skip to main content
research-article

Traffic Analysis of Encrypted Messaging Services: Apple iMessage and Beyond

Published: 10 October 2014 Publication History

Abstract

Instant messaging services are quickly becoming the most dominant form of communication among consumers around the world. Apple iMessage, for example, handles over 2 billion messages each day, while WhatsApp claims 16 billion messages from 400 million international users. To protect user privacy, many of these services typically implement end-to-end and transport layer encryption, which are meant to make eavesdropping infeasible even for the service providers themselves. In this paper, however, we show that it is possible for an eavesdropper to learn information about user actions, the language of messages, and even the length of those messages with greater than 96% accuracy despite the use of state-of-the-art encryption technologies simply by observing the sizes of encrypted packets. While our evaluation focuses on Apple iMessage, the attacks are completely generic and we show how they can be applied to many popular messaging services, including WhatsApp, Viber, and Telegram.

References

[1]
Spencer Ackerman and James Ball. Optic Nerve: Millions of Yahoo Webcam Images Intercepted by GCHQ. http://www.theguardian.com/world/2014/feb/27/gchq-nsa-webcam-images-internet-yahoo, February 2014.
[2]
Inc. Apple. iOS Security. http://images.apple.com/iphone/business/docs/iOS_Security_Feb14.pdf, February 2014.
[3]
Agathe Battestini, Vidya Setlur, and Timothy Sohn. A Large Scale Study of Text-Messaging Use. In Proceedings of the 12th Conference on Human Computer Interaction with Mobile Devices and Services, pages 229--238, 2010.
[4]
Marjorie Cohn. NSA Metadata Collection: Fourth Amendment Violation. http://www.huffingtonpost.com/marjorie-cohn/nsa-metadata-collection-f_b_4611211.html, January 2014.
[5]
K.P. Dyer, S.E. Coull, T. Ristenpart, and T. Shrimpton. Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail. In Proceedings of the 33rd IEEE Symposium on Security and Privacy, pages 332--346, May 2012.
[6]
Michael Frister and Martin Kreichgauer. PushProxy: A Man-in-the-Middle Proxy for iOS and OS X Device Push Connections. https://github.com/meeee/pushproxy, May 2013.
[7]
Dan Goodin. Can Apple Read Your iMessages? Ars Deciphers End-to-End Crypto Claims. http://arstechnica.com/security/2013/06/can-apple-read-your-imessages-ars-deciphers-end-to-end-crypto-claims/, June 2013.
[8]
Matthew Green. Can Apple read your iMessages? http://blog.cryptographyengineering.com/2013/06/can-apple-read-your-imessages.html, June 2013.
[9]
Andy Greenberg. Apple Claims It Encrypts iMessages And Facetime So That Even It Can't Decipher Them. http://www.forbes.com/sites/andygreenberg/2013/06/17/apple-claims-it-encrypts-imessages-and-facetime-so-that-even-it-cant-read-them, June 2013.
[10]
Mark Hall, Eibe Frank, Geoffrey Holmes, Bernhard Pfahringer, Peter Reutemann, and Ian H. Witten. The WEKA Data Mining Software: An Update. SIGKDD Explorations, 11(1), 2009.
[11]
Dominik Herrmann, Rolf Wendolsky, and Hannes Federrath. Website Fingerprinting: Attacking Popular Privacy Enhancing Technologies with the Multinomial Naive-Bayes Classifier. In Proceedings of the ACM Workshop on Cloud Computing Security, pages 31--42, November 2009.
[12]
M. Liberatore and B. Levine. Inferring the Source of Encrypted HTTP Connections. In Proceedings of the 13th ACM Conference on Computer and Communications Security, pages 255--263, October 2006.
[13]
Ben Lovejoy. Massive Growth in Apple's Cloud-Based Services Eclipsed by Debate on Financials. http://www.macrumors.com/2013/01/24/massive-growth-in-apples-cloud-based-services-eclipsed-by-debate-on-financials, January 2013.
[14]
Parmy Olson. Watch Out, Facebook: WhatsApp Climbs Past 400 Million Active Users. http://www.forbes.com/sites/parmyolson/2013/12/19/watch-out-facebook-whatsapp-climbs-past-400-million-active-users/, December 2013.
[15]
Andriy Panchenko, Lukas Niessen, Andreas Zinnen, and Thomas Engel. Website Fingerprinting in Onion Routing-based Anonymization Networks. In Proceedings of the Workshop on Privacy in the Electronic Society, pages 103--114, October 2011.
[16]
Q. Sun, D. R. Simon, Y. Wang, W. Russell, V. N. Padmanabhan, and L. Qiu. Statistical Identification of Encrypted Web Browsing Traffic. In Proceedings of the 23rd Annual IEEE Symposium on Security and Privacy, pages 19--31, May 2002.
[17]
Jörg Tiedemann. Parallel Data, Tools and Interfaces in OPUS. In Proceedings of the 8th International Conference on Language Resources and Evaluation, May 2012.
[18]
Andrew M. White, Austin R. Matthews, Kevin Z. Snow, and Fabian Monrose. Phonotactic Reconstruction of Encrypted VoIP Conversations: Hookt on Fon-iks. In Proceedings of the 32nd IEEE Symposium on Security and Privacy, pages 3--18, May 2011.
[19]
C. Wright, L. Ballard, S. Coull, F. Monrose, and G. Masson. Spot Me if You Can: Uncovering Spoken Phrases in Encrypted VoIP Conversations. In Proceedings of the 29th Annual IEEE Symposium on Security and Privacy, pages 35--49, May 2008.
[20]
Charles V. Wright, Scott E. Coull, and Fabian Monrose. Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis. In Proceedings of the 16th Network and Distributed Systems Security Symposium, pages 237--250, February 2009.

