Figures and Tables from this paper
- figure 1
- table 1
- table 2
- figure 2
- figure 3
- table 3
- table 4
- figure 4
- table 5
- figure 5
- table 6
- figure 6
- table 7
- figure 7
- table 8
- figure 8
- figure 9
- figure 10
- figure 11
- figure 12
Topics
Hypertext Transfer Protocol (opens in a new tab)State-of-the-art Attacks (opens in a new tab)Information Leak (opens in a new tab)Traffic Analysis (opens in a new tab)HTTP Flow (opens in a new tab)
169 Citations
- Xujing Huang
- 2016
Computer Science
A new approach based on verification and quantitative information flow is proposed to perform a fully automated analysis of side-channel leakages in web applications and is implemented into a tool, called SideAuto, which targets at the Apache Struts web.
- Fuqing ChenHaixin DuanXiaofeng ZhengJian JiangJianjun Chen
- 2018
Computer Science
COSADE
A new side-channel attack against HTTPS (HTTP over TLS) by exploiting cookie injection is presented, able to reveal the full path of unknown URLs visited by the victim, exploiting cookie-path matching vulnerabilities in Internet Explorer, Edge, Safari, etc.
- 4
- 2012
Computer Science
A novel framework for reasoning about information leakage in web traffic is developed, and principles for countermeasure composition which strengthens security are designed, as well as the utilization of structural properties of web applications to design countermeasures which provide strong security guarantees.
- PDF
- Weiran LinS. ReddyN. Borisov
- 2019
Computer Science
This paper created web page models of top Alexa sites that captured the dependency structure of the resources on the site, and evaluated their susceptibility to state-of-the-art web fingerprinting attacks, showing that HTTP/2 presents a smaller fingerprinting surface for an adversary than HTTP/1.1.
- 4
- PDF
- S. SibyMarc JuárezClaudia DíazNarseo Vallina-RodriguezC. Troncoso
- 2020
Computer Science
NDSS
This paper examines whether encrypting DNS traffic can protect users from traffic analysis-based monitoring and censoring and shows that Tor -- which does not effectively mitigate traffic analysis attacks on web traffic -- is a good defense against DoH traffic analysis.
- 89 [PDF]
- Paul GrubbsR. McPhersonMuhammad NaveedThomas RistenpartVitaly Shmatikov
- 2016
Computer Science
CCS
The results show that the problem of securing client-server applications against actively malicious servers is challenging and still unsolved and general lessons for the designers of systems that rely on property-preserving or searchable encryption to protect data from untrusted servers are concluded.
- 91
- PDF
- A. PirontiPierre-Yves StrubK. Bhargavan
- 2012
Computer Science
This work proposes a novel length-hiding scheme that leverages standard TLS padding to enforce website-specific privacy policies and proposes the first countermeasure that is standards-based, provably secure, and experimentally effective, yet pragmatic.
- 19
- Jonathan MuehlsteinYehonatan Zion Ofir Pele
- 2017
Computer Science
2017 14th IEEE Annual Consumer Communications…
It is shown that an external attacker can identify the operating system, browser and application of HTTP encrypted traffic (HTTPS) to the best of the knowledge, this is the first work that shows this.
- 62 [PDF]
- Tom van GoethemM. VanhoefFrank PiessensW. Joosen
- 2016
Computer Science
USENIX Security Symposium
This in-depth analysis finds several design flaws in the storage mechanisms of browsers, which allows an adversary to expose the exact size of any resource in mere seconds, and reports on a novel size-exposing technique against Wi-Fi networks.
- 32
- PDF
- Jean-Pierre SmithL. DolfiPrateek MittalA. Perrig
- 2022
Computer Science
USENIX Security Symposium
The QCSD framework is designed and implemented, which leverages QUIC and HTTP/3 to emulate existing website-fingerprinting defences by bidirectionally adding cover traf fic and reshaping connections solely from the client, and demonstrates the promise of this approach in shaping connections towards client-orchestrated defences.
- 10
- PDF
...
...
39 References
- G. BissiasM. LiberatoreDavid D. JensenB. Levine
- 2005
Computer Science
Privacy Enhancing Technologies
A straightforward traffic analysis attack against encrypted HTTP streams that is surprisingly effective in identifying the source of the traffic and proposes some countermeasures and improvements.
- 255
- Highly Influential
- PDF
- Shuo ChenRui WangXiaofeng WangKehuan Zhang
- 2010
Computer Science
2010 IEEE Symposium on Security and Privacy
It is found that surprisingly detailed sensitive information is being leaked out from a number of high-profile, top-of-the-line web applications in healthcare, taxation, investment and web search, suggesting the scope of the problem seems industry-wide.
- 427
- Highly Influential
- PDF
- G. Danezis
Computer Science
It is shown how much information an attacker can infer about single requests and submissions knowing only their length, and a Hidden Markov Model is presented that analyzes sequences of requests and finds the most plausible resources accessed.
- 56
- PDF
- Kevin BordersA. Prakash
- 2004
Computer Science
CCS '04
The design of Web Tap is presented, results from its evaluation, as well as potential limits to Web Tap's capabilities are presented.
- 148
- PDF
- Kehuan ZhangZhou LiRui WangXiaofeng WangShuo Chen
- 2010
Computer Science
CCS '10
A suite of new techniques for automatic detection and quantification of side-channel leaks in web applications, called Sidebuster, which can automatically analyze an application's source code to detect its side channels and then perform a rerun test to assess the amount of information disclosed through such channels.
- 67
- PDF
- C. V. WrightScott E. CoullF. Monrose
- 2009
Computer Science
NDSS
This paper proposes a novel method for thwarting statistical traffic analysis algorithms by optimally morphing one class of traffic to look like another class, and shows how to optimally modify packets in real-time to reduce the accuracy of a variety of traffic classifiers while incurring much less overhead than padding.
- 335
- PDF
- M. LiberatoreB. Levine
- 2006
Computer Science
CCS '06
This work examines the effectiveness of two traffic analysis techniques, based upon classification algorithms, for identifying encrypted HTTP streams, and gives evidence that these techniques will exhibit the scalability necessary to be effective on the Internet.
- 418
- Highly Influential
- PDF
- Dominik HerrmannRolf WendolskyH. Federrath
- 2009
Computer Science
CCSW '09
A novel method that applies common text mining techniques to the normalised frequency distribution of observable IP packet sizes and outperforms previously known methods like Jaccard's classifier and Naïve Bayes that neglect packet frequencies altogether or rely on absolute frequency values.
- 425
- PDF
- A. Prakash
- 2009
Computer Science
This paper presents measurement algorithms for the Hypertext Transfer Protocol (HTTP), the main protocol for web browsing, that were able to discount 98.5% of measured bytes and effectively isolate information leaks.
- 63
- PDF
- Qixiang SunDaniel R. SimonYi-Min WangW. RussellV. PadmanabhanL. Qiu
- 2002
Computer Science
Proceedings 2002 IEEE Symposium on Security and…
This work investigates the identifiability of World Wide Web traffic based on this unconcealed information in a large sample of Web pages, and shows that it suffices to identify a significant fraction of them quite reliably.
- 431
...
...
Related Papers
Showing 1 through 3 of 0 Related Papers