Abstract
Nowadays, billions of people use Instant Messaging (IM) applications (called apps for short) to communicate, e.g., WhatsApp, Telegram, etc. These applications have a positive impact in social relations, allowing a real-time communication that is simple and immediate. In this way, users can be available everywhere and at any time. In the state of the art, the most popular instant messaging application in the world is definitely WhatsApp. Given the multiple operational scenarios where they are involved in, to prevent the violation of communication by malicious users, IM applications typically ensure security in terms of confidentiality, integrity and availability. Indeed, in the WhatsApp application as well as in the other IM applications, the communication between the various entities takes place in a protected manner. Therefore, it is practically impossible to break the protection of messages exchanged by such applications and find the content of such messages. On the other hand, due to their security properties, those applications are widely used also by cybercriminals. In this paper we focus on the WhatsApp application and propose an approach based on the side-channel analysis to detect some actions performed by WhatsApp users, such as the starting or rejecting of a call, the joining or leaving from/to a chat group, etc. More precisely, the approach we propose is based on the analysis of some characteristics and patterns present in the traffic generated during typical WhatsApp sessions. The proposed approach does not require particular tools or backgrounds to be completed, but only simple packet capture tools, such as WireShark. Furthermore, we point out that our approach can be very useful in the context of forensic analysis, since it complements all the other tools and methodologies typically used in the state of the art to deal with a cybercrime. Finally, the proposed approach has been tested in real usage scenarios, both as regards the communication between two (unicast) and more endpoints (multicast).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
How voice and video call works? https://blog.mindorks.com/how-voice-and-video-call-works-b0896aa0a630
Ranked: The world’s most downloaded apps - visual capitalist. https://www.visualcapitalist.com/ranked-most-downloaded-apps/
Statistics on cyber-terrorism. http://csciwww.etsu.edu/gotterbarn/stdntppr/stats.htm
Wireshark. https://www.wireshark.org/
Cyberbullying facts and statistics for 2016–2019 (2019). https://www.comparitech.com/internet-providers/cyberbullying-statistics
Anglano, C.: Forensic analysis of WhatsApp Messenger on Android smartphones. Digit. Invest. 11(3), 201–213 (2014)
Carpentieri, B., Castiglione, A., De Santis, A., Palmieri, F., Pizzolante, R.: Compression-based steganography. Concurr. Comput. Pract. Exp. e5322 (2019)
Carpentieri, B., Castiglione, A., De Santis, A., Palmieri, F., Pizzolante, R., Xing, X.: Securing visual search queries in ubiquitous scenarios empowered by smart personal devices. Inf. Sci. 508, 393–404 (2020)
Castiglione, A., Pizzolante, R., Palmieri, F., De Santis, A., Carpentieri, B., Castiglione, A.: Secure and reliable data communication in developing regions and rural areas. Pervasive Mob. Comput. 24, 117–128 (2015)
Conti, M., Li, Q.Q., Maragno, A., Spolaor, R.: The dark side (-channel) of mobile devices: a survey on network traffic analysis. IEEE Commun. Surv. Tutor. 20(4), 2658–2713 (2018)
Gordon, S., Ford, R.: On the definition and classification of cybercrime. J. Comput. Virol. 2(1), 13–20 (2006)
Jahankhani, H., Al-Nemrat, A., Hosseinian-Far, A.: Cybercrime classification and characteristics. In: Akhgar, B., Staniforth, A., Bosco, F. (eds.) Cyber Crime and Cyber Terrorism Investigator’s Handbook, pp. 149–164. Elsevier, Amsterdam (2014)
Janczukowicz, E.C.: Qos management for WebRTC: loose coupling strategies. Ph.D. thesis, Ecole nationale supérieure Mines-Télécom Atlantique (2017)
Jong, C.H.: Private communication detection via side-channel attacks. Ph.D. thesis, University of Maryland, College Park (2012)
Kadloor, S., Gong, X., Kiyavash, N., Tezcan, T., Borisov, N.: Low-cost side channel remote traffic analysis attack in packet networks. In: 2010 IEEE International Conference on Communications, pp. 1–5. IEEE (2010)
Lescisin, M., Mahmoud, Q.: Tools for active and passive network side-channel detection for web applications. In: 12th USENIX Workshop on Offensive Technologies (WOOT 2018) (2018)
Lone, A.H., Badroo, F.A., Chudhary, K.R., Khalique, A.: Implementation of forensic analysis procedures for WhatsApp and Viber Android applications. Int. J. Comput. Appl. 128(12), 26–33 (2015)
Orebaugh, A., Allnutt, J.: Data mining instant messaging communications to perform author identification for cybercrime investigations. In: International Conference on Digital Forensics and Cyber Crime, pp. 99–110. Springer (2009)
Rosner, N., Kadron, I.B., Bang, L., Bultan, T.: Profit: detecting and quantifying side channels in networked applications. In: NDSS (2019)
Tsai, F.C., Chang, E.C., Kao, D.Y.: WhatsApp network forensics: discovering the communication payloads behind cybercriminals. In: 2018 20th International Conference on Advanced Communication Technology (ICACT), pp. 679–684. IEEE (2018)
Walnycky, D., Baggili, I., Marrington, A., Moore, J., Breitinger, F.: Network and device forensic analysis of Android social-messaging applications. Digit. Invest. 14, S77–S84 (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
De Luca Fiscone, G., Pizzolante, R., Castiglione, A., Palmieri, F. (2020). Network Forensics of WhatsApp: A Practical Approach Based on Side-Channel Analysis. In: Barolli, L., Amato, F., Moscato, F., Enokido, T., Takizawa, M. (eds) Advanced Information Networking and Applications. AINA 2020. Advances in Intelligent Systems and Computing, vol 1151. Springer, Cham. https://doi.org/10.1007/978-3-030-44041-1_69
Download citation
DOI: https://doi.org/10.1007/978-3-030-44041-1_69
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-44040-4
Online ISBN: 978-3-030-44041-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)