网络加密流量侧信道攻击研究综述

doi:10.11959/j.issn.2096-109x.2021050

Abstract

Abstract:

By analyzing and extracting information such as packet size and timing leaked during Web application communication, side channel attack on encrypted network traffic is able to recognize users' identity and behavior and even restore the original data entered by users.A model of side channel attack on encrypted network traffic according to information theory was developed.Based on the unified model, the methods and results of representative attacks such as fingerprinting attacks, keystroke attacks and speech attacks were analyzed in detail.Furthermore, defense methods of hiding packet size and timing information were discussed.At last, possible research directions were prospected with the frontiers of technology development.

Key words: web application, encrypted traffic, side channel attack, information gain

CLC Number:

TP311

Ding LI, Yuefei ZHU, Bin LU, Wei LIN. Survey of side channel attack on encrypted network traffic[J]. Chinese Journal of Network and Information Security, 2021, 7(4): 114-130.

Figures/Tables 9

References 72

[1]	JANSEN B J , RIEH S Y . The seventeen theoretical constructs of information searching and information retrieval[J]. Journal of the American Society for Information Science and Technology, 2010,61(8): 1517-1534.
[2]	JUNG Y , LIM Y , KIM M . Possibilities and limitations of online document tools for design collaboration:the case of google docs[C]// Proceedings of the 2017 ACM Conference on Computer Supported Cooperative Work and Social Computing. 2017: 1096-1108.
[3]	SULAIMAN N , CARRASCO R A , CHESTER E G . Performance evaluation of voice call over an IP based network[C]// Proceedings of the 41st Annual Conference on Information Sciences and Systems. 2007: 392-395.
[4]	JANA S , PANDE A , CHAN A ,et al. Mobile video chat:issues and challenges[J]. IEEE Communications Magazine, 2013,51(6).
[5]	BRUMLEY B B , TUVERI N . Remote timing attacks are still practical[C]// 16th European Symposium on Research in Computer Security. 2011: 355-371.
[6]	YAROM Y , FALKNER K . FLUSH+RELOAD:a high resolution,low noise,L3 cache side-channel attack[C]// Proceedings of the 23rd USENIX Security Symposium.USENIX Association. 2014: 719-732.
[7]	WANG T , GOLDBERG I . On realistically attacking tor with website fingerprinting[J]. Privacy Enhancing Technologies, 2016,2016(4): 21-36.
[8]	AL-NAAMI K , CHANDRA S , MUSTAFA A M ,et al. Adaptive encrypted traffic fingerprinting with bi-directional dependence[C]// Proceedings of the 32nd Annual Conference on Computer Security Applications. 2016: 177-188.
[9]	SONG D X , WAGNER D A , TIAN X . Timing analysis of keystrokes and timing attacks on SSH[C]// Proceedings of 10th USENIX Security Symposium. 2001.
[10]	CHEN S , WANG R , WANG X ,et al. Side-channel leaks in web applications:a reality today,a challenge tomorrow[C]// IEEE Symposium on Security and Privacy. 2010: 191-206.
[11]	WRIGHT C V , BALLARD L , COULL S E ,et al. Spot me if you can:uncovering spoken phrases in encrypted VoIP conversations[C]// IEEE Symposium on Security and Privacy. 2008: 35-49.
[12]	BACKES M , DOYCHEV G , DüRMUTH M ,, et al . Speaker recognition in encrypted voice streams[C]// 15th European Symposium on Research in Computer Security. 2010: 508-523.
[13]	SHANNON C E . A mathematical theory of communication[J]. The Bell System Technical Journal, 1948,27(3): 379-423.
[14]	BACKES M , DOYCHEV G , K?PF B , . Preventing side-channel leaks in web traffic:a formal approach[C]// 20th Annual Network and Distributed System Security Symposium. 2013.
