A first-hop traffic analysis attack against a femtocell

We introduce an attack against encrypted web traffic passing over the first hop - between a femtocell device and the mobile core network. The attack makes use only of packet timing information on the uplink and so is impervious to packet padding defences. We demonstrate the effectiveness of the attack at identifying the web sites being visited by a mobile broadband user whose traffic goes through a femtocell device, achieving mean success rates of 92%. As well as being of interest in its own right, this timing-only attack serves to highlight deficiencies in existing defences and so to areas where it would be beneficial for VPN designers to focus further attention.

[1]  Thomas Engel,et al.  Website fingerprinting in onion routing based anonymization networks , 2011, WPES.

[2]  Tao Wang,et al.  Effective Attacks and Provable Defenses for Website Fingerprinting , 2014, USENIX Security Symposium.

[3]  Brijesh Joshi,et al.  Touching from a distance: website fingerprinting attacks and defenses , 2012, CCS.

[4]  Chadi Barakat,et al.  Can We Trust the Inter-Packet Time for Traffic Classification? , 2011, 2011 IEEE International Conference on Communications (ICC).

[5]  Ling Huang,et al.  I Know Why You Went to the Clinic: Risks and Realization of HTTPS Traffic Analysis , 2014, Privacy Enhancing Technologies.

[6]  Lili Qiu,et al.  Statistical identification of encrypted Web browsing traffic , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[7]  Andrew Hintz,et al.  Fingerprinting Websites Using Traffic Analysis , 2002, Privacy Enhancing Technologies.

[8]  Hannes Federrath,et al.  Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier , 2009, CCSW '09.

[9]  David D. Jensen,et al.  Privacy Vulnerabilities in Encrypted HTTP Streams , 2005, Privacy Enhancing Technologies.

[10]  Eamonn J. Keogh,et al.  Derivative Dynamic Time Warping , 2001, SDM.

[11]  Mun Choon Chan,et al.  Website Fingerprinting and Identification Using Ordered Feature Sequences , 2010, ESORICS.

[12]  Thomas Ristenpart,et al.  Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail , 2012, 2012 IEEE Symposium on Security and Privacy.

[13]  Brian Neil Levine,et al.  Inferring the source of encrypted HTTP connections , 2006, CCS '06.