Depending on HTTP/2 for Privacy? Good Luck!

Mitra, Gargi; Vairam, Prasanna Karthik; Slpsk, Patanjali; Chandrachoodan, Nitin; Kamakoti, V

doi:10.1109/dsn48063.2020.00044

Cited by 2 publications

(5 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…With multi-threading, packets belonging to two different resources could get interleaved within the same TCP stream (in HTTP/2 [36]) or QUIC stream (in HTTP/3 [37]). To handle such complex scenarios, Snoopy adopts the technique described in our recent work [38] for computing encrypted resource sizes in HTTP/2 websites. For HTTP/3 websites, Snoopy drops the QUIC connection establishment packets so that the communication protocol falls back to HTTP/1.1 or HTTP/2.…”

Section: Printsmentioning

confidence: 99%

“…Also, note that out of the 55 resources in the website PS, only 11 resources were of interest to the adversary, and their download sequence was sufficient to identify all the 40323 webpages uniquely. Details about this can be found in our recent work [38].…”

Section: Resource-level Prediction Accuracy Of Snoopymentioning

confidence: 99%

“…This happens due to variations in resource sizes caused by tracking and session cookies. An alternative way to fingerprint HTTP/2 webpages is to introduce systematic network delays, throttle the bandwidth or drop packets at the compromised network device, as discussed in one of our prior works [38]. This would force the web server to transmit the web resources in non-multiplexed fashion, and the attacker can use the same webpage profiling and prediction techniques as those used for HTTP/1.x websites.…”

Section: Turesmentioning

confidence: 99%

“…This would force the web server to transmit the web resources in non-multiplexed fashion, and the attacker can use the same webpage profiling and prediction techniques as those used for HTTP/1.x websites. In this paper, we have used the techniques shown in our prior work [38] for HTTP/2 websites, to evaluate the performance of the same traffic feature for both HTTP/1.x and HTTP/2 websites. (b) Encrypted TCP stream sizes for two individual and one sequential webpage access using multi-tab browsing.…”

Section: Turesmentioning

confidence: 99%

See 3 more Smart Citations

Snoopy: A Webpage Fingerprinting Framework with Finite Query Model for Mass-Surveillance

Mitra¹,

Vairam²,

Saha³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

Internet users are vulnerable to privacy attacks despite the use of encryption. Webpage fingerprinting, an attack that analyzes encrypted traffic, can identify the webpages visited by a user. Recent research works have been successful in demonstrating webpage fingerprinting attacks on individual users, but have been unsuccessful in extending their attack for mass-surveillance. The key challenges in performing mass-scale webpage fingerprinting arises from (i) the sheer number of combinations of user behavior and preferences to account for, and; (ii) the bound on the number of website queries imposed by the defense mechanisms (e.g., DDoS defense) deployed at the website. These constraints preclude the use of conventional data-intensive ML-based techniques.In this work, we propose Snoopy, a first-of-its-kind framework, that performs webpage fingerprinting for a large number of users visiting a website. Snoopy caters to the generalization requirements of mass-surveillance while complying with a bound on the number of website accesses (finite query model) for traffic sample collection. For this, Snoopy uses a feature (i.e., sequence of encrypted resource sizes) that is either unaffected or predictably affected by different browsing contexts (OS, browser, caching, cookie settings). Snoopy uses static analysis techniques to predict the variations caused by factors such as header sizes, MTU, and User Agent String that arise from the diversity in browsing contexts. We show that Snoopy achieves ≈ 90% accuracy when evaluated on most websites, across various browsing contexts. A simple ensemble of Snoopy and an ML-based technique achieves ≈ 97% accuracy while adhering to the finite query model, in cases when Snoopy alone does not perform well.

show abstract

Section: Printsmentioning

confidence: 99%

Section: Resource-level Prediction Accuracy Of Snoopymentioning

confidence: 99%

Section: Turesmentioning

confidence: 99%

Section: Turesmentioning

confidence: 99%

See 2 more Smart Citations

Snoopy: A Webpage Fingerprinting Framework with Finite Query Model for Mass-Surveillance

Mitra¹,

Vairam²,

Saha³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…The work in [45] showed that it is possible to break the privacy offered by HTTP/2 multiplexing. HTTP/2 allows concurrent server threads to process multiple objects, resulting in multiplexed object transmission.…”

Section: Privacy Attacksmentioning

confidence: 99%

A hands-on gaze on HTTP/3 security through the lens of HTTP/2 and a public dataset

Chatzoglou¹,

Kouliaridis²,

Kambourakis³

et al. 2022

Preprint

View full text Add to dashboard Cite

Following QUIC protocol ratification on May 2021, the third major version of the Hypertext Transfer Protocol, namely HTTP/3, was published around one year later in RFC 9114. In light of these consequential advancements, the current work aspires to provide a full-blown coverage of the following issues, which to our knowledge have received feeble or no attention in the literature so far. First, we provide a complete review of attacks against HTTP/2, and elaborate on if and in which way they can be migrated to HTTP/3. Second, through the creation of a testbed comprising the at present six most popular HTTP/3-enabled servers, we examine the effectiveness of a quartet of attacks, either stemming directly from the HTTP/2 relevant literature or being entirely new. This scrutiny led to the assignment of at least one CVE ID with a critical base score by MITRE. No less important, by capitalizing on a realistic, abundant in devices testbed, we compiled a voluminous, labeled corpus containing traces of ten diverse attacks against HTTP and QUIC services. An initial evaluation of the dataset mainly by means of machine learning techniques is included as well. Given that the 30 GB dataset is made available in both pcap and CSV formats, forthcoming research can easily take advantage of any subset of features, contingent upon the specific network topology and configuration.

show abstract

Depending on HTTP/2 for Privacy? Good Luck!

Cited by 2 publications

References 12 publications

Snoopy: A Webpage Fingerprinting Framework with Finite Query Model for Mass-Surveillance

Snoopy: A Webpage Fingerprinting Framework with Finite Query Model for Mass-Surveillance

A hands-on gaze on HTTP/3 security through the lens of HTTP/2 and a public dataset

Contact Info

Product

Resources

About