IDEAS home Printed from https://ideas.repec.org/a/prg/jnlaip/v2015y2015i3id70p206-225.html
   My bibliography  Save this article

It Leaks More Than You Think: Fingerprinting Users from Web Traffic Analysis

Author

Listed:
  • Xujing Huang

Abstract

We show how, in real-world web applications, confidential information about user identities can be leaked through "non-intuitive communications", in particular web traffic which appear to be not related to the user information. In fact, our experiments on Google users demonstrate that even Google accounts are vulnerable on traffic attacks against user identities, using packet sizes and directions. And this work shows this kind of non-intuitive communication can leak even more information about user identities than the traffic explicitly using confidential information. Our work highlights possible side-channel leakage through cookies and more generally discovers fingerprints in web traffic which can improve the probability of correctly guessing a user identity. Our analysis is motivated by Hidden Markov Model, distance metric and guessing probability to analyse and evaluate these side-channel vulnerabilities.

Suggested Citation

  • Xujing Huang, 2015. "It Leaks More Than You Think: Fingerprinting Users from Web Traffic Analysis," Acta Informatica Pragensia, Prague University of Economics and Business, vol. 2015(3), pages 206-225.
    • Handle: RePEc:prg:jnlaip:v:2015:y:2015:i:3:id:70:p:206-225
    DOI: 10.18267/j.aip.70
    as

    Download full text from publisher

    File URL: http://aip.vse.cz/doi/10.18267/j.aip.70.html
    Download Restriction: free of charge
    File URL: http://aip.vse.cz/doi/10.18267/j.aip.70.pdf
    Download Restriction: free of charge
    File URL: https://libkey.io/10.18267/j.aip.70?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. N/A, 1996. "Note:," Foreign Trade Review, , vol. 31(1-2), pages 1-1, January.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Hiroshi Fujiki & Edward J. Green & Akira Yamazaki, 1999. "Sharing the risk of settlement failure," Working Papers 594, Federal Reserve Bank of Minneapolis.
    2. Kris James Mitchener & Matthew Jaremski, 2014. "The Evolution of Bank Supervision: Evidence from U.S. States," NBER Working Papers 20603, National Bureau of Economic Research, Inc.
    3. , G. & , & ,, 2008. "Non-Bayesian updating: A theoretical framework," Theoretical Economics, Econometric Society, vol. 3(2), June.
    4. Santiago Moreno-Bromberg & Luca Taschini, 2011. "Pollution permits, Strategic Trading and Dynamic Technology Adoption," Papers 1103.2914, arXiv.org.
    5. Andrei Kapaev, 2013. "Remark on repo and options," Papers 1311.5211, arXiv.org.
    6. Daniel Sanches, 2016. "On the Inherent Instability of Private Money," Review of Economic Dynamics, Elsevier for the Society for Economic Dynamics, vol. 20, pages 198-214, April.
    7. Ricardo de O. Cavalcanti & Andres Erosa & Ted Temzelides, 1999. "Private Money and Reserve Management in a Random-Matching Model," Journal of Political Economy, University of Chicago Press, vol. 107(5), pages 929-945, October.
    8. James J. McAndrews & William Roberds, 1999. "Payment intermediation and the origins of banking," Staff Reports 85, Federal Reserve Bank of New York.
    9. Allen Head & Junfeng Qiu, 2007. "Elastic Money, Inflation, And Interest Rate Policy," Working Paper 1152, Economics Department, Queen's University.
    10. Hentati-Kaffel, R. & Prigent, J.-L., 2016. "Optimal positioning in financial derivatives under mixture distributions," Economic Modelling, Elsevier, vol. 52(PA), pages 115-124.
    11. Fong, Wai Mun, 1997. "Robust beta estimation: Some empirical evidence," Review of Financial Economics, Elsevier, vol. 6(2), pages 167-186.
    12. Xavier Freixas & Bruno Parigi & Jean-Charles Rochet, 2000. "Systemic risk, interbank relations, and liquidity provision by the central bank," Proceedings, Federal Reserve Bank of Cleveland, pages 611-640.
    13. repec:ulb:ulbcvp:p0025 is not listed on IDEAS
    14. Steven Brams & D. Kilgour, 1998. "Backward Induction Is Not Robust: The Parity Problem and the Uncertainty Problem," Theory and Decision, Springer, vol. 45(3), pages 263-289, December.
    15. Christian Volpe Martincus & Andrés Gallo, 2009. "Institutions and Export Specialization: Just Direct Effects?," Kyklos, Wiley Blackwell, vol. 62(1), pages 129-149, February.
    16. Zelenyuk, Valentin, 2015. "Aggregation of scale efficiency," European Journal of Operational Research, Elsevier, vol. 240(1), pages 269-277.
    17. Junfeng Qiu, 2011. "Bank money, aggregate liquidity, and asset prices," Annals of Economics and Finance, Society for AEF, vol. 12(2), pages 295-346, November.
    18. Antunes, Antonio & Peeters, Dominique, 2001. "On solving complex multi-period location models using simulated annealing," European Journal of Operational Research, Elsevier, vol. 130(1), pages 190-201, April.
    19. Postlewaite, Andrew, 1998. "The social basis of interdependent preferences," European Economic Review, Elsevier, vol. 42(3-5), pages 779-800, May.
    20. Giacomo Bonanno, 2008. "Non-cooperative game theory," Working Papers 86, University of California, Davis, Department of Economics.
    21. Zibo Xu, 2013. "The instability of backward induction in evolutionary dynamics," Discussion Paper Series dp633, The Federmann Center for the Study of Rationality, the Hebrew University, Jerusalem.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:prg:jnlaip:v:2015:y:2015:i:3:id:70:p:206-225. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Stanislav Vojir (email available below). General contact details of provider: https://edirc.repec.org/data/uevsecz.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.