Analyzing Encrypted Web Traffic for Privacy Leaks

Encryption is (if used correctly) a very effective solution for hiding the content of confidential messages. However, despite encryption some information are very often still visible. One example is the message size, which is usually changed only slightly during encryption. Thus, by watching the size of encrypted messages or even better of a sequence of encrypted message, some assumptions on the content can be done.

The task of this thesis is investigating these threats for Web browsers. For example: if a browser renders a (confidential) HTML page, it requests a series of further resources (CSS, JavaScript, images). An attacker can derive certain information on the HTML page just by observing these secondary requests. In this thesis the feasibility of such attacks shall be analyzed and improved, e.g. by deferring the delivery of the HTML page to the browser to identify which block inside the page has triggered a new request.

Publisert 6. aug. 2018 11:11 - Sist endret 6. aug. 2018 11:12


Omfang (studiepoeng)