Skip to main content

k-Indistinguishable Traffic Padding in Web Applications

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNSC,volume 7384)

Abstract

While web-based applications are becoming increasingly ubiquitous, they also present new security and privacy challenges. In particular, recent research revealed that many high profile Web applications might cause private user information to leak from encrypted traffic due to side-channel attacks exploiting packet sizes and timing. Moreover, existing solutions, such as random padding and packet-size rounding, are shown to incur prohibitive cost while still not ensuring sufficient privacy protection. In this paper, we propose a novel k-indistinguishable traffic padding technique to achieve the optimal tradeoff between privacy protection and communication and computational cost. Specifically, we first present a formal model of the privacy-preserving traffic padding (PPTP). We then formulate PPTP problems under different application scenarios, analyze their complexity, and design efficient heuristic algorithms. Finally, we confirm the effectiveness and efficiency of our algorithms by comparing them to existing solutions through experiments using real-world Web applications.

Keywords

  • Packet Size
  • Privacy Protection
  • Input String
  • Privacy Requirement
  • Differential Privacy

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-642-31680-7_5
  • Chapter length: 21 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   64.99
Price excludes VAT (USA)
  • ISBN: 978-3-642-31680-7
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   83.00
Price excludes VAT (USA)

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aggarwal, G., Feder, T., Kenthapadi, K., Motwani, R., Panigrahy, R., Thomas, D., Zhu, A.: Anonymizing Tables. In: Eiter, T., Libkin, L. (eds.) ICDT 2005. LNCS, vol. 3363, pp. 246–258. Springer, Heidelberg (2005)

    CrossRef  Google Scholar 

  2. Askarov, A., Zhang, D., Myers, A.C.: Predictive black-box mitigation of timing channels. In: CCS 2010, pp. 297–307 (2010)

    Google Scholar 

  3. Asonov, D., Agrawal, R.: Keyboard acoustic emanations. In: IEEE Symposium on Security and Privacy, p. 3 (2004)

    Google Scholar 

  4. Backes, M., Doychev, G., Dürmuth, M., Köpf, B.: Speaker Recognition in Encrypted Voice Streams. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 508–523. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  5. Bauer, K., McCoy, D., Greenstein, B., Grunwald, D., Sicker, D.: Physical Layer Attacks on Unlinkability in Wireless LANs. In: Goldberg, I., Atallah, M.J. (eds.) PETS 2009. LNCS, vol. 5672, pp. 108–127. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  6. Bilogrevic, I., Jadliwala, M., Kalkan, K., Hubaux, J.-P., Aad, I.: Privacy in Mobile Computing for Location-Sharing-Based Services. In: Fischer-Hübner, S., Hopper, N. (eds.) PETS 2011. LNCS, vol. 6794, pp. 77–96. Springer, Heidelberg (2011)

    CrossRef  Google Scholar 

  7. Brumley, D., Boneh, D.: Remote timing attacks are practical. In: USENIX (2003)

    Google Scholar 

  8. Castelluccia, C., De Cristofaro, E., Perito, D.: Private Information Disclosure from Web Searches. In: Atallah, M.J., Hopper, N.J. (eds.) PETS 2010. LNCS, vol. 6205, pp. 38–55. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  9. Chen, S., Wang, R., Wang, X., Zhang, K.: Side-channel leaks in web applications: A reality today, a challenge tomorrow. In: IEEE Symposium on Security and Privacy 2010, pp. 191–206 (2010)

    Google Scholar 

  10. Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Samarati, P.: k-anonymous data mining: A survey. In: Privacy-Preserving Data Mining: Models and Algorithms (2008)

    Google Scholar 

  11. Danezis, G., Aura, T., Chen, S., Kıcıman, E.: How to Share Your Favourite Search Results while Preserving Privacy and Quality. In: Atallah, M.J., Hopper, N.J. (eds.) PETS 2010. LNCS, vol. 6205, pp. 273–290. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  12. Dwork, C.: Differential Privacy. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006, Part II. LNCS, vol. 4052, pp. 1–12. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  13. Fung, B.C.M., Wang, K., Chen, R., Yu, P.S.: Privacy-preserving data publishing: A survey of recent developments. ACM Comput. Surv. 42, 14:1–14:53 (2010)

