Use this URL to cite or link to this record in EThOS: http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.674672
Title: Your WiFi is leaking : inferring private user information despite encryption
Author: Atkinson, J. S.
Awarding Body: UCL (University College London)
Current Institution: University College London (University of London)
Date of Award: 2015
Availability of Full Text:
Access from EThOS:
Full text unavailable from EThOS. Please try the link below.
Access from Institution:
Abstract:
This thesis describes how wireless networks can inadvertently leak and broadcast users' personal information despite the correct use of encryption. Users would likely assume that their activities (for example, the program or app they are using) and personal information (including age, religion, sexuality and gender) would remain confidential when using an encrypted network. However, we demonstrate how the analysis of encrypted traffic patterns can allow an observer to infer potentially sensitive data remotely, passively, undetectably, and without any network credentials. Without the ability to read encrypted WiFi traffic directly, the limited side-channel data available is processed. Following an investigation to determine what information is available and how it can be represented, it was determined that the comparison of various permutations of timing and frame size information is sufficient to distinguish specific user activities. The construction of classifiers via machine learning (Random Forests) utilising this side-channel information represented as histograms allows for the detection of user activity despite WiFi encryption. Studies showed that Skype voice traffic could be identified despite being interleaved with other activities. A subsequent study then demonstrated that mobile apps could be individually detected and, concerningly, used to infer potentially sensitive information about users due to their personalised nature. Furthermore, a full prototype system is developed and used to demonstrate that this analysis can be performed in real-time using low-cost commodity hardware in real-world scenarios. Avenues for improvement and the limitations of this approach are identified, and potential applications for this work are considered. Strategies to prevent these leaks are discussed and the effort required for an observer to present a practical privacy threat to the everyday WiFi user is examined.
Supervisor: Not available Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID: uk.bl.ethos.674672  DOI: Not available
Share: