Practical Traffic Analysis Attacks on Secure Messaging Applications

by   Alireza Bahramali, et al.

Instant Messaging (IM) applications like Telegram, Signal, and WhatsApp have become extremely popular in recent years. Unfortunately, such IM services have been targets of continuous governmental surveillance and censorship, as these services are home to public and private communication channels on socially and politically sensitive topics. To protect their clients, popular IM services deploy state-of-the-art encryption mechanisms. In this paper, we show that despite the use of advanced encryption, popular IM applications leak sensitive information about their clients to adversaries who merely monitor their encrypted IM traffic, with no need for leveraging any software vulnerabilities of IM applications. Specifically, we devise traffic analysis attacks that enable an adversary to identify administrators as well as members of target IM channels (e.g., forums) with high accuracies. We believe that our study demonstrates a significant, real-world threat to the users of such services given the increasing attempts by oppressive governments at cracking down controversial IM channels. We demonstrate the practicality of our traffic analysis attacks through extensive experiments on real-world IM communications. We show that standard countermeasure techniques such as adding cover traffic can degrade the effectiveness of the attacks we introduce in this paper. We hope that our study will encourage IM providers to integrate effective traffic obfuscation countermeasures into their software. In the meantime, we have designed and deployed an open-source, publicly available countermeasure system, called IMProxy, that can be used by IM clients with no need for any support from IM providers. We have demonstrated the effectiveness of IMProxy through experiments.


Client-side Vulnerabilities in Commercial VPNs

Internet users increasingly rely on commercial virtual private network (...

IXmon: Detecting and Analyzing DRDoS Attacks at Internet Exchange Points

Distributed reflective denial of service (DRDoS) attacks are a popular c...

TorKameleon: Improving Tor's Censorship Resistance With K-anonimization and Media-based Covert Channels

The use of anonymity networks such as Tor and similar tools can greatly ...

Might I Get Pwned: A Second Generation Password Breach Alerting Service

Credential stuffing attacks use stolen passwords to log into victim acco...

Towards Language-Based Mitigation of Traffic Analysis Attacks

Traffic analysis attacks pose a major risk for online security. Distinct...

Watching the Weak Link into Your Home: An Inspection and Monitoring Toolkit for TR-069

TR-069 is a standard for the remote management of end-user devices by se...

Evaluating Snowflake as an Indistinguishable Censorship Circumvention Tool

Tor is the most well-known tool for circumventing censorship. Unfortunat...

Please sign up or login with your details

Forgot password? Click here to reset