When we use the Internet, we are seeking in our HTTPS browser window when making purchases and entering of other sensitive information because we believe it is to keep our data safe from prying eyes. But a group of researchers has proved that HTTPS is a tool of the ugly privacy, and that anyone who can view, record and analyze visitor traffic can identify - with 89 percent accuracy - the pages that they have visited and the personal data they have shared.
The group consisting of UC Berkley researchers and Intel Labs captured the traffic of visitors to ten health care People (Mayo Clinic, Planned Parenthood, Kaiser Permanente), finance (Wells Fargo Bank of America, Vanguard), and legal services (ACLU legal Zoom).
"Our attack applied clustering techniques to identify traffic patterns. We then use a Gaussian distribution to determine the similarity to each group and map the samples of traffic in a fixed width representation compatible with range machine learning techniques. because of the similarity with the approach bag-of-words for document classification, we refer to our technical as bag-of-Gaussian (BOG), "they explained in a White Book.
The summary of this research is as such:
Revelations of large-scale electronic surveillance and data mining by the governments and companies have fueled the adoption of increased HTTPS. We present a traffic analysis attack against more than 6,000 web pages ...
Our attack identifies the individual pages within the same site with 89% accuracy, exponent personal details, including medical, legal conditions and financial affairs and sexual orientation . We review the evaluation methodology and reveal the precise variations as high as 18% due to assumptions that affect caching and cookies.
We present a new defense reducing the accuracy of attack to 27% with an increase of 9% of traffic, and demonstrate significantly increased the effectiveness of earlier defenses in our context of evaluation, including caching is enabled, user- specific cookies and the pages of the same site
Cornell University Library provides all of the study, "I know why you went clinic: Risks and achievements of HTTPS traffic analysis "so that you can know all the scary details
so check IPVanish VPN for how it can protect your personal and sometimes embarrassing for low.!. only $ 6.49 / month you will 14,000+ IPs on 110+ servers in 47 countries to hide behind giving you peace of mind knowing that you surf the web with privacy you deserve!
Source: net Security
0 Komentar