Shuangshuang Huang,Xiaobo Ma,Huafeng Bian

DOI: https://doi.org/10.1109/dsa52907.2021.00038

2021-01-01

Abstract:Shadowsocks is one of the most popular encryption proxies. It is designed with few defense methods against website fingerprinting attack (WFP). WFP can identify user accessed websites by analyzing Shadowsocks traffic. Existing studies defending Shadowsocks against WFP generally pad or insert packets to minimize statistical differences between accesses to different websites. They can achieve promising denfense effects, yet at the cost of large time delay and bandwidth overhead. Therefore, it is necessary to design an effective and efficient algorithm to defend Shadowsocks against WFP. In this paper, we propose two algorithms, namely, PadS and PadI, which are based on the size and the true distribution of time series of traffic data packets, respectively. The results show that PadI and PadS can substantially degrade the attack performance while reducing bandwidth consumption to 34% and 32%, respectively, and the combination of the two algorithms outperforms existing defense algorithms.

Xi Xiao,Xiang Zhou,Zhenyu Yang,Le Yu,Bin Zhang,Qixu Liu,Xiapu Luo

DOI: https://doi.org/10.1016/j.cose.2023.103577

IF: 5.105

2024-01-01

Computers & Security

Abstract:Website fingerprinting (WF) enables eavesdroppers to identify the website a user is visiting by network surveillance, even if the traffic is protected by anonymous communication technologies such as Tor. To avoid this, several defense schemes have been proposed to protect users from the hazard of website fingerprinting attacks. However, some defenses are defeated by new attacks soon since they can not provide provable security guarantees; some defenses can not be deployed in practice since they incur high bandwidth overhead and latency overhead. In this paper, we survey existing WF defense schemes and make a comprehensive analysis. First, we divide WF defenses into four categories and introduce their principles and characteristics separately. Then, we point out some unreasonable settings in previous works and use a new experimental setting to evaluate WF defenses on a public dataset. We find many WF defenses are not as effective as they claim to be. Besides, we investigate the deployment of WF defenses and discuss some potential problems. Finally, we make some suggestions for researchers to design a feasible WF defense and make suggestions for users to protect their privacy.

Anatoly Shusterman,Zohar Avraham,Eliezer Croitoru,Yarden Haskal,Lachlan Kang,Dvir Levi,Yosef Meltser,Prateek Mittal,Yossi Oren,Yuval Yarom

DOI: https://doi.org/10.1109/tdsc.2020.2988369

2020-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Website fingerprinting attacks use statistical analysis on network traffic to compromise user privacy. The classical attack model used to evaluate website fingerprinting attacks assumes an on-path adversary, who observes traffic traveling between the user's computer and the network. In this article we investigate a different attack model, in which the adversary sends JavaScript code to the target user's computer. This code mounts a cache side-channel attack to identify other websites being browsed. Using machine learning techniques to classify traces of cache activity, we achieve high classification accuracy in both the open-world and the closed-world models. Our attack is more resistant than network-based fingerprinting to the effects of response caching, and resilient both to network-based defenses and to side-channel countermeasures. We carry out a real-world evaluation of several aspects of our attack, exploring the impact of the changes in websites and browsers over time, as well as of the attacker's ability to guess the software and hardware configuration of the target user's computer. To protect against cache-based website fingerprinting, new defense mechanisms must be introduced to privacy-sensitive browsers and websites. We investigate one such mechanism, and show that it reduces the effectiveness of the attack and completely eliminates it when used in the Tor Browser.

computer science, information systems, software engineering, hardware & architecture

