Die Normalverteilung von Datenpaketen verrät viel; trotz HTTPS.

Herausfinden, was sich jemand angesehen hat, obwohl die Verbindung zwischen Client und Server mittels HTTPS geschützt ist? Ja, geht; mittels Analyse der Normalverteilung von Datenmustern.

We present a traffic analysis attack against over 6000 webpages spanning the HTTPS deployments of 10 widely used, industry-leading websites in areas such as healthcare, finance, legal services and streaming video. Our attack identifies individual pages in the same website with 89% accuracy, exposing personal details including medical conditions, financial and legal affairs and sexual orientation. We examine evaluation methodology and reveal accuracy variations as large as 18% caused by assumptions affecting caching and cookies. We present a novel defense reducing attack accuracy to 27% with a 9% traffic increase, and demonstrate significantly increased effectiveness of prior defenses in our evaluation context, inclusive of enabled caching, user-specific cookies and pages within the same website.

Wer hätte gedacht, dass Cookies und Caches einmal dem Datenschutz dienlich sein könnten?! Aus dem Artikel:

Our analysis reveals that caching significantly decreases the number of unique packet sizes observed for samples of a given label. We focus on the number of unique packet sizes since packet size counts are a commonly used feature in traffic analysis attacks. A reduction in the number of unique packet sizes reduces the number of non-zero features and creates difficulty in distinguishing samples.

Der Link führt zu einem wissenschaftlichen Artikel („I Know Why You Went to the Clinic: Risks and Realization of HTTPS Traffic Analysis„), also PDF und viel Text mit Absätzen, Zitaten, Verweisen, Grafiken und Tabellen. Nicht schrecken, sowas lesen Menschen, die dafür sorgen, dass Twitter und Facebook noch lange kostenlos bleiben.

Do NOT follow this link or you will be banned from the site!