[15]	Let's Encrypt. Percentage of Web pages loaded by firefox using HTTPS[EB].
[16]	HTTP Archive. Page weight[EB].
[17]	CHENG H , AVNUR R . Traffic analysis of ssl encrypted web browsing[R]. 1998.
[18]	HINTZ A , . Fingerprinting websites using traffic analysis[C]// Privacy Enhancing Technologies. 2002: 171-178.
[19]	SUN Q , SIMON D R , WANG Y ,et al. Statistical identification of encrypted web browsing traffic[C]// IEEE Symposium on Security and Privacy. 2002: 19-30.
[20]	FEGHHI S , LEITH D J . A Web traffic analysis attack using only timing information[J]. IEEE Transactions Information Forensics and Security, 2016,11(8): 1747-1759.
[21]	BISSIAS G D , LIBERATORE M , JENSEN D D ,et al. Privacy vulnerabilities in encrypted HTTP streams[C]// Privacy Enhancing Technologies. 2005: 1-11.
[22]	LIBERATORE M , LEVINE B N . Inferring the source of encrypted HTTP connections[C]// Proceedings of the 13th ACM Conference on Computer and Communications Security. 2006: 255-263.
[23]	HERRMANN D , WENDOLSKY R , FEDERRATH H . Website fingerprinting:attacking popular privacy enhancing technologies with the multinomial na??ve-Bayes classifier[C]// Proceedings of the first ACM Cloud Computing Security Workshop. 2009: 31-42.
[24]	顾晓丹, 杨明, 罗军舟 ,等. 针对SSH匿名流量的网站指纹攻击方法[J]. 计算机学报, 2015,38(4): 135-147.
	GU X , YANG M , LUO J ,et al. Website fingerprinting attack based on hyperlink relations[J]. Chinese Journal of Computers, 2015,38(4): 135-147.
[25]	PANCHENKO A , NIESSEN L , ZINNEN A ,et al. Website fingerprinting in onion routing based anonymization networks[C]// Proceedings of the 10th Annual ACM Workshop on Privacy in the Electronic Society. 2011: 103-114.
[26]	CAI X , ZHANG X C , JOSHI B ,et al. Touching from a distance:website fingerprinting attacks and defenses[C]// Proceedings of the 2012 ACM Conference on Computer and Communications Security. 2012: 605-616.
[27]	WANG T , GOLDBERG I . Improved website fingerprinting on Tor[C]// Proceedings of the 12th Annual ACM Workshop on Privacy in the Electronic Society. 2013: 201-212.
[28]	WANG T , CAI X , NITHYANAND R ,et al. Effective attacks and provable defenses for website fingerprinting[C]// Proceedings of the 23rd USENIX Security Symposium.USENIX Association. 2014: 143-157.
[29]	PANCHENKO A , LANZE F , PENNEKAMP J ,et al. Website fingerprinting at internet scale[C]// 23rd Annual Network and Distributed System Security Symposium. 2016.
[30]	HAYES J , DANEZIS G . K-fingerprinting:a robust scalable website fingerprinting technique[C]// Proceedings of the 25rd USENIX Security Symposium. 2016: 1187-1203.
[31]	ABE K , GOTO S . Fingerprinting attack on tor anonymity using deep learning[J]. Proceedings of the Asia-Pacific Advanced Network, 2016,42: 15-20.
[32]	RIMMER V , PREUVENEERS D , JUáREZ M ,, et al . Automated website fingerprinting through deep learning[C]// 25th Annual Network and Distributed System Security Symposium.The Internet Society. 2018.
[33]	SIRINAM P , IMANI M , JUáREZ M ,, et al . Deep fingerprinting:undermining website fingerprinting defenses with deep learning[C]// Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 2018: 1928-1943.
[34]	BHAT S , LU D , KWON A ,et al. Var-CNN:A data-efficient website fingerprinting attack based on deep learning[J]. Proceedings on Privacy Enhancing Technologies, 2019(4): 292-310.
[35]	RAHMAN M S , SIRINAM P , MATTHEWS N ,et al. Tik-Tok:the utility of packet timing in website fingerprinting attacks[J]. Proceedings on Privacy Enhancing Technologies, 2020(3).
