp. 173–187 (2009)

    Google Scholar 

  23. Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: CCS, pp. 199–212 (2009)

    Google Scholar 

  24. Samarati, P.: Protecting respondents’ identities in microdata release. IEEE Trans. on Knowl. and Data Eng. 13(6), 1010–1027 (2001)

    Article  Google Scholar 

  25. Saponas, T.S., Agarwal, S.: Devices that tell on you: Privacy trends in consumer ubiquitous computing. In: USENIX 2007, pp. 5:1–1:16 (2007)

    Google Scholar 

  26. Sun, J., Zhu, X., Zhang, C., Fang, Y.: Hcpp: Cryptography based secure ehr system for patient privacy and emergency healthcare. In: ICDCS 2011, pp. 373–382 (2011)

    Google Scholar 

  27. Sun, Q., Simon, D.R., Wang, Y.M., Russell, W., Padmanabhan, V.N., Qiu, L.: Statistical identification of encrypted web browsing traffic. In: IEEE Symposium on Security and Privacy (2002)

    Google Scholar 

  28. Sweeney, L.: k-anonymity: a model for protecting privacy. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems 10(5), 557–570 (2002)

    Article  MathSciNet  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Concordia Institute for Information Systems Engineering, Concordia University, Canada

    Wen Ming Liu, Lingyu Wang, Pengsu Cheng & Mourad Debbabi

  2. Department of Electrical and Computer Engineering, Illinois Institute of Technology, USA

    Kui Ren

Authors
  1. Wen Ming Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lingyu Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kui Ren
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Pengsu Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mourad Debbabi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Karlstad University, Universitetsgatan 2, 65188, Karlstad, Sweden

    Simone Fischer-Hübner

  2. Department of Computer Science and Engineering, University of Texas at Arlington, 500 UTA Blvd., 76019, Arlington, TX, USA

    Matthew Wright

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Liu, W.M., Wang, L., Ren, K., Cheng, P., Debbabi, M. (2012). k-Indistinguishable Traffic Padding in Web Applications. In: Fischer-Hübner, S., Wright, M. (eds) Privacy Enhancing Technologies. PETS 2012. Lecture Notes in Computer Science, vol 7384. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31680-7_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-31680-7_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-31679-1

  • Online ISBN: 978-3-642-31680-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation