| In the Internet age, Internet users are more and more concerned their privacy especially the Web browsing behaviors.Browsing a webpage introduces a typical request-response based network traffic which is associated with the structure of corresponding HTML document. This may make the traffic of a specified webpage demonstrate different features from others even when the traffic is encrypted. Traffic analysis techniques can be used to extract those features to identify a webpage and disclose the webpages the user visited.In this thesis, we propose EQPO, a method to defend against traffic analysis by obscuring web traffic with EQual-sized Pseudo-Objects. For Website, by equalizing the sizes of pseudo-objects and the numbers of pseudo-objects requests in each webpage, we can generate the web traffic and make the traffic for those webpages with no identifiable features. The main contents of the research are shown below.(1) We introduce the notion of equal-sized pseudo-object to design a new defence method against traffic analysis. A pseudo-object is composed by original objects, object fragments, or padding octets.(2) On the client side, we develop the EQPO-enabled webpage structure to support the requests and responses for equal-sized pseudo-object. On the server side,we construct equal-sized pseudo-object by the server program. Hence it can generate the Web traffic on the same website through the client-server cooperation.(3) We have implemented a proof of concept prototype with data URI scheme and the AJAX technique and design a series of experiment to validate the proposed countermeasure with some state of the art traffic analysis techniques. We also compare the EQPO method with other countermeasure method. |
PDF Full Text Request