Yuwen Qian,Guodong Huang,Chuan Ma,Ming Ding,Long Yuan,Zi Chen,Kai Wang

DOI: https://doi.org/10.1109/tifs.2024.3432404

IF: 7.231

2024-01-01

IEEE Transactions on Information Forensics and Security

Abstract:The act of website fingerprinting, which involves monitoring traffic features to infer private user information, has attracted much attention in the research community recently. While previous studies primarily focused on classifying fingerprint information using clean traffic data, it remains a challenging task to apply fingerprinting to noisy traffic data or evade defensive measures. This work aims to address the challenges associated with website fingerprinting attacks and defense strategies in the presence of noise. Specifically, we introduce two novel attack methods: filter-assisted attack and augmentation-assisted attack. The first attack method leverages packet size distribution to effectively filter out noise, while the second one trains a classification model by incorporating artificial noise. Compared with the traditional website fingerprinting attacks, these proposed attack methods demonstrate superior resilience to noise and exceptional evasion capabilities against defensive measures (e.g., random packet defense, Walkie-Talkie, WTF-PAD, etc.). In parallel, we propose a list-assisted defense strategy that strikes a balance between defense performance and network overhead. This defense mechanism offers effective protection against website fingerprinting attacks while minimizing the impact on network performance. In our experiments, we employ a comprehensive dataset encompassing TCP/IP traffic with packet size information collected from three prominent web browsers, as well as Tor cell traffic without packet size information obtained from a Tor browser. We thoroughly evaluate our proposed methods in both closed-world and open-world scenarios. Our experimental results shed valuable insights into the influence of noise and the efficacy of different attack and defense approaches on website fingerprinting.

Xun Gong,Negar Kiyavash,Nabíl Schear,Nikita Borisov

DOI: https://doi.org/10.48550/arXiv.1109.0097

2011-09-01

Abstract:Recent work in traffic analysis has shown that traffic patterns leaked through side channels can be used to recover important semantic information. For instance, attackers can find out which website, or which page on a website, a user is accessing simply by monitoring the packet size distribution. We show that traffic analysis is even a greater threat to privacy than previously thought by introducing a new attack that can be carried out remotely. In particular, we show that, to perform traffic analysis, adversaries do not need to directly observe the traffic patterns. Instead, they can gain sufficient information by sending probes from a far-off vantage point that exploits a queuing side channel in routers. To demonstrate the threat of such remote traffic analysis, we study a remote website detection attack that works against home broadband users. Because the remotely observed traffic patterns are more noisy than those obtained using previous schemes based on direct local traffic monitoring, we take a dynamic time warping (DTW) based approach to detecting fingerprints from the same website. As a new twist on website fingerprinting, we consider a website detection attack, where the attacker aims to find out whether a user browses a particular web site, and its privacy implications. We show experimentally that, although the success of the attack is highly variable, depending on the target site, for some sites very low error rates. We also show how such website detection can be used to deanonymize message board users.

Cryptography and Security

Zhongliu Zhuo,Yang Zhang,Zhi-li Zhang,Xiaosong Zhang,Jingzhong Zhang

DOI: https://doi.org/10.1109/tifs.2017.2762825

IF: 7.231

2017-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Website fingerprinting attacks can reveal the receiver in anonymous networks and cause a potential threat to users’ privacy. Previous studies focus more on identifying individual webpages. They also neglect the hyperlink transition information, because it induces extra “noise” to classify the original webpage. However, it is a common scenario that the users surf a website by clicking hyperlinks on the webpage. In this paper, we propose a website modeling method based on profile hidden Markov model (PHMM) which is widely used in bioinformatics for DNA sequencing analysis. Our technique explicitly accounts for possible hyperlink transitions made by users when fingerprinting a target website, and therefore can work in a more realistic environment than existing methods. Using SSH and Shadowsocks, we collect various data sets and conduct extensive evaluations. We also show that our approach could work both in webpage and website identification in a closed world setting. The experimental results demonstrate that our website fingerprinting is more accurate and robust than existing methods.

Guodong Huang,Chuan Ma,Ming Ding,Yuwen Qian,Chunpeng Ge,Liming Fang,Zhe Liu

DOI: https://doi.org/10.48550/arXiv.2302.13763

2023-02-27

Abstract:Website fingerprinting attack is an extensively studied technique used in a web browser to analyze traffic patterns and thus infer confidential information about users. Several website fingerprinting attacks based on machine learning and deep learning tend to use the most typical features to achieve a satisfactory performance of attacking rate. However, these attacks suffer from several practical implementation factors, such as a skillfully pre-processing step or a clean dataset. To defend against such attacks, random packet defense (RPD) with a high cost of excessive network overhead is usually applied. In this work, we first propose a practical filter-assisted attack against RPD, which can filter out the injected noises using the statistical characteristics of TCP/IP traffic. Then, we propose a list-assisted defensive mechanism to defend the proposed attack method. To achieve a configurable trade-off between the defense and the network overhead, we further improve the list-based defense by a traffic splitting mechanism, which can combat the mentioned attacks as well as save a considerable amount of network overhead. In the experiments, we collect real-life traffic patterns using three mainstream browsers, i.e., Microsoft Edge, Google Chrome, and Mozilla Firefox, and extensive results conducted on the closed and open-world datasets show the effectiveness of the proposed algorithms in terms of defense accuracy and network efficiency.

