App traffic mutation: Toward defending against mobile statistical traffic analysis

Fingerprinting of mobile device apps is currently an attractive and affordable data gathering technique. Even in the presence of encryption, it is possible to fingerprint a user's app by means of packet-level traffic analysis in which side-channel information is used to determine specific patterns in packets. Knowing the specific apps utilized by smartphone users is a serious privacy concern. In this study, we address the issue of defending against statistical traffic analysis of Android apps. First, we present a methodology for the identification of mobile apps using traffic analysis. Further, we propose confusion models in which we obfuscate packet lengths information leaked by mobile traffic, and we shape one class of app traffic to obscure its class features with minimum overhead. We assess the efficiency of our model using different apps and against a recently published approach for mobile apps classification. We focus on making it hard for intruders to differentiate between the altered app traffic and the actual one using statistical analysis. Additionally, we study the tradeoff between shaping cost and traffic privacy protection, specifically the needed overhead and realization feasibility. We were able to attain 91.1% classification accuracy. Using our obfuscation technique, we were able to reduce this accuracy to 15.78%.

[1]  Charles V. Wright,et al.  Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis , 2009, NDSS.

[2]  Anton Stiglic,et al.  Traffic Analysis Attacks and Trade-Offs in Anonymity Providing Systems , 2001, Information Hiding.

[3]  Andrea Baiocchi,et al.  Optimum packet length masking , 2010, 2010 22nd International Teletraffic Congress (lTC 22).

[4]  Yu Zhang,et al.  Automatic Mobile Application Traffic Identification by Convolutional Neural Networks , 2016, 2016 IEEE Trustcom/BigDataSE/ISPA.

[5]  Miguel Rio,et al.  Your WiFi is leaking: What do your mobile apps gossip about you? , 2018, Future Gener. Comput. Syst..

[6]  Mauro Conti,et al.  AppScanner: Automatic Fingerprinting of Smartphone Apps from Encrypted Network Traffic , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[7]  Mauro Conti,et al.  Robust Smartphone App Identification via Encrypted Network Traffic Analysis , 2017, IEEE Transactions on Information Forensics and Security.

[8]  Daeyoung Kim,et al.  Internet Traffic Privacy Enhancement with Masking: Optimization and Tradeoffs , 2014, IEEE Trans. Parallel Distributed Syst..

[9]  Ivan Martinovic,et al.  Who do you sync you are?: smartphone fingerprinting via application behaviour , 2013, WiSec '13.

[10]  Tao Wang,et al.  A Systematic Approach to Developing and Evaluating Website Fingerprinting Defenses , 2014, CCS.

[11]  Hui Xiong,et al.  Service Usage Classification with Encrypted Internet Traffic in Mobile Messaging Apps , 2016, IEEE Transactions on Mobile Computing.

[12]  Rui Wang,et al.  Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow , 2010, 2010 IEEE Symposium on Security and Privacy.

[13]  Hyoungshick Kim,et al.  Encryption is Not Enough: Inferring User Activities on KakaoTalk with Traffic Analysis , 2015, WISA.

[14]  Xiang Cai,et al.  CS-BuFLO: A Congestion Sensitive Website Fingerprinting Defense , 2014, WPES.

[15]  Stefan Mangard,et al.  Exploiting Data-Usage Statistics for Website Fingerprinting Attacks on Android , 2016, WISEC.

[16]  Douglas J. Leith,et al.  A Web Traffic Analysis Attack Using Only Timing Information , 2014, IEEE Transactions on Information Forensics and Security.

[17]  Ayman I. Kayssi,et al.  Mobile Apps identification based on network flows , 2018, Knowledge and Information Systems.

[18]  Dawn Xiaodong Song,et al.  NetworkProfiler: Towards automatic fingerprinting of Android apps , 2013, 2013 Proceedings IEEE INFOCOM.

[19]  Andrew W. Moore,et al.  Discriminators for use in flow-based classification , 2013 .

[20]  Fan Zhang,et al.  Thwarting Wi-Fi Side-Channel Analysis through Traffic Demultiplexing , 2014, IEEE Transactions on Wireless Communications.

[21]  Thomas Ristenpart,et al.  Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail , 2012, 2012 IEEE Symposium on Security and Privacy.

[22]  Charles V. Wright,et al.  Uncovering Spoken Phrases in Encrypted Voice over IP Conversations , 2010, TSEC.

[23]  Nino Vincenzo Verde,et al.  No Place to Hide that Bytes Won't Reveal: Sniffing Location-Based Encrypted Traffic to Track a User's Position , 2015, NSS.

[24]  Ling Huang,et al.  I Know Why You Went to the Clinic: Risks and Realization of HTTPS Traffic Analysis , 2014, Privacy Enhancing Technologies.

[25]  Prasant Mohapatra,et al.  Predicting user traits from a snapshot of apps installed on a smartphone , 2014, MOCO.