AiroIdent – User identification based on analyzing WPA2 encrypted traffic containing search engine interactions

Abstract

\n Most search engines provide search suggestions and autocompletion mechanisms based on the partially typed search string. In order to implement such functionality, frequent requests are being sent to the search engine provider. Recent publications show that there is a risk that the\n user can be identified by observing the TLS encrypted traffic and analyzing the unencrypted meta data. In this paper we extend this approach to the observation of widely used encrypted WiFi networks in order to estimate the potential privacy impact. Without having access to Layer 3 and 4 meta\n data, the main challenge of this approach is the identification of potential requests being sent to the search engine. We use a linear regression-based approach to identify candidate packet sequences for the feature extraction. The evaluation is done in an optimal environment (reduced WiFi-traffic)\n to determine a first tendency and performed using three search engines. In total four different user identification/verification approaches are utilized: M1 identification using a neural network, M2 identification using Manhattan distance, M3 identification using Euclidean distance and M4\n verification using a one-class support vector machine (SVM). Our results show a classification performance for 10 different test subjects is ranging from 13.2% using the one-class SVM (M4) to 64.1% using the neural network (M1) for the identical search engine. In comparison to a group of five\n test subjects it can be seen that M1 provides more scalability in comparison to M2, M3 and M4.\n \n In addition to that, we present potential countermeasures which could help to increase the privacy of the users of a search engine.\n