Abstract
Website fingerprinting (WF) attack is a type of traffic analysis technique that extracts the unique fingerprint from the traffic of each website demonstrating that the current privacy protection mechanism provided by HTTPS is still fragile. While prior WF attack methods that extract fingerprints only using the web traffic generated by the first TCP session can be easily compromised by the frequent website updates, we observe that it is still possible to identify a website accurately through fingerprinting the resource loading sequence generated by the multiple initial TCP sessions. We record the multiple TCP sessions by visiting a website and analyze its traffic structure. We find that despite the update of the website, the TCP establishment is always kept unchanged, and such TCP sequence can be used to fingerprint a website. Hence, we build a resource loading tree using the multiple TCP sessions and demonstrates its high precision in recognizing a website even under HTTPS protection. We collect data from 20 websites with a total of 7,326 traces, and show that the accuracy can achieve up to 95.9%.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alexa website ranking. https://www.alexa.com/. Accessed 6 May 2021
Chrome release notes. https://chromereleases.googleblog.com/. Accessed 30 Sep 2021
Chrome resource priorities and scheduling. https://docs.google.com/document/d/1bCDuq9H1ih9iNjgzyAL0gpwNFiEP4TZS-YLRp_RuMlc/. Accessed 17 Aug 2021
Cisco joy. https://github.com/cisco/joy. Accessed 17 Aug 2021
Firefox release notes. https://www.mozilla.org/en-US/firefox/notes/ Accessed 30 Sep 2021
RFC 8446 - the transport layer security (TLS) protocol version 1.3. https://tools.ietf.org/html/rfc8446#section-4.1.2. Accessed 23 Dec 2020
Selenium, automating web applications for testing purposes tools. https://www.selenium.dev/. Accessed 17 Aug 2021
tshark - the wireshark network analyzer. https://www.wireshark.org/docs/man-pages/tshark.html. Accessed 23 Dec 2020
A novel passive website fingerprinting attack on tor using fast Fourier transform. Computer Communications Guildford Then Amsterdam Butterworth Scientific Limited Then Elsevier (2016)
Aminuddin, M.A.I.M., Zaaba, Z.F., Singh, M.K.M., Singh, D.S.M.: A survey on tor encrypted traffic monitoring. Int. J. Adv. Comput. Sci. Appl. 9(8) (2018). https://doi.org/10.14569/IJACSA.2018.090815
Dong, C., Lu, Z., Cui, Z., Liu, B., Chen, K.: MBTree: detecting encryption rats communication using malicious behavior tree. IEEE Trans. Inf. Forensics Secur. 16, 3589–3603 (2021)
Ghaleb, T.A.: Wireless/website traffic analysis amp; fingerprinting: a survey of attacking techniques and countermeasures. In: 2015 International Conference on Cloud Computing (ICCC), pp. 1–7 (2015). https://doi.org/10.1109/CLOUDCOMP.2015.7149665
Hayes, J., Danezis, G.: k-fingerprinting: a robust scalable website fingerprinting technique. In: 25th USENIX Security Symposium (USENIX Security 16), pp. 1187–1203 (2016)
Herrmann, D., Wendolsky, R., Federrath, H.: Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial Nave-Bayes classifier. In: CCS 2009, Cloud Computing Security Workshop (2009)
Panchenko, A., Lanze, F., Zinnen, A., Henze, M., Engel, T.: Website fingerprinting at internet scale. In: Network & Distributed System Security Symposium (2016)
Postel, J.: Transmission control protocol. RFC 793, Internet Engineering Task Force, September 1981. http://www.rfc-editor.org/rfc/rfc793.txt
Shen, M., Liu, Y., Chen, S., Zhu, L., Zhang, Y.: Webpage fingerprinting using only packet length information. In: ICC 2019–2019 IEEE International Conference on Communications (ICC) (2019)
Shen, M., Liu, Y., Zhu, L., Du, X., Hu, J.: Fine-grained webpage fingerprinting using only packet length information of encrypted traffic. IEEE Trans. Inf. Forensics Secur. 16(99), 2046–2059 (2020)
Shen, M., Zhang, J., Zhu, L., Xu, K., Du, X.: Accurate decentralized application identification via encrypted traffic analysis using graph neural networks. IEEE Trans. Inf. Forensics Secur. 16(99), 2367–2380 (2021)
Shi, Y., Matsuura, K.: Fingerprinting attack on the tor anonymity system, pp. 425–438, December 2009
Zhang, Z., Kang, C., Xiong, G., Li, Z.: Deep forest with LRRS feature for fine-grained website fingerprinting with encrypted SSL/TLS. In: Proceedings of the 28th ACM International Conference on Information and Knowledge Management, pp. 851–860. CIKM 2019. Association for Computing Machinery (2019). https://doi.org/10.1145/3357384.3357993
Acknowledgement
This work is supported in part by the National Key Research and Development Program of China No. 2019QY1302; the NSFC-General Technology Basic Research Joint Funds under Grant U1836214; NSFC-61872265; the New Generation of Artificial Intelligence Science and Technology Major Project of Tianjin under 19ZXZNGX00010.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Li, C., Nie, L., Zhao, L. (2021). RLTree: Website Fingerprinting Through Resource Loading Tree. In: Yang, M., Chen, C., Liu, Y. (eds) Network and System Security. NSS 2021. Lecture Notes in Computer Science(), vol 13041. Springer, Cham. https://doi.org/10.1007/978-3-030-92708-0_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-92708-0_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-92707-3
Online ISBN: 978-3-030-92708-0
eBook Packages: Computer ScienceComputer Science (R0)