Compression is desirable for network applications as it saves bandwidth; however, when data is
compressed before being encrypted, the amount of compression leaks information about the amount
of redundancy in the plaintext. This side channel has led to successful real-world attacks (the CRIME
and BREACH attacks) on web traffic protected by the Transport Layer Security (TLS) protocol. The
general guidance in light of these attacks has been to disable compression, preserving confidentiality
but sacrificing bandwidth. In this paper, we examine two techniques—heuristic separation of secrets
and fixed-dictionary compression—for enabling compression while protecting high-value secrets, such as cookies, from attack. We model the security offered by these techniques and report on the amount of compressibility that they can achieve.
more here.............http://eprint.iacr.org/2014/724.pdf
compressed before being encrypted, the amount of compression leaks information about the amount
of redundancy in the plaintext. This side channel has led to successful real-world attacks (the CRIME
and BREACH attacks) on web traffic protected by the Transport Layer Security (TLS) protocol. The
general guidance in light of these attacks has been to disable compression, preserving confidentiality
but sacrificing bandwidth. In this paper, we examine two techniques—heuristic separation of secrets
and fixed-dictionary compression—for enabling compression while protecting high-value secrets, such as cookies, from attack. We model the security offered by these techniques and report on the amount of compressibility that they can achieve.
more here.............http://eprint.iacr.org/2014/724.pdf