Fingerprinting HTTP2 web pages

Detalhes bibliográficos
Autor(a) principal: Francisco Pedro Chorão Estevão
Data de Publicação: 2017
Tipo de documento: Dissertação
Idioma: eng
Título da fonte: Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
Texto Completo: https://hdl.handle.net/10216/105546
Resumo: With the advent of HTTP2 it is no longer straightforward to collect HTTP web object sizes from a passive packet capture of Internet traffic. Web object size attack has been reported as effective in determining side-channel information such as which pages the user is requesting and in which order, which is detrimental to user privacy. Unlike HTTP/1.0 and HTTP/1.1, pipelining, response multiplexing, and server push are actually used which may compromise the correct identification of object sizes. The effect these mechanisms have on hindering the ability of the attacker to determine web object size depends on the web application that is generating traffic. This thesis will characterize the ability to determine web object sizes from HTTP2 packet captures for different web applications.
id RCAP_0380da0e7f5acc10c97b8c1a67d15c71
oai_identifier_str oai:repositorio-aberto.up.pt:10216/105546
network_acronym_str RCAP
network_name_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository_id_str https://opendoar.ac.uk/repository/7160
spelling Fingerprinting HTTP2 web pagesEngenharia electrotécnica, electrónica e informáticaElectrical engineering, Electronic engineering, Information engineeringWith the advent of HTTP2 it is no longer straightforward to collect HTTP web object sizes from a passive packet capture of Internet traffic. Web object size attack has been reported as effective in determining side-channel information such as which pages the user is requesting and in which order, which is detrimental to user privacy. Unlike HTTP/1.0 and HTTP/1.1, pipelining, response multiplexing, and server push are actually used which may compromise the correct identification of object sizes. The effect these mechanisms have on hindering the ability of the attacker to determine web object size depends on the web application that is generating traffic. This thesis will characterize the ability to determine web object sizes from HTTP2 packet captures for different web applications.2017-07-052017-07-05T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttps://hdl.handle.net/10216/105546TID:201797895engFrancisco Pedro Chorão Estevãoinfo:eu-repo/semantics/openAccessreponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiainstacron:RCAAP2025-02-27T17:55:41Zoai:repositorio-aberto.up.pt:10216/105546Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireinfo@rcaap.ptopendoar:https://opendoar.ac.uk/repository/71602025-05-28T22:31:32.592155Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiafalse
dc.title.none.fl_str_mv Fingerprinting HTTP2 web pages
title Fingerprinting HTTP2 web pages
spellingShingle Fingerprinting HTTP2 web pages
Francisco Pedro Chorão Estevão
Engenharia electrotécnica, electrónica e informática
Electrical engineering, Electronic engineering, Information engineering
title_short Fingerprinting HTTP2 web pages
title_full Fingerprinting HTTP2 web pages
title_fullStr Fingerprinting HTTP2 web pages
title_full_unstemmed Fingerprinting HTTP2 web pages
title_sort Fingerprinting HTTP2 web pages
author Francisco Pedro Chorão Estevão
author_facet Francisco Pedro Chorão Estevão
author_role author
dc.contributor.author.fl_str_mv Francisco Pedro Chorão Estevão
dc.subject.por.fl_str_mv Engenharia electrotécnica, electrónica e informática
Electrical engineering, Electronic engineering, Information engineering
topic Engenharia electrotécnica, electrónica e informática
Electrical engineering, Electronic engineering, Information engineering
description With the advent of HTTP2 it is no longer straightforward to collect HTTP web object sizes from a passive packet capture of Internet traffic. Web object size attack has been reported as effective in determining side-channel information such as which pages the user is requesting and in which order, which is detrimental to user privacy. Unlike HTTP/1.0 and HTTP/1.1, pipelining, response multiplexing, and server push are actually used which may compromise the correct identification of object sizes. The effect these mechanisms have on hindering the ability of the attacker to determine web object size depends on the web application that is generating traffic. This thesis will characterize the ability to determine web object sizes from HTTP2 packet captures for different web applications.
publishDate 2017
dc.date.none.fl_str_mv 2017-07-05
2017-07-05T00:00:00Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.uri.fl_str_mv https://hdl.handle.net/10216/105546
TID:201797895
url https://hdl.handle.net/10216/105546
identifier_str_mv TID:201797895
dc.language.iso.fl_str_mv eng
language eng
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.source.none.fl_str_mv reponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron:RCAAP
instname_str FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron_str RCAAP
institution RCAAP
reponame_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
collection Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository.name.fl_str_mv Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
repository.mail.fl_str_mv info@rcaap.pt
_version_ 1833599727909732352

Registros relacionados