Effect of Pipelining and Multiplexing in Estimating HTTP/2.0 Web Object Sizes.
作者: Ricardo Morla
DOI:
关键词:
摘要: HTTP response size is a well-known side channel attack. With the deployment of HTTP/2.0, estimation attacks are generally dismissed with argument that pipelining and multiplexing prevent eavesdroppers from finding out sizes. Yet impact actually have in estimating sizes has not been adequately investigated. In this paper we set to help understand effect web objects on Internet. We conduct an experiment collects TLS record 10k popular sites. gather evidence discuss reasons for limited amount used Internet today: only 29% HTTP2 observe pipelined 5% multiplexed. also provide worst case results under different attack assumptions show how effective simple model can be. Our conclusion especially yield, as expected, perceivable increase relative object error yet extent observed today simplicity current mechanisms hinder their ability estimation.
arxiv.org
harvard.edu参考文章(9)
Bruce Schneier, David Wagner, Analysis of the SSL 3.0 protocol WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2. pp. 4- 4 ,(1996)
Shuo Chen, Rui Wang, XiaoFeng Wang, Kehuan Zhang, Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow ieee symposium on security and privacy. pp. 191- 206 ,(2010) , 10.1109/SP.2010.20
M. Dusi, A. Este, F. Gringoli, L. Salgarelli, Using GMM and SVM-Based Techniques for the Classification of SSH-Encrypted Traffic international conference on communications. pp. 702- 707 ,(2009) , 10.1109/ICC.2009.5199557
Charles V. Wright, Lucas Ballard, Scott E. Coull, Fabian Monrose, Gerald M. Masson, Spot Me if You Can: Uncovering Spoken Phrases in Encrypted VoIP Conversations ieee symposium on security and privacy. pp. 35- 49 ,(2008) , 10.1109/SP.2008.21
Roberto Peon, Martin Thomson, Mike Belshe, Hypertext Transfer Protocol Version 2 (HTTP/2) RFC. ,vol. 7540, pp. 1- 96 ,(2015)
Qinglong Wang, Amir Yahyavi, Bettina Kemme, Wenbo He, I know what you did on your smartphone: Inferring app usage over encrypted data traffic communications and networking symposium. pp. 433- 441 ,(2015) , 10.1109/CNS.2015.7346855
Ran Dubin, Amit Dvir, Ofir Pele, Ofer Hadar, I Know What You Saw Last Minute - Encrypted HTTP Adaptive Video Streaming Title Classification arXiv: Multimedia. ,(2016) , 10.1109/TIFS.2017.2730819
Bogdan Copos, Karl Levitt, Matt Bishop, Jeff Rowe, Is Anybody Home? Inferring Activity From Smart Home Network Traffic ieee symposium on security and privacy. pp. 245- 251 ,(2016) , 10.1109/SPW.2016.48
Iskander Sanchez-Rola, Davide Balzarotti, Igor Santos, The Onions Have Eyes: A Comprehensive Structure and Privacy Analysis of Tor Hidden Services the web conference. pp. 1251- 1260 ,(2017) , 10.1145/3038912.3052657