Cryptography and Security,Machine Learning

Shuai Li,Huajun Guo,Nicholas Hopper

DOI: https://doi.org/10.48550/arXiv.1710.06080

2019-06-05

Abstract:Tor provides low-latency anonymous and uncensored network access against a local or network adversary. Due to the design choice to minimize traffic overhead (and increase the pool of potential users) Tor allows some information about the client's connections to leak. Attacks using (features extracted from) this information to infer the website a user visits are called Website Fingerprinting (WF) attacks. We develop a methodology and tools to measure the amount of leaked information about a website. We apply this tool to a comprehensive set of features extracted from a large set of websites and WF defense mechanisms, allowing us to make more fine-grained observations about WF attacks and defenses.

Cryptography and Security

Chuxu Song,Zining Fan,Hao Wang,Richard Martin

2024-07-28

Abstract:Website fingerprinting (WF) attacks identify the websites visited over anonymized connections by analyzing patterns in network traffic flows, such as packet sizes, directions, or interval times using a machine learning classifier. Previous studies showed WF attacks achieve high classification accuracy. However, several issues call into question whether existing WF approaches are realizable in practice and thus motivate a re-exploration. Due to Tor's performance issues and resulting poor browsing experience, the vast majority of users opt for Virtual Private Networking (VPN) despite VPNs weaker privacy protections. Many other past assumptions are increasingly unrealistic as web technology advances. Our work addresses several key limitations of prior art. First, we introduce a new approach that classifies entire websites rather than individual web pages. Site-level classification uses traffic from all site components, including advertisements, multimedia, and single-page applications. Second, our Convolutional Neural Network (CNN) uses only the jitter and size of 500 contiguous packets from any point in a TCP stream, in contrast to prior work requiring heuristics to find page boundaries. Our seamless approach makes eavesdropper attack models realistic. Using traces from a controlled browser, we show our CNN matches observed traffic to a website with over 90% accuracy. We found the training traffic quality is critical as classification accuracy is significantly reduced when the training data lacks variability in network location, performance, and clients' computational capability. We enhanced the base CNN's efficacy using domain adaptation, allowing it to discount irrelevant features, such as network location. Lastly, we evaluate several defensive strategies against seamless WF attacks.

Cryptography and Security

Xiaobo Ma,Jian Qu,Mawei Shi,Bingyu An,Jianfeng Li,Xiapu Luo,Junjie Zhang,Zhenhua Li,Xiaohong Guan

DOI: https://doi.org/10.1109/tnet.2023.3337270

2023-01-01

IEEE/ACM Transactions on Networking

Abstract:Website fingerprinting (WFP) could infer which websites a user is accessing via an encrypted proxy by passively inspecting the traffic characteristics of accessing different websites between the user and the proxy. Designing WFP attacks is crucial for understanding potential vulnerabilities of encrypted proxies, which guides the design of defensive measures against WFP. In this paper, we design a novel WFP attack against (popular) encrypted proxies that relay connections between the user and the proxy individually (e.g., Shadowsocks, V2Ray), and accordingly implement lightweight countermeasures to effectively defend against the attack. The attack features flow-context-aware and is both accurate and immediately deployable, because it fully considers the obstacle (dubbed training-testing asymmetry) that fundamentally limits the practicability of WFP and addresses the obstacle with built-in spatial-temporal flow correlation mechanism. We implement the countermeasure as middleboxes installed on both the client and server sides of encrypted proxies, without altering any existing infrastructures for compatibility. The middleboxes can obfuscate a website's flow regularities across different visits. Large-scale experiments in real-world scenarios demonstrate that the WFP attack can generally achieve a detection rate above 98.8% with a false positive rate below 0.2%. The countermeasure forces the attack's false positive rate to be above 0.2 and true positive rate to be below 0.9 with just five persistent TCP connections while introducing very limited bandwidth overhead (e.g., 0.49%) and almost-zero additional network latency.

