NNSquad - Network Neutrality Squad
[ NNSquad ] I Know Why You Went to the Clinic: Risks and Realization of HTTPS Traffic Analysis
I Know Why You Went to the Clinic: Risks and Realization of HTTPS Traffic Analysis
http://j.mp/1k0QAOb (ARXIV)
"Abstract. Revelations of large scale electronic surveillance and
data mining by governments and corporations have fueled increased
adoption of HTTPS. We present a traffic analysis attack against
over 6000 webpages spanning the HTTPS deployments of 10 widely
used, industry-leading websites in areas such as healthcare,
insurance, legal services and streaming video. Our attack identifies
individual pages in the same website with 89% accuracy,
exposing personal details including medical conditions, financial
and legal affairs and sexual orientation. We examine evaluation
methodology and reveal accuracy variations as large as 18% caused
by assumptions affecting caching and cookies. We present a novel
defense reducing attack accuracy to 27% with a 9% traffic increase,
and demonstrate signicantly increased effectiveness of prior
defenses in our evaluation context, inclusive of enabled caching,
user-specific cookies and pages within the same website."
- - -
--Lauren--
Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
Founder:
- Network Neutrality Squad: http://www.nnsquad.org
- PRIVACY Forum: http://www.vortex.com/privacy-info
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://google.com/+LaurenWeinstein
Twitter: http://twitter.com/laurenweinstein
Tel: +1 (818) 225-2800 / Skype: vortex.com
_______________________________________________
nnsquad mailing list
http://lists.nnsquad.org/mailman/listinfo/nnsquad