System and method for evaluating and enhancing source anonymity for encrypted web traffic
First Claim
Patent Images
1. A method for obfuscating Web traffic volume in a networking environment that is sent by a Web server in response to a request by an Internet client to access a Web page, the method comprising:
- receiving, by the Web server, a request from the Internet client to access the Web page;
padding by the Web server each of a plurality of objects of the Web page, wherein the padding comprises altering an original size of the object by adding redundant data;
randomly selecting an object, by the Web server, via the Web server, to add to the Web page;
adding the randomly selected object to the Web page by the Web server encrypting the Web page, by the Web server, by encrypting both the padded object and randomly selected added object;
obfuscating the traffic pattern of the transmitted Web page via the padding and further via the adding the at least one randomly selected object;
transmitting by the Web server the encrypted Web page to the Internet client monitoring by the Web server, a traffic pattern of Web pages transmitted to the Internet client;
decrypting by the Internet client the transmitted Web page;
discarding by the Internet client the randomly selected added object;
removing by the Internet client at least portions of the padding from each decrypted object that contains padding; and
displaying by the Internet client the decrypted web page with the randomly objects and the padding removed.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method is provided for evaluating the effectiveness of data encryption for hiding the identity of the source of Web traffic. A signature is constructed from encrypted Web traffic for a Web page sent by a target Web site, and the signature is compared with archived traffic signatures obtained by accessing various Web pages of interest in advance. If the signature of the detected encrypted Web traffic matches a stored traffic signature beyond a pre-set statistical threshold, a positive match is found, and the source of the traffic is identified. Countermeasures for reducing the reliability of source identification based on traffic signature matching are provided.
44 Citations
3 Claims
-
1. A method for obfuscating Web traffic volume in a networking environment that is sent by a Web server in response to a request by an Internet client to access a Web page, the method comprising:
-
receiving, by the Web server, a request from the Internet client to access the Web page;
padding by the Web server each of a plurality of objects of the Web page, wherein the padding comprises altering an original size of the object by adding redundant data;
randomly selecting an object, by the Web server, via the Web server, to add to the Web page;
adding the randomly selected object to the Web page by the Web server encrypting the Web page, by the Web server, by encrypting both the padded object and randomly selected added object;
obfuscating the traffic pattern of the transmitted Web page via the padding and further via the adding the at least one randomly selected object;transmitting by the Web server the encrypted Web page to the Internet client monitoring by the Web server, a traffic pattern of Web pages transmitted to the Internet client;
decrypting by the Internet client the transmitted Web page;
discarding by the Internet client the randomly selected added object;
removing by the Internet client at least portions of the padding from each decrypted object that contains padding; and
displaying by the Internet client the decrypted web page with the randomly objects and the padding removed. - View Dependent Claims (2, 3)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeMicrosoft Technology Licensing LLC (Microsoft Corporation)
-
Original AssigneeMicrosoft Corporation
-
InventorsSimon, Daniel R., Wang, Yi-Min, Padmanabhan, Venkata N., Qiu, Lili, Russell, Wilfred, Sun, Qixiang
-
Primary Examiner(s)Fischer; Andrew J.
-
Assistant Examiner(s)Winter; John M
-
Application NumberUS11/064,677Publication NumberTime in Patent Office1,769 DaysField of Search705/51, 705/1, 705/50US Class Current705/50CPC Class CodesG06F 2221/2107 File encryptionG06F 2221/2119 Authenticating web pages, e...G06Q 20/10 specially adapted for elect...G06Q 20/102 Bill distribution or paymentsG06Q 20/1085 involving automatic teller ...G06Q 20/40 Authorisation, e.g. identif...H04L 63/0407 wherein the identity of one...H04L 63/1408 by monitoring network traff...
