From Website Fingerprinting to App Fingerprinting: Inferring private user activity from encrypted network traffic

Website Fingerprinting (WF) is a technique to analyse encrypted network traffic and infer private information about the content of communications from metadata. For instance, metadata may leak which web pages a user is browsing or which data users have provided to a site. Increasingly, online content is accessed via mobile devices and apps. While the leakage of private information by desktop web browsers has been extensively studied in recent years, the vulnerability of mobile apps to fingerprinting techniques remains largely an open question. In this project, we will investigate the extent to which fingerprinting attacks that utilize machine learning can infer sensitive private information from mobile app network traffic. For this, we will first analyse apps that facilitate browsing a specific site (e.g., news apps) by adapting WF methods to the mobile app environment. Next we will investigate the leakage of sensitive private data in apps with other functionalities, such as health tracking, location services, and dating. Based on the developed understanding of what can be inferred from the metadata of app traffic, we will design countermeasures that mitigate these privacy threats for mobile users.

Keywords:privacy, security, mobile, fingerprinting, metadata

Disciplines:Algebra, Applied mathematics in specific fields, Computer architecture and networks, Distributed computing, Information sciences, Information systems, Programming languages, Scientific computing, Theoretical computer science, Visual computing, Other information and computing sciences, Communications, Communications technology, Modelling, Multimedia processing