[36]	马陈城, 杜学绘, 曹利峰 ,等. 基于深度神经网络burst特征分析的网站指纹攻击方法[J]. 计算机研究与发展, 2020,57(4): 746-766.
	MA C D , DU X H , CAO L F ,et al. Burst-analysis website finger-printing attack based on deep neural network[J]. Journal of Com-puter Research and Development, 2020,57(4): 746-766.
[37]	DAI S , TONGAONKAR A , WANG X ,et al. NetworkProfiler:towards automatic fingerprinting of android APPs[C]// Proceedings of the IEEE INFOCOM 2013. 2013: 809-817.
[38]	Google Security Blog. An update on android TLS adoption[EB].
[39]	CONTI M , MANCINI L V , SPOLAOR R ,et al. Analyzing Android encrypted network traffic to identify user actions[J]. IEEE Transactions on Information Forensics and Security, 2016,11(1): 114-125.
[40]	TAYLOR V F , SPOLAOR R , CONTI M ,et al. AppScanner:automatic fingerprinting of smartphone APPs from encrypted network traffic[C]// IEEE European Symposium on Security and Privacy. 2016: 439-454.
[41]	ST?BER T , FRANK M , SCHMITT J B ,et al. Who do you sync you are? smartphone fingerprinting via application behaviour[C]// Proceedings of the Sixth ACM Conference on Security and Privacy in Wireless and Mobile Networks. 2013: 7-12.
[42]	WANG Q , YAHYAVI A , KEMME B ,et al. I know what you did on your smartphone:inferring App usage over encrypted data traffic[C]// 2015 IEEE Conference on Communications and Network Security. 2015: 433-441.
[43]	ALAN H F , KAUR J . Can android applications be identified using only TCP/IP headers of their launch time traffic?[C]// Proceedings of the 9th ACM Conference on Security ＆ Privacy in Wireless and Mobile Networks. 2016: 61-66.
[44]	SALTAFORMAGGIO B , CHOI H , JOHNSON K ,et al. Eavesdropping on fine-grained user activities within smartphone apps over encrypted network traffic[C]// 10th USENIX Workshop on Offensive Technologies.USENIX Association. 2016.
[45]	TAYLOR V F , SPOLAOR R , CONTI M ,et al. Robust smartphone app identification via encrypted network traffic analysis[J]. IEEE Transactions on Information Forensics and Security, 2018,13(1): 63-78.
[46]	朱迪, 陈丹伟 . 基于密度聚类和随机森林的移动应用识别技术[J]. 计算机工程与应用, 2020,56(4): 63-68.
	ZHU D , CHEN D W . Technology of mobile application identifica-tion based on density-based clustering and random forest[J]. Com-puter Engineering and Applications, 2020,56(4): 63-68.
[47]	JOYCE R , GUPTA G K . Identity authentication based on keystroke latencies[J]. Communication ACM, 1990,33(2): 168-176.
[48]	MONROSE F , RUBIN A D . Keystroke dynamics as a biometric for authentication[J]. Future Generation Computer Systems, 2000,16(4): 351-359.
[49]	ARAúJO L C F , SUCUPIRA L H R , LIZáRRAGA M G , ,et al. User authentication through typing biometrics features[J]. IEEE Transactions on Signal Processing, 2005,53(2): 851-855.
[50]	王林, 贺冰清 . 采用击键特征曲线差异度的用户身份认证方法[J]. 计算机工程与应用, 2018,54(22): 160-166,196.
	WANG L , HE B Q . Keystroke dynamic identity authentication algorithm based on diversity degree of key-stroke feature curve[J]. Computer Engineering and Applications, 2018,54(22): 160-166,196.
[51]	DHAKAL V , FEIT A M , KRISTENSSON P O ,et al. Observations on typing from 136 million keystrokes[C]// Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems. 2018: 1-12.
[52]	SHARMA S A , MENEZES B L . Implementing side-channel attacks on suggest boxes in web applications[C]// Proceedings of the First International Conference on Security of Internet of Things. 2012: 57-62.
[53]	SCHAUB A , SCHNEIDER E , HOLLENDER A ,et al. Attacking suggest boxes in web applications over https using side-channel stochastic algorithms[C]// Risks and Security of Internet and Systems. 2014: 116-130.
