HTTPS secured websites are vulnerable to traffic analysis that can expose legal, financial and even health information, a recent security survey shows.
UC Berkeley researchers have found a way to identify web pages in someoneâ€™s traffic using their own methodology after analyzing 463,125 page loads collected from 10 websites in December 2013 and January 2014. The traffic analysis identified individual pages in the same website with 89% accuracy.
â€œOur attack applies clustering techniques to identify patterns in traffic. We then use a Gaussian distribution to determine similarity to each cluster and map traffic samples into a fixed width representation compatible with a wide range of machine learning techniques,â€ the researchers said.
Attackers can use this surveillance method to mine customer data for advertising purposes, block services for users suspected of accessing banned sites or monitor employeesâ€™ personal and corporate traffic.
To spot traffic patterns, the hacker needs to access the same websites as his victim and to be able to observe incoming traffic, to match it with the recognized patterns.
â€œWhile the use of HTTPS alleviates the privacy risks associated with sending data over untrusted networks, attackers and researchers alike are trying to poke holes in the encryption protocol or workarounds to decipher traffic,â€ Bogdan Botezatu, Senior E-Threat Analyst at Bitdefender says. â€œBut this research shows that decryption of traffic is not necessary for information gathering; matching the encrypted traffic pattern with specific known information would suffice. Think of a rainbow table for information.â€