Fingerprinting HTTP2 web pages

With the advent of HTTP2 it is no longer straightforward to collect HTTP web object sizes from a passive packet capture of Internet traffic. Web object size attack has been reported as effective in determining side-channel information such as which pages the user is requesting and in which order, wh...

Full description

Bibliographic Details
Main Author: Francisco Pedro Chorão Estevão (author)
Format: masterThesis
Language:eng
Published: 2017
Subjects:
Engenharia electrotécnica, electrónica e informática
Electrical engineering, Electronic engineering, Information engineering
Online Access:https://hdl.handle.net/10216/105546
Country:Portugal
Oai:oai:repositorio-aberto.up.pt:10216/105546
Description
Summary:With the advent of HTTP2 it is no longer straightforward to collect HTTP web object sizes from a passive packet capture of Internet traffic. Web object size attack has been reported as effective in determining side-channel information such as which pages the user is requesting and in which order, which is detrimental to user privacy. Unlike HTTP/1.0 and HTTP/1.1, pipelining, response multiplexing, and server push are actually used which may compromise the correct identification of object sizes. The effect these mechanisms have on hindering the ability of the attacker to determine web object size depends on the web application that is generating traffic. This thesis will characterize the ability to determine web object sizes from HTTP2 packet captures for different web applications.

Similar Items