In today’s world mobile applications have been widely used, which
bring great convenience to people’s lives. However, at the same time user privacy
is potentially threatened. This paper shows that a passive eavesdropper can
identify fine grained user activities (known as in-app activities) by analysing
encrypted traffic collected by sniffing a wireless network. Even though
encryption protocols are used to secure communications over the Internet, side
channel data such as frame length, inter arrival time and direction are still leaked
from encrypted traffic. To identify in-app activities from this side channel data
machine learning techniques are used. Furthermore, we show that just by
observing only a small subset of encrypted traffic (rather than observing the
entire transaction), one can identify in-app activities accurately. The proposed
solution was evaluated with 51 in-app activities from three popular social
networking apps and obtained high detection accuracy, 95.4% when Bayes Net
algorithm is used.
Funding
UK-India Education Research Initiative (UKIERI) through grant UGC-UKIERI-2016-17-019.
History
School
Loughborough University London
Published in
Intelligent Computing: Proceedings of the 2020 Computing Conference
This is a pre-copyedited version
of a contribution published in Intelligent Computing: Proceedings of the 2020 Computing Conference edited by Kohei Arai, Supriya Kapoor and Rahul Bhatia published by Springer. The definitive authenticated version is available online via
http://dx.doi.org/10.1007/978-3-030-52249-0_46.