Title :
PPTP: Privacy-Preserving Traffic Padding in Web-Based Applications
Author :
Wen Ming Liu ; Lingyu Wang ; Pengsu Cheng ; Kui Ren ; Shunzhi Zhu ; Debbabi, Mourad
Author_Institution :
Concordia Inst. for Inf. Syst. Eng., Concordia Univ., Montreal, QC, Canada
Abstract :
Web-based applications are gaining popularity as they require less client-side resources, and are easier to deliver and maintain. On the other hand, web applications also pose new security and privacy challenges. In particular, recent research revealed that many high profile web applications might cause sensitive user inputs to be leaked from encrypted traffic due to side-channel attacks exploiting unique patterns in packet sizes and timing. Moreover, existing solutions, such as random padding and packet-size rounding, were shown to incur prohibitive overhead while still failing to guarantee sufficient privacy protection. In this paper, we first observe an interesting similarity between this privacy-preserving traffic padding (PPTP) issue and another well studied problem, privacy-preserving data publishing (PPDP). Based on such a similarity, we present a formal PPTP model encompassing the privacy requirements, padding costs, and padding methods. We then formulate PPTP problems under different application scenarios, analyze their complexity, and design efficient heuristic algorithms. Finally, we confirm the effectiveness and efficiency of our algorithms by comparing them to existing solutions through experiments using real-world web applications.
Keywords :
Internet; data protection; publishing; PPDP; Web-based applications; encrypted traffic; formal PPTP model; heuristic algorithms; packet-size rounding; privacy protection; privacy-preserving data publishing; privacy-preserving traffic padding; random padding; sensitive user input leakage; side-channel attacks; Adaptation models; Algorithm design and analysis; Complexity theory; Data privacy; Privacy; Search engines; Servers; $k$ -indistinguishability; $l$ -diversity; PPTP; Traffic padding; side-channel leak; web application;
Journal_Title :
Dependable and Secure Computing, IEEE Transactions on
DOI :
10.1109/TDSC.2014.2302308