Fingerprinting Websites Using Traffic Analysis
I present a traffic analysis based vulnerability in Safe Web, an encrypting web proxy. This vulnerability allows someone monitoring the traffic of a Safe Web user to determine if the user is visiting certain websites. I also describe a successful implementation of the attack. Finally, I discuss methods for improving the attack and for defending against the attack.
KeywordsChinese Government Exact Match Traffic Analysis Extra Data News Site
Unable to display preview. Download preview PDF.
- 1.Bruce Schneier, Applied Cryptography (New York: Wiley and Sons, 1996) 219.Google Scholar
- 3.David Martin and Andrew Schulman, Deanonymizing Users of the Safe Web Anonymizing Service, Technical Report 2002-003, Boston University Computer Science Department, February 2002. To appear in Proceedings of the 11th USENIX Security Symposium, August 2002.Google Scholar
- 4.New PRC Internet Regulation http://www.usembassy-china.org.cn/english/sandt/netreg.htm
- 5.Steve Friess, ”China Re-Blocks News Sites,” Wired News http://www.wired.com/news/politics/0,1283,47121,00.html
- 6.SafeWeb PrivaSec Alliance Press Release, August 14, 2001, http://safeweb.com/prprivasec.html
- 7.D. Song, D. Wagner, and X. Tian, Timing Analysis of Keystrokes and SSH Timing Attacks (10th USENIX Security Symposium, 2001) 2–3.Google Scholar