SECURING WEB-BASED APPLICATIONS WITH PRIVACY PRESERVING TRAFFIC PADDING

Now-a-days, Web-based applications are gaining great reputation as they require less client side resources and are easier to deliver and maintain. But they also have new security and privacy challenges. The encrypted traffic of many popular Web applications may actually disclose highly sensitive data due to the side channel attack, and consequently lead to serious breaches of user privacy. An eavesdropper potentially identifies the applications’ internal state transitions and the corresponding users’ inputs based on packets’ sizes and/or timing analysis. The existing solution such as random padding and packet size rounding were proven to incur prohibitive overhead but were failing to assure sufficient privacy requirement. For preventing such side channel attack is to pad packets such that each packet will no longer map to a unique input. Padding packets results in additional communication and processing overhead. One extreme cases to pad all packets to the identical size, namely, maximizing. In the proposed system a similarity has been identified between the privacy preserving traffic padding (PPTP) issue and well studied problem privacy preserving data publishing (PPDP). Based on such similarities PPTP model encompassing the privacy requirements, padding costs, and padding methods, and then formulate problems under different application scenarios. These algorithms have been designed for solving the PPTP problems in polynomial time with acceptable overhead. Through experiments an attempt had been made to increases the effectiveness and efficiency of these algorithms than the existing solutions using the real world search engine.

[1]  Lingyu Wang,et al.  PPTP: Privacy-Preserving Traffic Padding in Web-Based Applications , 2014, IEEE Transactions on Dependable and Secure Computing.

[2]  Peter Chapman,et al.  Automated black-box detection of side-channel vulnerabilities in web applications , 2011, CCS '11.

[3]  Ramakrishna Gummadi,et al.  Determinating timing channels in compute clouds , 2010, CCSW '10.

[4]  Rakesh Agrawal,et al.  Keyboard acoustic emanations , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[5]  Michael Backes,et al.  Preventing Side-Channel Leaks in Web Traffic: A Formal Approach , 2013, NDSS.

[6]  Emiliano De Cristofaro,et al.  Private Information Disclosure from Web Searches , 2010, Privacy Enhancing Technologies.

[7]  Cong Wang,et al.  Privacy-Preserving Query over Encrypted Graph-Structured Data in Cloud Computing , 2011, 2011 31st International Conference on Distributed Computing Systems.

[8]  Edward W. Felten,et al.  Timing attacks on Web privacy , 2000, CCS.

[9]  Lingyu Wang,et al.  k-Indistinguishable Traffic Padding in Web Applications , 2012, Privacy Enhancing Technologies.

[10]  Danfeng Zhang,et al.  Predictive black-box mitigation of timing channels , 2010, CCS '10.

[11]  Michael K. Reiter,et al.  HomeAlone: Co-residency Detection in the Cloud via Side-Channel Analysis , 2011, 2011 IEEE Symposium on Security and Privacy.

[12]  Shunzhi Zhu,et al.  PPTP: Privacy-Preserving Traffic Padding in Web-Based Applications , 2014, IEEE Trans. Dependable Secur. Comput..