Depending on HTTP/2 for Privacy? Good Luck!

摘要

The new multi-threaded server operation feature in HTTP/2 results in multiplexed object transmission. This obfuscates the sizes of the encrypted objects, based on which passive network eavesdroppers inferred sensitive information. Therefore, recent works speculate that HTTP/2 can have an unanticipated positive effect on communication privacy in addition to the privacy provided by TLS/SSL. Orthogonal to these works, we show that it is possible for an on-path passive eavesdropper to completely break the privacy offered by the schemes that leverage HTTP/2 multiplexing. Our adversary works based on the following intuition: restricting only one HTTP/2 object to be in the server queue at any point of time will eliminate multiplexing of that object and any privacy benefit thereof. Our adversary achieves this by altering network parameters such as jitter, bandwidth and packet drop rate to ensure that no new client request reaches the server while it is serving a previously requested object. Our adversary was able to break the privacy of a real-world HTTP/2 website 90% of the time. To the best of our knowledge, this is the first privacy attack on HTTP/2.