[54]	OH S E , LI S , HOPPER N . Fingerprinting keywords in search queries over tor[J]. Proceedings on Privacy Enhancing Technologies, 2017(4): 251-270.
[55]	OH S E , SUNKAM S , HOPPER N . P1-FP:extraction,classification,and prediction of website fingerprints with deep learning[J]. Proceedings on Privacy Enhancing Technologies, 2019(3): 191-209.
[56]	MONACO J V , . What are you searching for? a remote keylogging attack on search engine autocomplete[C]// Proceedings of 28th USENIX Security Symposium. USENIX Association, 2019: 959-976.
[57]	MONACO J V , . Feasibility of a keystroke timing attack on search engines with autocomplete[C]// 2019 IEEE Security and Privacy Workshops. 2019: 212-217.
[58]	蒋竺芳 . 端到端自动语音识别技术研究[D]. 北京:北京邮电大学, 2019.
	JIANG Z . Research in End-to-end Automatic Speech Recognition Technology[D]. Beijing:Beijing University of Posts, 2019.
[59]	张瑞珍, 韩跃平, 张晓通 . 基于深度 LSTM 的端到端的语音识别[J]. 中北大学学报（自然科学版）, 2020,41(3): 244-248.
	ZHANG R , HAN Y , ZHANG X . End-to-end speech recognition based on depth-gated LSTM[J]. Journal of North University of China（Natural Science Edition), 2020,41(3): 224-248.
[60]	CMU. The CMU pronouncing dictionary[EB].
[61]	WRIGHT C V , BALLARD L , MONROSE F ,et al. Language identification of encrypted voip traffic:alejandra y roberto or alice and bob?[C]// Proceedings of 16th USENIX Security Symposium.USENIX Association. 2007.
[62]	WHITE A M , MATTHEWS A R , SNOW K Z ,et al. Phonotactic reconstruction of encrypted VoIP conversations:hookt on fon-iks[C]// IEEE Symposium on Security and Privacy. 2011: 3-18.
[63]	DUPASQUIER B , BURSCHKA S , MCLAUGHLIN K ,et al. Analysis of information leakage from encrypted skype conversations[J]. International Journal of Information Security, 2010,9(5): 313-325.
[64]	KHAN L A , BAIG M S , YOUSSEF A M . Speaker recognition from encrypted VoIP communications[J]. Digital Investigation, 2010,7(1-2): 65-73.
[65]	WRIGHT C V , COULL S E , MONROSE F . Traffic morphing:an efficient defense against statistical traffic analysis[C]// 16th Annual Network and Distributed System Security Symposium. 2009.
[66]	LUO X , ZHOU P , CHAN E W W ,et al. HTTPOS:sealing information leaks with browser-side obfuscation of encrypted flows[C]// 18th Annual Network and Distributed System Security Symposium. 2011.
[67]	WANG T , GOLDBERG I . Walkie-talkie:an efficient defense against passive website fingerprinting attacks[C]// Proceedings of the 26th USENIX Security Symposium. 2017: 1375-1390.
[68]	SCHWARZ M , LIPP M , GRUSS D ,et al. KeyDrown:eliminating software-based keystroke timing side-channel attacks[C]// 25th Annual Network and Distributed System Security Symposium. 2018.
[69]	DYER K P , COULL S E , RISTENPART T ,et al. Peek-a-boo,I still see you:why efficient traffic analysis countermeasures fail[C]// IEEE Symposium on Security and Privacy. IEEE Computer Society, 2012: 332-346.
[70]	CAI X , NITHYANAND R , WANG T ,et al. A systematic approach to developing and evaluating website fingerprinting defenses[C]// Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. 2014: 227-238.
[71]	JUáREZ M , IMANI M , PERRY M ,et al. Toward an efficient website fingerprinting defense[C]// 21st European Symposium on Research in Computer Security. 2016: 27-46.
[72]	LI S , GUO H , HOPPER N . Measuring information leakage in website fingerprinting attacks and defenses[C]// Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 2018: 1977-1992.

