research-article

Traffic Analysis of Encrypted Messaging Services: Apple iMessage and Beyond

Authors:
Scott E. Coull

RedJack, LLC, Silver Spring, MD, USA

RedJack, LLC, Silver Spring, MD, USA
View Profile

,
Kevin P. Dyer

Portland State University, Portland, OR, USA

Portland State University, Portland, OR, USA
View Profile

Authors Info & Claims

ACM SIGCOMM Computer Communication Review Volume 44 Issue 5October 2014pp 5–11https://doi.org/10.1145/2677046.2677048

Published:10 October 2014Publication History

ACM SIGCOMM Computer Communication Review

Abstract

Instant messaging services are quickly becoming the most dominant form of communication among consumers around the world. Apple iMessage, for example, handles over 2 billion messages each day, while WhatsApp claims 16 billion messages from 400 million international users. To protect user privacy, many of these services typically implement end-to-end and transport layer encryption, which are meant to make eavesdropping infeasible even for the service providers themselves. In this paper, however, we show that it is possible for an eavesdropper to learn information about user actions, the language of messages, and even the length of those messages with greater than 96% accuracy despite the use of state-of-the-art encryption technologies simply by observing the sizes of encrypted packets. While our evaluation focuses on Apple iMessage, the attacks are completely generic and we show how they can be applied to many popular messaging services, including WhatsApp, Viber, and Telegram.

References

Spencer Ackerman and James Ball. Optic Nerve: Millions of Yahoo Webcam Images Intercepted by GCHQ. http://www.theguardian.com/world/2014/feb/27/gchq-nsa-webcam-images-internet-yahoo, February 2014.Google Scholar
Inc. Apple. iOS Security. http://images.apple.com/iphone/business/docs/iOS_Security_Feb14.pdf, February 2014.Google Scholar
Agathe Battestini, Vidya Setlur, and Timothy Sohn. A Large Scale Study of Text-Messaging Use. In Proceedings of the 12th Conference on Human Computer Interaction with Mobile Devices and Services, pages 229--238, 2010. Google ScholarDigital Library
Marjorie Cohn. NSA Metadata Collection: Fourth Amendment Violation. http://www.huffingtonpost.com/marjorie-cohn/nsa-metadata-collection-f_b_4611211.html, January 2014.Google Scholar
K.P. Dyer, S.E. Coull, T. Ristenpart, and T. Shrimpton. Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail. In Proceedings of the 33rd IEEE Symposium on Security and Privacy, pages 332--346, May 2012. Google ScholarDigital Library
Michael Frister and Martin Kreichgauer. PushProxy: A Man-in-the-Middle Proxy for iOS and OS X Device Push Connections. https://github.com/meeee/pushproxy, May 2013.Google Scholar
Dan Goodin. Can Apple Read Your iMessages? Ars Deciphers End-to-End Crypto Claims. http://arstechnica.com/security/2013/06/can-apple-read-your-imessages-ars-deciphers-end-to-end-crypto-claims/, June 2013.Google Scholar
Matthew Green. Can Apple read your iMessages? http://blog.cryptographyengineering.com/2013/06/can-apple-read-your-imessages.html, June 2013.Google Scholar
Andy Greenberg. Apple Claims It Encrypts iMessages And Facetime So That Even It Can't Decipher Them. http://www.forbes.com/sites/andygreenberg/2013/06/17/apple-claims-it-encrypts-imessages-and-facetime-so-that-even-it-cant-read-them, June 2013.Google Scholar
Mark Hall, Eibe Frank, Geoffrey Holmes, Bernhard Pfahringer, Peter Reutemann, and Ian H. Witten. The WEKA Data Mining Software: An Update. SIGKDD Explorations, 11(1), 2009. Google ScholarDigital Library
Dominik Herrmann, Rolf Wendolsky, and Hannes Federrath. Website Fingerprinting: Attacking Popular Privacy Enhancing Technologies with the Multinomial Naive-Bayes Classifier. In Proceedings of the ACM Workshop on Cloud Computing Security, pages 31--42, November 2009. Google ScholarDigital Library
M. Liberatore and B. Levine. Inferring the Source of Encrypted HTTP Connections. In Proceedings of the 13th ACM Conference on Computer and Communications Security, pages 255--263, October 2006. Google ScholarDigital Library
Ben Lovejoy. Massive Growth in Apple's Cloud-Based Services Eclipsed by Debate on Financials. http://www.macrumors.com/2013/01/24/massive-growth-in-apples-cloud-based-services-eclipsed-by-debate-on-financials, January 2013.Google Scholar
Parmy Olson. Watch Out, Facebook: WhatsApp Climbs Past 400 Million Active Users. http://www.forbes.com/sites/parmyolson/2013/12/19/watch-out-facebook-whatsapp-climbs-past-400-million-active-users/, December 2013.Google Scholar
Andriy Panchenko, Lukas Niessen, Andreas Zinnen, and Thomas Engel. Website Fingerprinting in Onion Routing-based Anonymization Networks. In Proceedings of the Workshop on Privacy in the Electronic Society, pages 103--114, October 2011. Google ScholarDigital Library
Q. Sun, D. R. Simon, Y. Wang, W. Russell, V. N. Padmanabhan, and L. Qiu. Statistical Identification of Encrypted Web Browsing Traffic. In Proceedings of the 23rd Annual IEEE Symposium on Security and Privacy, pages 19--31, May 2002. Google ScholarDigital Library
Jörg Tiedemann. Parallel Data, Tools and Interfaces in OPUS. In Proceedings of the 8th International Conference on Language Resources and Evaluation, May 2012.Google Scholar
Andrew M. White, Austin R. Matthews, Kevin Z. Snow, and Fabian Monrose. Phonotactic Reconstruction of Encrypted VoIP Conversations: Hookt on Fon-iks. In Proceedings of the 32nd IEEE Symposium on Security and Privacy, pages 3--18, May 2011. Google ScholarDigital Library
C. Wright, L. Ballard, S. Coull, F. Monrose, and G. Masson. Spot Me if You Can: Uncovering Spoken Phrases in Encrypted VoIP Conversations. In Proceedings of the 29th Annual IEEE Symposium on Security and Privacy, pages 35--49, May 2008. Google ScholarDigital Library
Charles V. Wright, Scott E. Coull, and Fabian Monrose. Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis. In Proceedings of the 16th Network and Distributed Systems Security Symposium, pages 237--250, February 2009.Google Scholar

