WEB TRAFFIC ANALYSIS ATTACK

INTRODUCTION

A Web Traffic Analysis Attack Using Only Timing Information. introduce an attack against encrypted web traffic that makes use only of packet timing information on the uplink. This attack is therefore impervious to existing packet padding defences.  we consider an attacker of the type illustrated in Figure 1. 

The attacker can detect the time when packets traverse the encrypted tunnel in the uplink direction, but has no other information about the clients’ activity. 

The attacker’s objective is to use this information to guess, with high probability of success, the web sites which the client visits. 

What is distinctive about the attack considered here is that the attacker relies solely on packet timestamp information whereas the previously reported attacks against encrypted web traffic have mainly made use of observations of packet size and/or packetcount information. 

Our interest in timing-only attacks is twofold. Firstly, packet padding is a relatively straightforward defence against attacks that rely primarily on packet size, and indeed is currently either already available or being implemented in a number of popular VPNs.

 Secondly, alternative attacks based on packet counting   are insensitive to packet padding defences but require partitioning of a packet stream into individual web fetches in order for the number of packets associated with each web fetch to be determined, which may be highly challenging in practice on links where there are no clear pauses between web fetches. 

In contrast, packet timingbased attacks are not only largely unaffected by packet padding defenses but also, as we will show, do not require partitioning  of the packet stream. Hence, they are potentially a practically important class of attack against current and future VPNs. 

While some work has been carried out using inter-arrival time information to classify the application (HTTP, IMAP etc.)   to our knowledge, there is no previous work reporting use of timing information alone to construct a successful attack against encrypted web traffic. 

EXISTING SYSTEMS

An easy way to comply with the IJSRET journal paper formatting requirements is to use this document as a template and simply type your text into it. 

The attacker can detect the time when packets traverse the encrypted tunnel in the uplink direction, but has no other information about the clients’ activity. 

The attacker’s objective is to use this information to guess, with high probability of success, the web sites which the client visits. 

The attacker relies solely on packet timestamp information whereas the previously reported attacks against encrypted web traffic have mainly made use of observations of packet size and/or packet count information. 

Our interest in timing-only attacks is twofold. Packet padding is a relatively straight forward defense against attacks that rely primarily on packet size, and indeed is currently either already available or being implemented in a number of popular virtual private networks.

Alternative attacks based on packet counting are insensitive to packet padding defenses but require partitioning of a packet stream into individual web fetches in order for the number of packets associated with each web fetch to be determined, which may be highly challenging in practice on links where there are no clear pauses between web fetches.