Metrics

Recommended 0

No Suggested Reading articles found!

作者	隧道类型	模型/方法	流量特征			攻击场景	网站数量	结果^[*]
作者	隧道类型	模型/方法	长度	时间	方向	攻击场景	网站数量	结果^[*]
Cheng ^[17]	SSL	match	√		√	封闭	489	96.7%
Sun ^[19]	SSL	Jaccard	√		√	开放	2 191 / 100 000	75% / 1.5%
Feghhi ^[20]	TLS	DTW+kNN		√	√	封闭	100	95%
Bissias ^[21]	SSH	correlation	√	√	√	封闭	100	23%
Liberatore ^[22]	SSH	Jaccard, NB	√		√	封闭	1 000	75%
Hermann ^[23]	SSH	MNB	√		√	封闭	775	96.7%
Cai ^[26]	Tor	DLSVM	√		√	封闭	100	87.3%
Wang ^[28]	Tor	kNN	√		√	封闭	100	91%
						开放	100 / 5 000	85% / 0.6%
Panchenko ^[29]	Tor	SVM	√		√	封闭	100	91.4%
						开放	100 / 9 000	96.6 / 9.6%
Hayes ^[30]	Tor	RF+kNN	√	√	√	开放	30/100 000	85% / 0.02%
Abe ^[31]	Tor	SDAE			√	封闭	100	88%
						开放	100 / 7 000	86% / 2%
Rimmer ^[32]	Tor	SDAE, CNN, LSTM			√	封闭	900	94.3%
						开放	200 / 400 000	71.3% / 3.4%
Sirinam ^[33]	Tor	CNN			√	封闭	95	98.3%
						开放	95 / 20 000	95.7 / 0.7%
Bhat ^[34]	Tor	CNN		√	√	封闭	100	97.8%
						开放	100 / 10 000	89.2% / 1.1%
注：“√”表示攻击利用了该流量特征。[*]对于开放世界场景，结果为准确率；对于封闭世界场景，结果为真阳率和假阳率。

作者	攻击目标		模型/方法	流量特征		准确率
作者	类型	数量	模型/方法	载体	数量	准确率
St?ber ^[41]	应用	14	kNN, SVM	burst	23	90%
Wang ^[42]	应用	13	RF	burst	20	93%
Alan ^[43]	应用	1 595	MNB	packet	64	88%
Conti ^[39]	特定行为	50	DTW+HC+RF	flow	小于600	95%
Saltaformaggio ^[44]	特定行为	35	k-means+SVM	flow	26	78%
Taylor ^[40]	应用	110	RF, SVM	flow	40	99%
Taylor ^[45]	应用	65	RF	flow	54	96%

作者	攻击目标		模型/方法	流量特征			信息增益	准确率
作者	类型	数量	模型/方法	方向	长度	时间	信息增益	准确率
Song ^[9]	输入口令	36⁸	HMM+Viterbi	双向	√	√	5.7 bit
Chen ^[10]	点击表项	2 670	ASR	双向	√		10 bit
Schaub ^[53]	查询关键字	10 / 6 812	stochastic algo	下行	√			34%
Oh ^[54]	查询关键字	100 / 40 000	SVM, kNN, RF	双向	√			48.2%
Monaco ^[56]	查询字符串	4 000	DFA+IC+RNN	上行	√	√		15.8%
注：“√”表示攻击利用了该流量特征。

作者	攻击目标	编码器	模型/方法	数据集	准确率
Wright ^[61]	语言	Speex	n-gram	OGI电话录音	66%
Wright ^[11]	特定语句	Speex	Profile HMM	TIMIT音素语音	51%
White ^[62]	语句	Speex	max-entropy+HMM	TIMIT音素语音	10%
Dupasquier ^[63]	特定语句	SILK	Kalman-filter+DTW	合成语音	60%
Khan ^[64]	用户身份	Speex	ENDs	CSLU讲话者语音	73%
Backes ^[12]	用户身份	Speex	VAD+3-tuples	公开政治家演讲	48%

