Researchers at the University of California, Berkeley, and Intel have discovered that private information can be obtained from encrypted communications using a technique known as traffic analysis to find patterns in the data stream.
The team's technique targets the HTTPS encryption that guards websites and relies on machine-learning algorithms to learn traffic patterns associated with different pages. Matching patterns can then be sought in a target's traffic trace.
Using this technique, the researchers could identify the pages for specific medical conditions on the Planned Parenthood and Mayo Clinic websites even though both sites use HTTPS encryption. Financial information is similarly identifiable. The method averages approximately 90-percent accuracy at identifying Web pages.
Researcher Scott Coull at security company RedJack recently discovered that traffic analysis can be highly effective with Apple's iMessage, which encrypts messages during the entire transmission. Using traffic analysis, Coull could identify with at least 96-percent accuracy information such as when users started or stopped typing, were sending or opening a message, and the language in which a message was written.
Traffic analysis can be a legitimate tool for businesses to improve targeted advertising, but also could be used for government surveillance programs.
From Technology Review
View Full Article
Abstracts Copyright © 2014 Information Inc., Bethesda, Maryland, USA
No entries found