Index Terms

Traffic Analysis of Encrypted Messaging Services: Apple iMessage and Beyond
1. Security and privacy
  1. Network security

Recommendations

Pandora Messaging: An Enhanced Self-Message-Destructing Secure Instant Messaging Architecture for Mobile Devices
WAINA '12: Proceedings of the 2012 26th International Conference on Advanced Information Networking and Applications Workshops

We propose the Pandora Messaging, an enhanced secure instant messaging architecture which is equipped with a self-message-destructing feature for sensitive personal information applications in a mobile environment. We design the Pandora Message ...
Read More
Signature identification and user activity analysis on WhatsApp Web through network data
Abstract
WhatsApp messenger is a popular instant messaging application that employs end-to-end encryption for communication. WhatsApp Web is the browser-based implementation of WhatsApp messenger. Users of WhatsApp communicate securely using ...
Read More
Securing messaging services through efficient signcryption with designated equality test
Abstract
To address security and privacy issues in messaging services, we present a public key signcryption scheme with designated equality test on ciphertexts (PKS-DET) in this paper. The scheme enables a sender to simultaneously encrypt and ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM SIGCOMM Computer Communication Review Volume 44, Issue 5
October 2014
40 pages
ISSN:0146-4833
DOI:10.1145/2677046
Editors:
Konstantina Papagiannaki
Telefonica Research, Barcelona, Spain
,
Katerina Argyraki
EPFL, Switzerland
,
Hitesh Ballani
Microsoft Research Cambridge, UK
,
Fabián Bustamante
Northwestern University, USA
,
Joseph Camp
SMU, USA
,
Augustin Chaintreau
Columbia University, USA
,
Phillipa Gill
Stony Brook University, USA
,
Marco Mellia
Politecnico di Torino, Italy
,
Bhaskaran Raman
IIT Bombay, India
,
Joel Sommers
Colgate University, USA
,
Aline Carneiro Viana
INRIA, France
Issue’s Table of Contents
Copyright © 2014 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 10 October 2014
Check for updates
Author Tags
encryption
privacy
traffic analysis
Qualifiers
- research-article
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 74
  Total Citations
  View Citations
- 982
  Total Downloads
- Downloads (Last 12 months)84
- Downloads (Last 6 weeks)12
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Traffic Analysis of Encrypted Messaging Services: Apple iMessage and Beyond

ACM SIGCOMM Computer Communication Review

Abstract

References

Cited By

Index Terms

Recommendations

Pandora Messaging: An Enhanced Self-Message-Destructing Secure Instant Messaging Architecture for Mobile Devices

Signature identification and user activity analysis on WhatsApp Web through network data

Securing messaging services through efficient signcryption with designated equality test