作者	防御目标			防御方法	隐藏信息			开销^[*]	防御率^[*]
作者	指纹	击键	语音	防御方法	长度	时间	数量	开销^[*]	防御率^[*]
Song ^[9]		√		send timer		√		~500%	100%
Sun ^[19]	√			exp padding	√			~100%	64%
Liberatore ^[22]	√			MTU padding	√			145.3%	88.7%
Wright ^[65]	√		√	morphing	√			35.6% / 15.4%	38.9% / 23.9%
Panchenko ^[25]	√			Decoy	√		√	85%	94.4%
Luo ^[66]	√	√		HTTPOS	√		√	~50%	98% / 100%
Dyer ^[69]	√			BuFLO	√	√	√	129.2%	85.5%
Juarez ^[71]	√			WTF-PAD	√	√	√	80%	78%
Wang ^[67]	√			Walkie-Talkie	√		√	31%	70.5%
Monaco ^[56]		√		rand padding	√			0.3%	47%
注：[*]开销表示额外的带宽消耗；防御率表示防御后攻击识别准确率降低的比例，即1-Acc_Defended/Acc。

Survey of side channel attack on encrypted network traffic

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 9

References 72

Related Articles 11

Metrics

Recommended 0

[1]	Guozhen SHI, Kunyang LI, Yao LIU, Yongjian YANG. Encrypted traffic identification method based on deep residual capsule network with attention mechanism [J]. Chinese Journal of Network and Information Security, 2023, 9(1): 32-41.
[2]	Rongna XIE, Zhuhong MA, Zongyu LI, Ye TIAN. Encrypted traffic classification method based on convolutional neural network [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 84-91.
[3]	Jiahao QIU, Weidong QIU, Yangde WANG, Yan ZHA, Yuming XIE, Yan LI. Intellectualized forensic technique for Android pattern locks [J]. Chinese Journal of Network and Information Security, 2022, 8(1): 118-127.
[4]	Xinyu ZHANG, Bingsheng ZHANG, Quanrun MENG, Kui REN. Study on privacy preserving encrypted traffic detection [J]. Chinese Journal of Network and Information Security, 2021, 7(4): 101-113.
[5]	Mingfang ZHAI,Xingming ZHANG,Bo ZHAO. Survey of encrypted malicious traffic detection based on deep learning [J]. Chinese Journal of Network and Information Security, 2020, 6(3): 66-77.
[6]	Qirun PAN,Kaizhi HUANG,Wei YOU. Network slicing deployment method based on isolation level [J]. Chinese Journal of Network and Information Security, 2020, 6(2): 96-105.
[7]	Fanyu KONG,Yong QIAO,Pengtao LIU,Xiaodong LIU,Dashui ZHOU. Fault-injection attack on countermeasure algorithms of RSA-CRT cryptosystem [J]. Chinese Journal of Network and Information Security, 2019, 5(1): 30-36.
[8]	Jun REN,Jin-bo XIONG,Zhi-qiang YAO. Security control scheme for cloud data copy based on differential privacy model [J]. Chinese Journal of Network and Information Security, 2017, 3(5): 38-46.
[9]	Xiao-shuang ZHANG,Yi-ling XU,Yuan LIU. Discovery and research of network security vulnerabilities based on Web application [J]. Chinese Journal of Network and Information Security, 2016, 2(6): 58-65.
[10]	Hui-hui JIA,Chao WANG,Jian GU,Hao-hao SONG,Di TANG. Research and simulation of timing attacks on ECC [J]. Chinese Journal of Network and Information Security, 2016, 2(4): 56-63.
[11]	Xin SUN,Yi-yang YAO,Xin-dai LU,Xue-jiao LIU,Yong-han WU. Research and implementation of fuzzing testing based on HTTP proxy [J]. Chinese Journal of Network and Information Security, 2016, 2(2): 75-86.