Cracking encrypted traffic may be easier than you think

Many IT security experts say encrypting data is the only way enterprises can be assured data is protected on premise or in the cloud.

But an academic paper says that under certain circumstances HTTPS traffic itself can be analyzed to deduce a person’s medical condition and sexual orientation by revealing what Web pages have been visited.

The technique developed by researchers at the University of California at Berkley and Intel Labs isn’t perfect – individual Web pages in the same Web site can be identified with 89 per cent accuracy, but variations can be as large as 18 per cent due to assumptions affecting caching and cookies.

But their point is that “HTTPS is far more vulnerable to traffic analysis than has been previously discussed by researchers.”

According to ComputerWorld U.S. the report is to be presented at a July 16 privacy conference in Amsterdam.

The researchers captured 463,125 page loads from a number of U.S. healthcare, finance, legal services and streaming video sites including the May Clinic, Planned Parenthood, the Bank of America and Netflix.

Briefly, they used clustering techniques to identify patterns in the traffic, then other analytic techniques to identify pages with some degree of accuracy.

Obviously, if it can be determined that a particular person goes to a healthcare site regularly for information on a chronic disease, or a legal site for bankruptcy information highly personal information might be deduced — assuming, of course, the viewer isn’t accessing the page on behalf of a relative or friend.

Read the whole story here

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News

CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.