Network Encrypted Traffic Side-channel Analysis on Chinese Search

LI Ding; LIN Wei; LU Bin; ZHU Yuefei

doi:10.11999/JEIT210289

Volume 44 Issue 5

May 2022

Turn off MathJax

Article Contents

Article Navigation > Journal of Electronics & Information Technology > 2022 > 44(5): 1763-1772

LI Ding, LIN Wei, LU Bin, ZHU Yuefei. Network Encrypted Traffic Side-channel Analysis on Chinese Search[J]. Journal of Electronics & Information Technology, 2022, 44(5): 1763-1772. doi: 10.11999/JEIT210289

Citation:

LI Ding, LIN Wei, LU Bin, ZHU Yuefei. Network Encrypted Traffic Side-channel Analysis on Chinese Search[J]. Journal of Electronics & Information Technology, 2022, 44(5): 1763-1772. doi: 10.11999/JEIT210289

Citation:

PDF( 4713 KB)

Network Encrypted Traffic Side-channel Analysis on Chinese Search

doi: 10.11999/JEIT210289

1.
PLA Information Engineering University, Zhengzhou 450001, China
2.
State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, China

Funds: The National Key R&D Program of China (2019QY1302)

Received Date: 2021-04-08
Accepted Date: 2022-01-12
Rev Recd Date: 2021-12-15

Available Online: 2022-01-21

Publish Date: 2022-05-25

Abstract

Abstract

Incremental search services in search engines update the suggestion list for users by sending real-time requests. Focusing on the information leakage of encrypted search traffic, a side-channel analysis method on Chinese search is proposed. Leveraging the distinguishability of packet length increments and time intervals, a three-stage analysis model is constructed to identify user queries. Experimental results show that the performance in four commonly used Chinese search engines achieves the theoretical quantified value. The identification accuracy for the set containing 1.4×10⁵ monitored queries reaches 76%. Finally, four mitigation methods are evaluated to demonstrate that side-channel analysis can be effectively defended by blocking the information leakage sources.
- Encrypted traffic,
- Side-channel analysis,
- Search engine,
- Information gain

FullText(HTML)

References(18)

References

[1]	武思齐, 王俊峰. 基于数据流多维特征的移动流量识别方法研究[J]. 四川大学学报:自然科学版, 2020, 57(2): 247–254. doi: 10.3969/j.issn.0490-6756.2020.02.008 WU Siqi and WANG Junfeng. Research on mobile traffic identification based on multidimensional characteristics of data flow[J]. Journal of Sichuan University:Natural Science Edition, 2020, 57(2): 247–254. doi: 10.3969/j.issn.0490-6756.2020.02.008
[2]	SIRINAM P, MATHEWS N, RAHMAN M S, et al. Triplet fingerprinting: More practical and portable website fingerprinting with N-shot learning[C]. The 2019 ACM SIGSAC Conference on Computer and Communications Security, London, UK, 2019: 1131–1148.
[3]	GU Jiaxi, WANG Jiliang, YU Zhiwen, et al. Traffic-based side-channel attack in video streaming[J]. IEEE/ACM Transactions on Networking, 2019, 27(3): 972–985. doi: 10.1109/TNET.2019.2906568
[4]	WHITE A M, MATTHEWS A R, SNOW K Z, et al. Phonotactic reconstruction of encrypted VoIP conversations: Hookt on fon-iks[C]. 2011 IEEE Symposium on Security and Privacy, Oakland, USA, 2011: 3–18.
[5]	LI Hong, HE Yunhua, SUN Limin, et al. Side-channel information leakage of encrypted video stream in video surveillance systems[C]. The 35th Annual IEEE International Conference on Computer Communications, San Francisco, USA, 2016: 1–9.
[6]	SONG D X, WAGNER D, and TIAN Xuqing. Timing analysis of keystrokes and timing attacks on SSH[C]. The 10th conference on USENIX Security Symposium, Washington, USA, 2001: 25.
[7]	CHEN Shuo, WANG Rui, WANG Xiaofeng, et al. Side-channel leaks in web applications: A reality today, a challenge tomorrow[C]. 2010 IEEE Symposium on Security and Privacy, Oakland, USA, 2010: 191–206.
[8]	SCHAUB A, SCHNEIDER E, HOLLENDER A, et al. Attacking suggest boxes in web applications over HTTPS using side-channel stochastic algorithms[C]. The International Conference on Risks and Security of Internet and Systems, Trento, Italy, 2014: 116–130.
[9]	OH S E, LI Shuai, and HOPPER N. Fingerprinting keywords in search queries over tor[J]. Proceedings on Privacy Enhancing Technologies, 2017, 2017(4): 251–270. doi: 10.1515/popets-2017-0048
[10]	MONACO J V. What are you searching for? a remote keylogging attack on search engine autocomplete[C]. The 28th USENIX Conference on Security Symposium, Santa Clara, USA, 2019: 959–976.
[11]	FITTS P M. The information capacity of the human motor system in controlling the amplitude of movement[J]. Journal of Experimental Psychology, 1954, 47(6): 381–391. doi: 10.1037/h0055392
[12]	DHAKAL V, FEIT A M, KRISTENSSON P O, et al. Observations on typing from 136 million keystrokes[C]. The 2018 CHI Conference on Human Factors in Computing Systems, Montreal, Canada, 2018: 646.
[13]	Verizon: IP latency statistics[EB/OL]. https://www.verizon.com/business/terms/latency/, 2021.
[14]	KILLOURHY K S and AXION R A. Free vs. transcribed text for keystroke-dynamics evaluations[C]. The 2012 Workshop on Learning from Authoritative Security Experiment Results, Arlington, USA, 2012: 1–8.
[15]	SCHUSTER M and PALIWAL K K. Bidirectional recurrent neural networks[J]. IEEE Transactions on Signal Processing, 1997, 45(11): 2673–2681. doi: 10.1109/78.650093
[16]	SCHWARZ M, LIPP M, GRUSS D, et al. KeyDrown: Eliminating software-based keystroke timing side-channel attacks[C]. The 25th Annual Network and Distributed System Security Symposium, San Diego, USA, 2018.
[17]	BALSA E, TRONCOSO C, and DIAZ C. OB-PWS: Obfuscation-based private web search[C]. 2012 IEEE Symposium on Security and Privacy, San Francisco, USA, 2012: 491–505.
[18]	ZHENG Li, ZHANG Liren, and XU Dong. Characteristics of network delay and delay jitter and its effect on voice over IP (VoIP)[C]. 2001 IEEE International Conference on Communications, Helsinki, Finland, 2001: 122–126.