Thwarting Traffic Classification for Privacy Preservation

Abstract

Research proved that supposedly secure encrypted network traffic is actually threatened by privacy and security violations from many aspects. This is mainly due to flow features leaking evidence about the user activity and data content. With the increasing popularity of machine learning techniques, the traditional means of encrypting packets are no longer feasible approaches from the privacy perspective. A passive adversary can monitor traffic patterns that remain intact after encryption, such as timing, size, direction, and count of packets in a specific network flow. Using these features, he can build classifiers and detect instances of application protocols. Hence, traffic analysis is considered a big threat for the privacy of Internet users. In this thesis, we aim at understanding if and how complicated it is to obfuscate the information leaked by traffic features. We define a security model of the typical thwarting system against malicious traffic analysis. Then, we propose practical techniques to prevent traffic feature leaks. These methods consist of modifying the flow’s statistical characteristics to mislead traffic classifiers. However, they could impose overhead in terms of processing and memory resources. This fact is not acceptable for devices that have limited means, nor is it acceptable for applications with interactive dynamic nature. Thus, having efficient security is key while decreasing computation and storage overhead on the devices, and reducing latency on the traffic. Additionally, given that there are different types of heterogeneous apps, the obfuscation system needs to be dynamic and scalable. For these reasons, we define the optimized privacy-leak thwarting technique resulting in a tradeoff between privacy and complexity overhead. We propose a mathematical model for network obfuscation, and we formulate analytically a constrained optimization problem that treats maximization of network obfuscation while minimizing overhead as a cost. The aim of our optimization is to decrease the security risks of statistical traffic analysis attacks by optimally obfuscating an app traffic. We propose dynamic algorithms to solve the optimization problem of traffic obfuscation by selecting the target app and the length from the target app to mutate to. We analyze the full privacy protection of our solutions using both analytical and experimental models. First, we suggest metrics for quantitative privacy measurement to measure obfuscation system’s resilience to traffic analysis attacks. And then, we assess their effectiveness through extensive simulations on real-world data traces. Finally, we propose metrics based on information theory to explain the empirical results of obfuscation models. We also suggest criteria for selecting tunable parameters to achieve best results of the obfuscation model. Our measures evaluate, for any obfuscation system, the right choice of features to mutate, as well as the right choice of target applications to mutate to.