    CrossRef  Google Scholar 

  14. Kann, V.: Maximum bounded h-matching is max snp-complete. Inf. Process. Lett. 49, 309–318 (1994)

    MathSciNet  MATH  CrossRef  Google Scholar 

  15. Kanungo, T., Mount, D.M., Netanyahu, N.S., Piatko, C., Silverman, R., Wu, A.Y.: An efficient k-means clustering algorithm: Analysis and implementation. IEEE Trans. Pattern Anal. Mach. Intell. 24, 881–892 (2002)

    CrossRef  Google Scholar 

  16. LeFevre, K., DeWitt, D.J., Ramakrishnan, R.: Incognito: Efficient fulldomain k-anonymity. In: SIGMOD, pp. 49–60 (2005)

    Google Scholar 

  17. Li, N., Li, T., Venkatasubramanian, S.: t-closeness: Privacy beyond k-anonymity and l-diversity. In: ICDE 2007, pp. 106–115 (2007)

    Google Scholar 

  18. Liu, W.M., Wang, L., Cheng, P., Debbabi, M.: Privacy-preserving traffic padding in web-based applications. In: WPES 2011, pp. 131–136 (2011)

    Google Scholar 

  19. Luo, X., Zhou, P., Chan, E.W.W., Lee, W., Chang, R.K.C., Perdisci, R.: Httpos: Sealing information leaks with browser-side obfuscation of encrypted flows. In: NDSS 2011 (2011)

    Google Scholar 

  20. Machanavajjhala, A., Kifer, D., Gehrke, J., Venkitasubramaniam, M.: L-diversity: Privacy beyond k-anonymity. ACM Trans. Knowl. Discov. Data 1(1), 3 (2007)

    CrossRef  Google Scholar 

  21. Nagaraja, S., Jalaparti, V., Caesar, M., Borisov, N.: P3CA: Private Anomaly Detection Across ISP Networks. In: Fischer-Hübner, S., Hopper, N. (eds.) PETS 2011. LNCS, vol. 6794, pp. 38–56. Springer, Heidelberg (2011)

    CrossRef  Google Scholar 

  22. Narayanan, A., Shmatikov, V.: De-anonymizing social networks. In: IEEE Symposium on Security and Privacy 2009, pp. 173–187 (2009)

    Google Scholar 

  23. Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: CCS, pp. 199–212 (2009)

    Google Scholar 

  24. Samarati, P.: Protecting respondents’ identities in microdata release. IEEE Trans. on Knowl. and Data Eng. 13(6), 1010–1027 (2001)

    CrossRef  Google Scholar 

  25. Saponas, T.S., Agarwal, S.: Devices that tell on you: Privacy trends in consumer ubiquitous computing. In: USENIX 2007, pp. 5:1–1:16 (2007)

    Google Scholar 

  26. Sun, J., Zhu, X., Zhang, C., Fang, Y.: Hcpp: Cryptography based secure ehr system for patient privacy and emergency healthcare. In: ICDCS 2011, pp. 373–382 (2011)

    Google Scholar 

  27. Sun, Q., Simon, D.R., Wang, Y.M., Russell, W., Padmanabhan, V.N., Qiu, L.: Statistical identification of encrypted web browsing traffic. In: IEEE Symposium on Security and Privacy (2002)

    Google Scholar 

  28. Sweeney, L.: k-anonymity: a model for protecting privacy. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems 10(5), 557–570 (2002)

    MathSciNet  MATH  CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Liu, W.M., Wang, L., Ren, K., Cheng, P., Debbabi, M. (2012). k-Indistinguishable Traffic Padding in Web Applications. In: Fischer-Hübner, S., Wright, M. (eds) Privacy Enhancing Technologies. PETS 2012. Lecture Notes in Computer Science, vol 7384. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31680-7_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-31680-7_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-31679-1

  • Online ISBN: 978-3-642-31680-7

  • eBook Packages: Computer ScienceComputer Science (R0)