Abstract
Many people started being concerned about their privacy in delivering private chats, photographs, contacts and other personal information through mobile instant messaging services. Fortunately, in the majority of mobile instant messaging services, encrypted communication channels (e.g., using the SSL/TLS protocols) are used by default to protect delivered messages against eavesdropping attacks. In this paper, however, we show that encryption is not enough. For example, in a real world service named KakaoTalk, many users’ online activities can effectively be identified with 99.7 % accuracy even though traffic is encrypted. We present a practical traffic analysis attack using a supervised machine learning technique.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
KakaoTalk: number of monthly active users 2013–2015 (2015). http://www.statista.com/statistics/278846/kakaotalk-monthly-active-users-mau/
Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)
Conti, M., Mancini, L.V., Spolaor, R., Verde, N.V.: Can’t you hear me knocking: Identification of user actions on Android apps via traffic analysis. In: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy (2015)
Coull, S.E., Dyer, K.P.: Traffic analysis of encrypted messaging services: apple imessage and beyond. ACM SIGCOMM Comput. Commun. Rev. 44(5), 5–11 (2014)
Daemen, J., Rijmen, V.: The Design of Rijndael: AES–The Advanced Encryption Standard. Springer, Heidelberg (2002)
Johnson, S.C.: Hierarchical clustering schemes. Psychometrika 32(3), 241–254 (1967)
Kim, E., Park, K., Kim, H., Song, J.: I’ve got your number: Harvesting users’ personal data via contacts sync for the kakaotalk messenger. In: Proceedings of the 15th International Workshop on Information Security Applications (2014)
Kim, E., Park, K., Kim, H., Song, J.: Design and analysis of enumeration attacks on finding friends with phone numbers: A case study with KakaoTalk. Comput. Secur. (in Press, 2015)
Lance, G.N., Williams, W.T.: A general theory of classificatory sorting strategies: 1. hierarchical systems. Comput. J. 9(4), 373–380 (1967)
Landau, S.: Making sense from snowden: what’s significant inthe NSA surveillance revelations. IEEE Secur. Priv. 11(4), 54–63 (2013)
Lee, S.-W., Park, J.-S., Lee, H.-S., Kim, M.-S.: A study on smart-phone traffic analysis. In: Proceedings of the 13th Asia-Pacific Network Operations and Management Symposium (2011)
Müller, M.: Dynamic time warping. In: Information Retrieval for Musicand Motion, pp. 69–84 (2007)
Stöber, T., Frank, M., Schmitt, J., Martinovic, I.: Who do you sync you are?: smartphone fingerprinting via application behaviour. In: Proceedings of the 6th ACM Conference on Security and Privacy in Wireless and Mobile Networks (2013)
Zhang, F., He, W., Liu, X., Bridges, P.G.: Inferring users’ online activities through traffic analysis. In: Proceedings of the 4th ACM Conference on Wireless Network Security (2011)
Acknowledgments
This work was supported in part by the National Research Foundation of Korea (No. 2014R1A1A1003707), the ITRC (IITP-2015-H8501-15-1008, IITP-2015-R0992-15-1006), and the IITP (2014-044-072-003).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Park, K., Kim, H. (2016). Encryption is Not Enough: Inferring User Activities on KakaoTalk with Traffic Analysis. In: Kim, Hw., Choi, D. (eds) Information Security Applications. WISA 2015. Lecture Notes in Computer Science(), vol 9503. Springer, Cham. https://doi.org/10.1007/978-3-319-31875-2_21
Download citation
DOI: https://doi.org/10.1007/978-3-319-31875-2_21
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-31874-5
Online ISBN: 978-3-319-31875-2
eBook Packages: Computer ScienceComputer Science (R0)