Cited By

View all
  • (2024)Lightweight Transformer Model for Mobile Application ClassificationSensors10.3390/s2402056424:2(564)Online publication date: 16-Jan-2024
  • (2024)Understanding Web Fingerprinting with a Protocol-Centric ApproachProceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3678890.3678910(17-34)Online publication date: 30-Sep-2024
  • (2024)TrafficGPT: An LLM Approach for Open-Set Encrypted Traffic ClassificationProceedings of the Asian Internet Engineering Conference 202410.1145/3674213.3674217(26-35)Online publication date: 9-Aug-2024
  • Show More Cited By

Index Terms

  1. Traffic Analysis of Encrypted Messaging Services: Apple iMessage and Beyond

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM SIGCOMM Computer Communication Review
    ACM SIGCOMM Computer Communication Review  Volume 44, Issue 5
    October 2014
    40 pages
    ISSN:0146-4833
    DOI:10.1145/2677046
    Issue’s Table of Contents
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 10 October 2014
    Published in SIGCOMM-CCR Volume 44, Issue 5

    Check for updates

    Author Tags

    1. encryption
    2. privacy
    3. traffic analysis

    Qualifiers

    • Research-article

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)72
    • Downloads (Last 6 weeks)7
    Reflects downloads up to 17 Jan 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)Lightweight Transformer Model for Mobile Application ClassificationSensors10.3390/s2402056424:2(564)Online publication date: 16-Jan-2024
    • (2024)Understanding Web Fingerprinting with a Protocol-Centric ApproachProceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3678890.3678910(17-34)Online publication date: 30-Sep-2024
    • (2024)TrafficGPT: An LLM Approach for Open-Set Encrypted Traffic ClassificationProceedings of the Asian Internet Engineering Conference 202410.1145/3674213.3674217(26-35)Online publication date: 9-Aug-2024
    • (2024)CapsuleFormer: A Capsule and Transformer combined model for Decentralized Application encrypted traffic classificationProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3637664(1418-1429)Online publication date: 1-Jul-2024
    • (2024)Detection and utilization of new-type encrypted network traffic in distributed scenariosEngineering Applications of Artificial Intelligence10.1016/j.engappai.2023.107196127(107196)Online publication date: Jan-2024
    • (2023)RosettaProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620273(625-642)Online publication date: 9-Aug-2023
    • (2023)IoTBeholderProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/35808907:1(1-26)Online publication date: 28-Mar-2023
    • (2023)I Still Know What You Did Last Summer: Inferring Sensitive User Activities on Messaging Applications Through Traffic AnalysisIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.321819120:5(4135-4153)Online publication date: 1-Sep-2023
    • (2023)BehavSniffer: Sniff User Behaviors from the Encrypted Traffic by Traffic Burst Graphs2023 20th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON)10.1109/SECON58729.2023.10287511(456-464)Online publication date: 11-Sep-2023
    • (2023)Identifying Fine-Grained Douyin User Behaviors via Analyzing Encrypted Network Traffic2023 19th International Conference on Mobility, Sensing and Networking (MSN)10.1109/MSN60784.2023.00128(868-875)Online publication date: 14-Dec-2023
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media