Analysis Of Network Traffic For Identifying Vulnerabilities In Encrypted Smartphone Communications

Network traffic analysis is the process of recording, reviewing and analyzing network traffic for the purpose of performance, security and/or general network operations and management. It is the process of using manual and automated techniques to review granular-level detail and statistics within network traffic. Traffic analysis is a serious threat over the network. An attacker can analyze network traffic patterns to infer packet’s content, even though it is encrypted. This article demonstrates a traffic analysis attack that exploits vulnerabilities in encrypted smartphone communications to infer the web pages being visited by a user. ————————————————————

[1]  Fabian Monrose,et al.  Phonotactic Reconstruction of Encrypted VoIP Conversations: Hookt on Fon-iks , 2011, 2011 IEEE Symposium on Security and Privacy.

[2]  Ling Huang,et al.  I Know Why You Went to the Clinic: Risks and Realization of HTTPS Traffic Analysis , 2014, Privacy Enhancing Technologies.

[3]  Rui Wang,et al.  Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow , 2010, 2010 IEEE Symposium on Security and Privacy.

[4]  Sylvain Guilley,et al.  Attacking Suggest Boxes in Web Applications Over HTTPS Using Side-Channel Stochastic Algorithms , 2014, CRiSIS.

[5]  Chadi Barakat,et al.  Can We Trust the Inter-Packet Time for Traffic Classification? , 2011, 2011 IEEE International Conference on Communications (ICC).

[6]  Charles V. Wright,et al.  Spot Me if You Can: Uncovering Spoken Phrases in Encrypted VoIP Conversations , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[7]  George Danezis,et al.  k-fingerprinting: A Robust Scalable Website Fingerprinting Technique , 2015, USENIX Security Symposium.

[8]  Andrea Baiocchi,et al.  What are you Googling? - Inferring search type information through a statistical classifier , 2013, 2013 IEEE Global Communications Conference (GLOBECOM).

[9]  Qi Zhang,et al.  Eavesdropping on Fine-Grained User Activities Within Smartphone Apps Over Encrypted Network Traffic , 2016, WOOT.

[10]  Yong Liao,et al.  AppPrint: Automatic Fingerprinting of Mobile Applications in Network Traffic , 2015, PAM.

[11]  Xiapu Luo,et al.  HTTPOS: Sealing Information Leaks with Browser-side Obfuscation of Encrypted Flows , 2011, NDSS.

[12]  Douglas J. Leith,et al.  A first-hop traffic analysis attack against a femtocell , 2016, 2016 13th IEEE Annual Consumer Communications & Networking Conference (CCNC).

[13]  Scott E. Coull,et al.  Traffic Analysis of Encrypted Messaging Services: Apple iMessage and Beyond , 2014, CCRV.

[14]  Nino Vincenzo Verde,et al.  Can't You Hear Me Knocking: Identification of User Actions on Android Apps via Traffic Analysis , 2014, CODASPY.

[15]  Andrew Hintz,et al.  Fingerprinting Websites Using Traffic Analysis , 2002, Privacy Enhancing Technologies.

[16]  Mauro Conti,et al.  Robust Smartphone App Identification via Encrypted Network Traffic Analysis , 2017, IEEE Transactions on Information Forensics and Security.

[17]  Bernard L. Menezes,et al.  Implementing side-channel attacks on suggest boxes in web applications , 2012, SecurIT '12.

[18]  Fan Zhang,et al.  Inferring users' online activities through traffic analysis , 2011, WiSec '11.