Blerim Rexha,Arbena Musa,Kamer Vishi,Edlira Martiri

2024-09-02

Abstract:Parallel to our physical activities our virtual presence also leaves behind our unique digital fingerprints, while navigating on the Internet. These digital fingerprints have the potential to unveil users' activities encompassing browsing history, utilized applications, and even devices employed during these engagements. Many Internet users tend to use web browsers that provide the highest privacy protection and anonymization such as Tor. The success of such privacy protection depends on the Tor feature to anonymize end-user IP addresses and other metadata that constructs the website fingerprint. In this paper, we show that using the newest machine learning algorithms an attacker can deanonymize Tor traffic by applying such techniques. In our experimental framework, we establish a baseline and comparative reference point using a publicly available dataset from Universidad Del Cauca, Colombia. We capture network packets across 11 days, while users navigate specific web pages, recording data in .pcapng format through the Wireshark network capture tool. Excluding extraneous packets, we employ various machine learning algorithms in our analysis. The results show that the Gradient Boosting Machine algorithm delivers the best outcomes in binary classification, achieving an accuracy of 0.8363. In the realm of multi-class classification, the Random Forest algorithm attains an accuracy of 0.6297.

Cryptography and Security

Haoyu Yin,Yingjian Liu,Zhongwen Guo,Yu Wang

DOI: https://doi.org/10.26599/tst.2024.9010073

2024-12-11

Tsinghua Science & Technology

Abstract:Recent advancements in deep learning (DL) have introduced new security challenges in the form of side-channel attacks. A prime example is the website fingerprinting attack (WFA), which targets anonymity networks like Tor, enabling attackers to unveil users' protected browsing activities from traffic data. While state-of-the-art WFAs have achieved remarkable results, they often rely on unrealistic single-website assumptions. In this paper, we undertake an exhaustive exploration of multi-tab website fingerprinting attacks (MTWFAs) in more realistic scenarios. We delve into MTWFAs and introduce MTWFA-SEG, a task involving the fine-grained packet-level classification within multi-tab Tor traffic. By employing deep learning models, we reveal their potential to threaten user privacy by discerning visited websites and browsing session timing. We design an improved fully convolutional model for MTWFA-SEG, which are enhanced by both network architecture advances and traffic data instincts. In the evaluations on interlocking browsing datasets, the proposed models achieve remarkable accuracy rates of over 68.6%, 71.8%, and 76.1% in closed, imbalanced open, and balanced open-world settings, respectively. Furthermore, the proposed models exhibit substantial robustness across diverse train-test settings. We further validate our designs in a coarse-grained task, MTWFA-MultiLabel, where they not only achieve state-of-the-art performance but also demonstrate high robustness in challenging situations.

computer science, information systems,engineering, electrical & electronic, software engineering

Qilei Yin,Zhuotao Liu,Qi Li,Tao Wang,Qian Wang,Chao Shen,Yixiao Xu

DOI: https://doi.org/10.1109/tdsc.2021.3104869

2021-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:In Website Fingerprinting (WF) attack, a local passive eavesdropper utilizes network flow information to identify which web pages a user is browsing. Previous researchers have demonstrated the feasibility and effectiveness of WF attacks under a strong Single Page Assumption: the network flow extracted by the adversary belongs to a single web page. In reality, the assumption may not hold because users tend to open multiple tabs simultaneously (or within a short period of time) so that their network traffic is mixed. In this article, we propose an automated multi-tab Website Fingerprinting attack that is able to accurately classify websites regardless of the number of simultaneously opened pages. Our design is powered by two innovative designs. First, we develop a split point classification method to dynamically identify the split point between the first page and its subsequent pages. As a result, the network traffic before the split point is solely generated for the first page. Then, we propose a new chunk-based WF classifier to infer the websites based on the initial chunk of clean traffic. For both classifiers, we apply automated feature selection to select a concise yet representative feature set. We implement a prototype of our design and perform extensive evaluations using SSH and Tor-based datasets to demonstrate the effectiveness of both our system components individually and the integrated system as a whole.

Meng Shen,Kexin Ji,Zhenbo Gao,Qi Li,Liehuang Zhu,Ke Xu

2023-01-01

Abstract:Anonymity networks, e.g., Tor, are vulnerable to various website fingerprinting (WF) attacks, which allows attackers to perceive user privacy on these networks. However, the defenses developed recently can effectively interfere with WF attacks, e.g., by simply injecting dummy packets. In this paper, we propose a novel WF attack called Robust Fingerprinting (RF), which enables an attacker to fingerprint the Tor traffic under various defenses. Specifically, we develop a robust traffic representation method that generates Traffic Aggregation Matrix (TAM) to fully capture key informative features leaked from Tor traces. By utilizing TAM, an attacker can train a CNN-based classifier that learns common high-level traffic features uncovered by different defenses. We conduct extensive experiments with public real-world datasets to compare RF with state-of-the-art (SOTA) WF attacks. The closed-and open-world evaluation results demonstrate that RF significantly outperforms the SOTA attacks. In particular, RF can effectively fingerprint Tor traffic under the SOTA defenses with an average accuracy improvement of 8.9% over the best existing attack (i.e., Tik-Tok).

