INSTANT MESSAGE TRAFFIC META-DATA AND ITS SUSCEPTIBILITY TO TRAFFIC ANALYSIS

Abstract

Instant Message (IM) applications are commonly used by both civilian and DoD personnel for both communication and collaboration. The web-based variants of these applications generally ride encrypted channels for message security. However, these channels may be vulnerable to keystroke timing attacks whereby textual content is determined by the timing of network traffic induced by keyboard events. An example of this induced traffic is the activity notifications common to many of these platforms, indicating when a conversant begins typing. Our aim is to determine whether the network traffic that carries this metadata enables recovering portions of the message or leaks information about the sender's identity. Using a combination of network packet capture analysis and local keystroke logging, we characterize traffic patterns of three widely used web-based IM platforms: Facebook Messaging, Google Hangouts, and Internet Relay Chat (IRC) through the Kiwi IRC web client.