Web-based applications are gaining popularity as
they require less client-side resources, and are easier to deliver and
maintain. On the other hand, Web applications also pose new security and
privacy challenges. In particular, recent research revealed that many high
profile Web applications might cause sensitive user inputs to be leaked from
encrypted traffic due to side-channel attacks exploiting unique patterns in
packet sizes and timing. Moreover, existing solutions, such as random padding
and packet-size rounding, were shown to incur prohibitive overhead while still
failing to guarantee sufficient privacy protection. In this paper, we first
observe an interesting similarity between this privacy-preserving traffic
padding (PPTP) issue and another well studied problem, privacy-preserving data
publishing (PPDP). Based on such a similarity, we present a formal PPTP model
encompassing the privacy requirements, padding costs, and padding methods. We
then formulate PPTP problems under different application scenarios, analyze
their complexity, and design efficient heuristic algorithms. Finally, we
confirm the effectiveness and efficiency of our algorithms by comparing them to
existing solutions through experiments using real-world Web applications.
No comments:
Post a Comment