Distinguishability and Web traffic timing analysis

Abstract

Privacy of data transmitted over public networks has attracted much attention over recent years. Studies show that attacks based on traffic analysis enable malicious users to extract useful information about communications between parties, even if the content of these communications is carried over an encrypted channel. In this thesis we begin by introducing a website fingerprinting attack against encrypted web traffic that uses only packet timing information on the uplink. This attack is therefore impervious to existing packet padding defence schemes. In addition, unlike existing methods this attack does not require knowledge of the start/end of web fetches and so is effective against traffic streams. We demonstrate the effectiveness of the attack against both wired and wireless traffic, achieving mean success rates in excess of 90%. We also consider an attacker that can collect training data, but only over a different connection from that against which the attack is directed. This is a significantly easier to perform attack than one which depends on training data collected over the victim link. We demonstrate that an attacker can infer the correct web page >87% of the time when the training data is collected at a distance of up to 25 km from the victim, provided that the type of link is similar e.g. if the victim link uses a cable modem then the training data should be measured over a cable modem link. We also investigate the impact of distance in time between when the training data is collected and when the attack is performed. We then move on to consider defences against timing analysis attacks. We initiate the study of the joint trade-off between privacy, throughput and delay in a shared network as a utility fairness problem and derive the proportional fair rate allocation for networks of flows subject to privacy constraints and delay deadlines. Since this analysis is confined to Bernoulli traffic arrivals we then consider the design of a timing analysis resistant encrypted tunnel that admits general traffic arrivals. The basic idea is to ensure privacy by serving the incoming traffic using predefined traffic patterns, called “traces”. The service rate is controlled by activating sufficient number of traces to match the rate of arrivals. The delay, throughput and privacy performance achieved is evaluated using a prototype implementation of a privacy-enhanced VPN.