Ishan Karunanayake,Jiaojiao Jiang,Nadeem Ahmed,Sanjay K. Jha

DOI: https://doi.org/10.1109/tifs.2023.3342607

IF: 7.231

2024-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Amidst the rapid technological advancements of today, privacy and anonymity are facing increasing threats. Tor, one of the most widely used anonymity networks, enables users to browse the Internet without their activities being tracked. Extensive research has been conducted on both attacking and defending the anonymity of Tor users. Website Fingerprinting (WF) is one of the popular de-anonymisation techniques employed against Tor users. This paper presents two novel WF techniques based on Graph Neural Networks (GNNs) to explore two relatively understudied avenues of WF: the fingerprintability of Decentralised Applications (DApps) and the impact of reload traffic on WF. Due to the lack of publicly available datasets for DApp traffic and reload traffic suitable for WF, we collected five new datasets for our experiments. Our findings reveal that GNN-based techniques surpass the performance of state-of-the-art WF techniques when reload traffic is used. Meanwhile, certain high-performing state-of-the-art techniques exhibit a significant reduction in accuracy, more than 40%, when reload traffic is used instead of homepage traffic. Additionally, we identify that DApps are less susceptible to fingerprinting than conventional websites, leading to a 25% decrease in accuracy in some state-of-the-art WF techniques. While confirming prior research findings that GNN-based techniques can outperform existing techniques when accessing DApps via Chrome, we further demonstrate that using Tor to access DApps makes them even more difficult to fingerprint. Finally, we expect our datasets, four of which lack publicly available alternatives, will prove invaluable for future research.

computer science, theory & methods,engineering, electrical & electronic

Xiaobo Ma,Mawei Shi,Bingyu An,Jianfeng Li,Daniel Xiapu Luo,Junjie Zhang,Xiaohong Guan

DOI: https://doi.org/10.1109/infocom42981.2021.9488676

2021-01-01

Abstract:Website fingerprinting (WFP) could infer which websites a user is accessing via an encrypted proxy by passively inspecting the traffic between the user and the proxy. The key to WFP is designing a classifier capable of distinguishing traffic characteristics of accessing different websites. However, when deployed in real-life networks, a well-trained classifier may face a significant obstacle of training-testing asymmetry, which fundamentally limits its practicability. Specifically, although pure traffic samples can be collected in a controlled (clean) testbed for training, the classifier may fail to extract such pure traffic samples as its input from raw complicated traffic for testing. In this paper, we are interested in encrypted proxies that relay connections between the user and the proxy individually (e.g., Shadowsocks), and design a context-aware system using built-in spatial-temporal flow correlation to address the obstacle. Extensive experiments demonstrate that our system does not only enable WFP against a popular type of encrypted proxies practical, but also achieves better performance than ideally training/testing pure samples.

Xiaoyun Yuan,Tengyao Li,Lingling Li,Ruixiang Li,Zhiquan Wang,Xiangyang Luo

DOI: https://doi.org/10.1016/j.comnet.2024.110217

IF: 5.493

2024-01-29

Computer Networks

Abstract:Website Fingerprinting (WF) attacks on Tor are exploited to analyze encrypted traffic traces and infer the visited websites by analyzing traffic traces between users and the Tor entry guard. State-of-the-art WF methods have demonstrated impressive results in simulation experiments against Tor-protected network traffic. However, existing WF attacks have significant limitations in real-world scenarios due to potential mismatches between the data distribution in the experimental environment and that of the real world. Additionally, it is often unknown in advance which sites a client will access. In this paper, we propose a WF enhancing technique that leverages difficult-to-classify samples to train a website classifier, which exploits hard samples to train a website classifier using their distinctive features. We conduct a more detailed analysis of the impact that unbalanced data on WF attacks. In order to improve the performance, we extract misclassified traces from the unmonitored sites as the hard samples and train them using a triplet network structure to enhance their feature representation. By utilizing this method, an attacker can train a classifier that learns more features from the open world, potentially improving the accuracy and effectiveness of website fingerprinting techniques. This approach allows for a more comprehensive understanding of website characteristics and better discrimination between monitored and unmonitored sites. The experimental results demonstrate that the proposed technique has a substantial positive impact on the precision of misidentified traffic traces. The best recall rate achieved is 98.43%, while the average recall for hard samples is an impressive 93.28%. These results collectively highlight the effectiveness and reliability of the proposed technique in accurately identifying challenging traffic samples.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Anatoly Shusterman,Lachlan Kang,Yarden Haskal,Yosef Meltser,Prateek Mittal,Yossi Oren,Yuval Yarom

