• Publication
  • PrePrints
  • Abstract - PPTP: Privacy-Preserving Traffic Padding in Web-Based Applications
 This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
PPTP: Privacy-Preserving Traffic Padding in Web-Based Applications
PrePrint
ISSN: 1545-5971
Web-based applications are gaining popularity as they require less client-side resources, and are easier to deliver and maintain. On the other hand, Web applications also pose new security and privacy challenges. In particular, recent research revealed that many high profile Web applications might cause sensitive user inputs to be leaked from encrypted traffic due to side-channel attacks exploiting unique patterns in packet sizes and timing. Moreover, existing solutions, such as random padding and packet-size rounding, were shown to incur prohibitive overhead while still failing to guarantee sufficient privacy protection. In this paper, we first observe an interesting similarity between this privacy-preserving traffic padding (PPTP) issue and another well studied problem, privacy-preserving data publishing (PPDP). Based on such a similarity, we present a formal PPTP model encompassing the privacy requirements, padding costs, and padding methods. We then formulate PPTP problems under different application scenarios, analyze their complexity, and design efficient heuristic algorithms. Finally, we confirm the effectiveness and efficiency of our algorithms by comparing them to existing solutions through experiments using real-world Web applications.
Citation:
Mourad Debbabi, Shunzhi Zhu, Lingyu Wang, Pengsu Cheng, Kui Ren, "PPTP: Privacy-Preserving Traffic Padding in Web-Based Applications," IEEE Transactions on Dependable and Secure Computing, 04 Feb. 2014. IEEE computer Society Digital Library. IEEE Computer Society, <http://doi.ieeecomputersociety.org/10.1109/TDSC.2014.2302308>
Usage of this product signifies your acceptance of the Terms of Use.