HTTPS-what you think about it, are you surfing your internet with HTTPS and feel secure so WAIT! a report published by US researchers explore “HTTPS” may run a secured online store but it fails in the role of Privacy.
10 widely used HTTPS-secured Web sites “exposing personal details, including medical conditions, financial and legal affairs and sexual orientation,” according to US researchers.
‘I Know Why You Went to the Clinic: Risks and Realization of HTTPS Traffic Analysis’<<This PDF shows about the data which transferrred thourgh https may also be vulnerable to traffic analyisis. (BY : The UC Berkeley researchers Brad Miller, A. D. Joseph and J. D. Tygar and Intel Labs’ researchers, Ling Huang.)
More about What is Inside the PDF:
How even strongly encrypted Web traffic can reveal highly personal information to employers, Internet service providers, state-sponsored spies, or anyone else with the capability to monitor a connection between a site and the person visiting it. As a result, it’s possible for them to know with a high degree of certainty what video someone accessed on Netflix or YouTube.(VIA- http://arstechnica.com/)
PDF REPORT BY RESEARCHERS:
Researchers says about their research:
Our attack applies clustering techniques to identify patterns in traffic. We then use a Gaussian distribution to determine similarity to each cluster and map traffic samples into a fixed width representation compatible with a wide range of machine learning techniques.
What is actually need for an attacker to perform this attack:
- Attacker must be able to visit the same web page that the victim visits (allowing the attacker to identify patterns in encrypted traffic indicative of different web pages.)
- The adversary must also be able to observe victim traffic, allowing the adversary to match observed traffic with previously learned patterns.
