Side-Channel Information Leakage of Traffic Data in Instant Messaging

Instant Messaging has been widely applied for both corporate use and personal use in recent years. Major Instant Messaging service providers adopt the Push Technology to ensure the immediacy of message forwarding, which efficiently provides a great convenience for user. However, the immediacy feature causes side-channel information leakage even if some protection measures has been implemented, such as information encryption strategy. In particular, we observe that senders’ traffic flows have a strong temporal correlation with those of corresponding recipients, since the messages are forwarded to recipients as soon as they are received by servers. Based on the observation, attackers can infer real-time communications between pairwise users and even the social connections of users. In this paper, we present a methodology framework to validate this side-channel information leakage, which identifies users of real-time communications by matching the pairwise time sequences of traffic flows. We evaluate the method on the collected real-world data. The experimental results show that users’ communications can be identified with a high accuracy, and 6 groups of users are inferred to have strong connections based on the data collected from a local area networks.

[1]  Thomas Ristenpart,et al.  Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail , 2012, 2012 IEEE Symposium on Security and Privacy.

[2]  Brian Neil Levine,et al.  Inferring the source of encrypted HTTP connections , 2006, CCS '06.

[3]  Charles V. Wright,et al.  Spot Me if You Can: Uncovering Spoken Phrases in Encrypted VoIP Conversations , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[4]  Yunhao Liu,et al.  Context-free Attacks Using Keyboard Acoustic Emanations , 2014, CCS.

[5]  Ivan Martinovic,et al.  Who do you sync you are?: smartphone fingerprinting via application behaviour , 2013, WiSec '13.

[6]  Tadayoshi Kohno,et al.  Devices That Tell on You: Privacy Trends in Consumer Ubiquitous Computing , 2007, USENIX Security Symposium.

[7]  Jiguo Yu,et al.  Side-channel information leakage of encrypted video stream in video surveillance systems , 2016, IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications.

[8]  Mauro Conti,et al.  Robust Smartphone App Identification via Encrypted Network Traffic Analysis , 2017, IEEE Transactions on Information Forensics and Security.

[9]  Lili Qiu,et al.  Statistical identification of encrypted Web browsing traffic , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[10]  Sebastian Zander,et al.  Automated traffic classification and application identification using machine learning , 2005, The IEEE Conference on Local Computer Networks 30th Anniversary (LCN'05)l.

[11]  Brijesh Joshi,et al.  Touching from a distance: website fingerprinting attacks and defenses , 2012, CCS.

[12]  Fan Zhang,et al.  Inferring users' online activities through traffic analysis , 2011, WiSec '11.

[13]  Jan-Michael Frahm,et al.  Watching the Watchers: Automatically Inferring TV Content From Outdoor Light Effusions , 2014, CCS.

[14]  Kamin Whitehouse,et al.  Protecting your daily in-home activity information from a wireless snooping attack , 2008, UbiComp.

[15]  Hannes Federrath,et al.  Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier , 2009, CCSW '09.

[16]  Charles V. Wright,et al.  Language Identification of Encrypted VoIP Traffic: Alejandra y Roberto or Alice and Bob? , 2007, USENIX Security Symposium.

[17]  Neal Patwari,et al.  See-Through Walls: Motion Tracking Using Variance-Based Radio Tomography Networks , 2011, IEEE Transactions on Mobile Computing.

[18]  Helen J. Wang,et al.  Preserving location privacy in wireless lans , 2007, MobiSys '07.