Traffic Analysis of the HTTP Protocol Over TLS
Source: University of Cambridge
The paper analyzes attacks that take advantage of the data length information leaked by HTTP transactions over the TLS protocol, in order to link clients with particular resources they might access on a web site. The threat model considered is a public news site that tries to protect the patterns of requests and submissions of its users by encrypting the HTTP connections using TLS, against an attacker that can observe all traffic. The paper shows how much information an attacker can infer about single requests and submissions knowing only their length. A Hidden Markov Model is then presented that analyzes sequences of requests and finds the most plausible resources accessed.