Who are you talking to? Breaching privacy in encrypted IM networks

Muhammad U. Ilyas, M. Zubair Shafiq, Alex X. Liu, Hayder Radha

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

We present a novel attack on relayed instant messaging (IM) traffic that allows an attacker to infer who's talking to whom with high accuracy. This attack only requires collection of packet header traces between users and IM servers for a short time period, where each packet in the trace goes from a user to an IM server or vice-versa. The specific goal of the attack is to accurately identify a candidate set of top-k users with whom a given user possibly talked to, while using only the information available in packet header traces (packet payloads cannot be used because they are mostly encrypted). Towards this end, we propose a wavelet-based scheme, called COmmunication Link De-anonymization (COLD), and evaluate its effectiveness using a real-world Yahoo! Messenger data set. The results of our experiments show that COLD achieves a hit rate of more than 90% for a candidate set size of 10. For slightly larger candidate set size of 20, COLD achieves almost 100% hit rate. In contrast, a baseline method using time series correlation could only achieve less than 5% hit rate for similar candidate set sizes.
Original languageEnglish
Title of host publication2013 21st IEEE International Conference on Network Protocols (ICNP)
PublisherIEEE
Pages1-10
Number of pages10
ISBN (Print)978-1-4799-1270-4
DOIs
Publication statusPublished - 10 Oct 2013
Event2013 21st IEEE International Conference on Network Protocols (ICNP) - Goettingen, Germany
Duration: 7 Oct 201310 Oct 2013

Conference

Conference2013 21st IEEE International Conference on Network Protocols (ICNP)
Period7/10/1310/10/13

Keywords

  • Servers
  • Correlation
  • Relays
  • Wavelet transforms
  • Vectors
  • Time series analysis
  • IP networks

Fingerprint

Dive into the research topics of 'Who are you talking to? Breaching privacy in encrypted IM networks'. Together they form a unique fingerprint.

Cite this