Prexion: Probabilistic Matching-Based Compression to Mitigate Compression Side Channel Attacks Against HTTPS
Web servers typically use data compression and encryption to optimize data transmission and protect user privacy. However, compression can inadvertently introduce vulnerabilities to compression side channel attacks (CSCA), which exploit the relationship between data redundancy and compression size t...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/11004001/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Web servers typically use data compression and encryption to optimize data transmission and protect user privacy. However, compression can inadvertently introduce vulnerabilities to compression side channel attacks (CSCA), which exploit the relationship between data redundancy and compression size to infer sensitive information. In this paper, we introduce Prexion, a novel compression system designed to counter CSCA while maintaining high compression efficiency. Prexion leverages a probabilistic mechanism to selectively include or exclude overlapping sequences in web page data during compression, making it difficult for attackers to exploit patterns in compressed sizes. This approach preserves the benefits of compression without compromising security. Through extensive experiments with real-world web pages, Prexion demonstrates superior performance, achieving up to 4.9 times better compression ratios than the current state-of-the-art solution, Debreach, for web pages with significant amounts of sensitive data. Furthermore, Prexion ensures robust security, with attack success rates consistently below 5% under recommended configurations. |
|---|---|
| ISSN: | 2169-3536 |