登录 | 注册 | 充值 | 退出 | 公司首页 | 繁体中文 | 满意度调查
综合馆
基于X.509证书测量的隐私泄露分析
  • 摘要

    SSL协议由于易于部署以及集成在Web浏览器中的天然属性,被广泛应用于保障网页浏览、电子邮件、文件传输等应用服务的信息传输安全,其中最典型的应用是HTTPS.然而,实践中往往由于HTTPS服务的部署存在问题,比如服务器采用自签名X.509证书等,给用户带来严重的安全威胁,包括信息遭窃取、用户身份和行为隐私泄露等.本文从标识服务器身份的X.509证书出发,通过对真实环境HTTPS服务端证书的大范围测量和分析来揭示采用自签名证书的HTTPS服务存在的应用服务类型泄露问题,以及由此引起的用户网络行为隐私泄露威胁.针对大规模真实环境中用户网络行为的测量分析和海量日志挖掘结果表明,X.509自签名证书提供了较强区分服务器加密应用类型的身份信息,加密HTTPS应用服务器的身份隐藏手段在很大程度上可以通过统计行为分析来识破,提供相同或相似的特定应用服务的服务器的被正确分类的准确率最高可达95%.

  • 作者

    曹自刚  熊刚  赵咏  CAO Zi-Gang  XIONG Gang  ZHAO Yong 

  • 作者单位

    北京邮电大学计算机学院 北京 100876/中国科学院信息工程研究所 北京100093

  • 刊期

    2014年1期 ISTIC EI PKU

  • 关键词

    HTTPS  X.509证书  自签名  测量  用户行为隐私  隐私保护  HTTPS  X.509 certificate  self-signed  measurement  user behavior privacy  privacy protection 

参考文献
  • [1] 朱畅华,裴昌幸,李建东,金旗. 网络测量及其关键技术. 西安电子科技大学学报(自然科学版), 2002,6
  • [2] 牛燕华,任新华,毕经平. Internet网络测量方式综述. 计算机应用与软件, 2006,7
  • [3] Tor Project:Anonymity Online. https://www.torproject.org/.2013-04-10
  • [4] Binde B;McRee R;O'Connor T J. Assessing outbound traffic to uncover advanced persistent threat. Maryland,USA:SANS Technology Institute, 2011
  • [5] Raymond J F. Traffic analysis:Protocols,attacks,design issues,and open problems. Berkeley,USA, 2001
  • [6] Sun Q;Simon D R;Wang Y M. Statistical identification of encrypted Web browsing traffic. Berkeley,USA, 2002
  • [7] Levillain O;(E)balard A;Morin B. One year of SSL internet measurement. Orlando,USA, 2012
  • [8] Ristic I. Internet SSL survey 2010. Redwood City,USA:Qualys,Inc.,Talk at BlackHat, 2010
  • [9] Bernaille L;Teixeira R. Early recognition of encrypted applications. Louvain-laneuve,Belgium, 2007
  • [10] Hirvonen M;Sailio M. Two-phased method for identifying SSH encrypted application flows. Istanbul,Turkey, 2011
  • [11] Fu Pei-Pei;Guo Li;Xiong Gang. Classification research on SSL encrypted application. {H}北京, 2013
  • [12] Liberatore M;Levine B N. Inferring the source of encrypted HTTP connections. Alexandria,USA, 2006
  • [13] Coull S E;Collins M P;Wright C V. On Web browsing privacy in anonymized NetFlows. Boston,USA, 2007
  • [14] Dyer K P;Coull S E;Ristenpart T. Peek-a-boo,I still see you:Why efficient traffic analysis countermeasures fail. San Francisco,USA, 2012
  • [15] JAP—ANONYMITY & PRIVACY. http://anon.inf.tu-dresden.de/index_en.html.2013-04-10
  • [16] Li F;Lai A;Ddl D. Evidence of advanced persistent threat:A case study of malware for political espionage. Fajardo,USA, 2011
  • [17] Bissias G D;Liberatore M;Jensen D. Privacy vulnerabilities in encrypted http streams. Cavtat,Croatia, 2006
  • [18] Levenshtein distance. http://en.wikipedia.org/wiki/Levenshtein_distance.2013-04-15
  • [19] Weka—Machine Learning Software in Java. http://sourceforge.net/projects/weka/.2013-04-15
  • [20] Holz R;Braun L;Kammenhuber N. The SSL landscape:A thorough analysis of the x.509 PKI using active and passive measurements. Berlin,Germany, 2011
  • [21] Schatzmann D;Mühlbauer W;Spyropoulos T. Digging into HTTPS:Flow-based classification of webmail traffic. {H}Melbourne,Australia, 2010
  • [22] Van Rijsbergen C J. Information Retrieval. London:Butterworths, 1979
  • [23] The Roof Is on Fire:Tackling Flame C&C Servers—Securelist. http://www.securelist.com/en/blog/208193540/The_Roof_Is_on_ Fire_ Tackling_Flames_C_C_Servers.2012-06-04
  • [24] Archibald R;Liu Y;Corbett C. Disambiguating HTTP:classifying Web applications. Istanbul,Turkey, 2011
  • [25] 国家互联网应急中心. http://www.cert.org.cn/publish/main/index.html.2013-04-10
  • [26] MaxMind-GeoIP| IP地址位置数据库. http://www.maxmind.com/zh/geolocation_landing.2013-04-15
  • [27] 在后续实验及研究中,我们对属性集合进行了扩充,但为了保持一致性,此处仍采用8个属性.
  • [28] Herrmann D;Wendolsky R;Federrath H. Website fingerprinting:Attacking popular privacy enhancing technologies with the multinomial naive-Bayes classifier. Chicago,USA, 2009
  • [29] Cai X;Zhang X C;Joshi B. Touching from a distance:Website fingerprinting attacks and defenses. Raleigh,USA, 2012
  • [30] Luo X;Zhou P;Chan E W W. HTTPOS:Sealing information leaks with browser-side obfuscation of encrypted flows. San Diego,USA, 2011
查看更多︾
相似文献 查看更多>>
3.228.21.186