Loading...

Improving the Security Level of Encrypted Traffic

Fani Tabasi, Farzam | 2015

489 Viewed
  1. Type of Document: M.Sc. Thesis
  2. Language: Farsi
  3. Document No: 47947 (19)
  4. University: Sharif University of Technology
  5. Department: Computer Engineering
  6. Advisor(s): Jalili, Rasool; Bayat-Sarmadi, Siavash
  7. Abstract:
  8. Common privacy enhancing technologies fail to effectively hide the certain statistical aspects of encrypted traffic, namely individual packets length, packets direction and, packets timing. Recent researches have shown that using such traffic attributes, an adversary is able to extract various information from the encrypted traffic such as the visited website, used protocol or even spoken language. Such attacks in general are called traffic analysis attacks. Proposed countermeasure try to change the distribution of such features in users traffic but either they fail to effectively reduce the accuracy of that attacker or do so while enforcing a high degree of bandwidth overhead and timing delay. Such negative outcome have led to limited utilization of traffic analysis countermeasures. In this paper, through the use of a predefined set of clustered website traces and a greedy packet morphing algorithm, we introduce a novel website fingerprinting countermeasure called TG-PSM. This method (1) clusters websites based on their behavior in different phases of loading, (2) finds a suitable target site for any visiting website by the user based on the website importance degree indicated by user, thus providing dynamic tunability which is absent in previous countermeasures, and (3) morphs the given trace to the target website using a greedy algorithm considering the distance and the resulted overhead. Our evaluations show that TG-PSM outperforms previously secure-proven countermeasure simultaneously both in attacker accuracy reduction and enforced bandwidth. To evaluate our method (TG-PSM), we implemented 3 classifiers and 6 countermeasures from the literature and compared them with TG-PSM based on their created DiP, bandwidth overhead. The classifiers include Liberatore and Levine's Naive-Bayes, Herrmann's multinomial Naive-Bayes and Panchenko's SVM classifier. For countermeasures we chose the ones that have already shown effective DiP against leading classifiers. The countermeasure are Traffic Morphing, BuFLO, TAMARAW. Our results show that in the same scenarios, TG-PSM performs better than the rest of the countermeasures, improving DiP by more than 10\% while forcing the same bandwidth overhead
  9. Keywords:
  10. Traffic Analysis ; Statistical Analysis ; Traffic Analysis Attacks ; Encrypted Traffic ; Website Fingerprinting ; Traffic Clustering ; Traffic Morfing

 Digital Object List

 Bookmark

No TOC