DOI: https://doi.org/10.48550/arXiv.1811.07153

2019-02-21

Abstract:Website fingerprinting attacks, which use statistical analysis on network traffic to compromise user privacy, have been shown to be effective even if the traffic is sent over anonymity-preserving networks such as Tor. The classical attack model used to evaluate website fingerprinting attacks assumes an on-path adversary, who can observe all traffic traveling between the user's computer and the Tor network. In this work we investigate these attacks under a different attack model, in which the adversary is capable of running a small amount of unprivileged code on the target user's computer. Under this model, the attacker can mount cache side-channel attacks, which exploit the effects of contention on the CPU's cache, to identify the website being browsed. In an important special case of this attack model, a JavaScript attack is launched when the target user visits a website controlled by the attacker. The effectiveness of this attack scenario has never been systematically analyzed, especially in the open-world model which assumes that the user is visiting a mix of both sensitive and non-sensitive sites. In this work we show that cache website fingerprinting attacks in JavaScript are highly feasible, even when they are run from highly restrictive environments, such as the Tor Browser. Specifically, we use machine learning techniques to classify traces of cache activity. Unlike prior works, which try to identify cache conflicts, our work measures the overall occupancy of the last-level cache. We show that our approach achieves high classification accuracy in both the open-world and the closed-world models. We further show that our techniques are resilient both to network-based defenses and to side-channel countermeasures introduced to modern browsers as a response to the Spectre attack.

Cryptography and Security,Machine Learning

Payap Sirinam,Mohsen Imani,Marc Juarez,Matthew Wright

DOI: https://doi.org/10.48550/arXiv.1801.02265

2018-08-20

Abstract:Website fingerprinting enables a local eavesdropper to determine which websites a user is visiting over an encrypted connection. State-of-the-art website fingerprinting attacks have been shown to be effective even against Tor. Recently, lightweight website fingerprinting defenses for Tor have been proposed that substantially degrade existing attacks: WTF-PAD and Walkie-Talkie. In this work, we present Deep Fingerprinting (DF), a new website fingerprinting attack against Tor that leverages a type of deep learning called Convolutional Neural Networks (CNN) with a sophisticated architecture design, and we evaluate this attack against WTF-PAD and Walkie-Talkie. The DF attack attains over 98% accuracy on Tor traffic without defenses, better than all prior attacks, and it is also the only attack that is effective against WTF-PAD with over 90% accuracy. Walkie-Talkie remains effective, holding the attack to just 49.7% accuracy. In the more realistic open-world setting, our attack remains effective, with 0.99 precision and 0.94 recall on undefended traffic. Against traffic defended with WTF-PAD in this setting, the attack still can get 0.96 precision and 0.68 recall. These findings highlight the need for effective defenses that protect against this new attack and that could be deployed in Tor.

Cryptography and Security

Xiang Cai,Rishab Nithyanand,Rob Johnson

DOI: https://doi.org/10.48550/arXiv.1401.6022

2014-01-23

Abstract:Website fingerprinting attacks enable an adversary to infer which website a victim is visiting, even if the victim uses an encrypting proxy, such as Tor. Previous work has shown that all proposed defenses against website fingerprinting attacks are ineffective. This paper advances the study of website fingerprinting attacks and defenses in two ways. First, we develop bounds on the trade-off between security and bandwidth overhead that any fingerprinting defense scheme can achieve. This enables us to compare schemes with different security/overhead trade-offs by comparing how close they are to the lower bound. We then refine, implement, and evaluate the Congestion Sensitive BuFLO scheme outlined by Cai, et al. CS-BuFLO, which is based on the provably-secure BuFLO defense proposed by Dyer, et al., was not fully-specified by Cai, et al, but has nonetheless attracted the attention of the Tor developers. Our experiments find that CS-BuFLO has high overhead (around 2.3-2.8x) but can get 6x closer to the bandwidth/security trade-off lower bound than Tor or plain SSH.

Cryptography and Security