Xiang Cai
ABSTRACT
Fingerprinting attacks have emerged as a serious threat against privacy mechanisms, such as SSL, Tor, and encrypting tunnels. Researchers have proposed numerous attacks and defenses, and the Tor project now includes both network- and browser-level defenses against these attacks, but published defenses have high overhead, poor security, or both.
This paper (1) systematically analyzes existing attacks and defenses to understand which traffic features convey the most information (and therefore are most important for defenses to hide), (2) proves lower bounds on the bandwidth costs of any defense that achieves a given level of security, (3) presents a mathematical framework for evaluating performance of fingerprinting attacks and defenses in the open-world, given their closed-world performance, and (4) presents a new defense, Tamaraw, that achieves a better security/bandwidth trade-off than any previously proposed defense.
Our feature-based analysis provides clear directions to defense designers on which features need to be hidden. Our lower bounds on bandwidth costs help us understand the limits of fingerprinting defenses and to determine how close we are to "success". Our open-world/close-world connection enables researchers to perform simpler closed-world experiments and predict open-world performance. Tamaraw provides an "existence proof" for efficient, secure defenses.
- Alexa -- The Web Information Company. www.alexa.com.Google Scholar
- G. D. Bissias, M. Liberatore, D. Jensen, and B. N. Levine. Privacy Vulnerabilities in Encrypted HTTP Streams. In Privacy Enhancing Technologies, pages 1--11. Springer, 2006. Google ScholarDigital Library
- X. Cai, X. Zhang, B. Joshi, and R. Johnson. Touching from a Distance: Website Fingerprinting Attacks and Defenses. In Proceedings of the 2012 ACM Conference on Computer and Communications Security, pages 605--616, 2012. Google ScholarDigital Library
- S. Chen, R. Wang, X. Wang, and K. Zhang. Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow. In Security and Privacy (SP), 2010 IEEE Symposium on, pages 191--206. IEEE, 2010. Google ScholarDigital Library
- K. Dyer, S. Coull, T. Ristenpart, and T. Shrimpton. Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail. In Proceedings of the 2012 IEEE Symposium on Security and Privacy, pages 332--346, 2012. Google ScholarDigital Library
- D. Herrmann, R. Wendolsky, and H. Federrath. Website Fingerprinting: Attacking Popular Privacy Enhancing Technologies with the Multinomial Naıve-Bayes Classifier. In Proceedings of the 2009 ACM workshop on Cloud computing security, pages 31--42, 2009. Google ScholarDigital Library
- A. J. Hoffman and J. B. Kruskal. Integral boundary points of convex polyhedra. In M. Jünger, T. M. Liebling, D. Naddef, G. L. Nemhauser, W. R. Pulleyblank, G. Reinelt, G. Rinaldi, and L. A. Wolsey, editors, 50 Years of Integer Programming 1958--2008, pages 49--76. Springer Berlin Heidelberg, 2010.Google Scholar
- I. Keller and C. Tompkins. An Extension of a Theorem of Dantzig's. Linear Inequalities and Related Systems, Annals of Mathematics Studies, 38:247--254, 1956.Google Scholar
- M. Liberatore and B. Levine. Inferring the Source of Encrypted HTTP Connections. In Proceedings of the 13th ACM Conference on Computer and Communications Security, pages 255--263, 2006. Google ScholarDigital Library
- L. Lu, E.-C. Chang, and M. C. Chan. Website Fingerprinting and Identification Using Ordered Feature Sequences. In Computer Security--ESORICS 2010, pages 199--214. Springer, 2010. Google ScholarDigital Library
- X. Luo, P. Zhou, E. W. Chan, W. Lee, R. K. Chang, and R. Perdisci. HTTPOS: Sealing Information Leaks with Browser-side Obfuscation of Encrypted Flows. In NDSS, 2011.Google Scholar
- A. Panchenko, L. Niessen, A. Zinnen, and T. Engel. Website Fingerprinting in Onion Routing Based Anonymization Networks. In Proceedings of the 10th ACM Workshop on Privacy in the Electronic Society, pages 103--114, 2011. Google ScholarDigital Library
- M. Perry. Experimental Defense for Website Traffic Fingerprinting. https://blog.torproject.org/blog/experimental-defense-website-traffic-fingerprinting, September 2011. Accessed Feb.\ 2013.Google Scholar
- M. Perry. A critique of website fingerprinting attacks. https://blog.torproject.org/blog/critique-website-traffic-fingerprinting-attacks, November 2013.Google Scholar
- M. Perry, E. Clark, and S. Murdoch. The Design and Implementation of the Tor Browser {DRAFT}. https://www.torproject.org/projects/torbrowser/design/. Accessed Oct.\ 2013.Google Scholar
- P. Seymour. Decomposition of regular matroids. Journal of Combinatorial Theory, Series B, 28:305--359, 1980.Google ScholarCross Ref
- T. Wang and I. Goldberg. Comparing website fingerprinting attacks and defenses. Technical Report 2013--30, CACR, 2013. http://cacr.uwaterloo.ca/techreports/2013/cacr2013--30.pdf.Google Scholar
- T. Wang and I. Goldberg. Improved Website Fingerprinting on Tor. In Proceedings of the 12th ACM Workshop on Privacy in the Electronic Society, 2013. Google ScholarDigital Library
- C. Wright, S. Coull, and F. Monrose. Traffic Morphing: An Efficient Defense against Statistical Traffic Analysis. In Proceedings of the 16th Network and Distributed Security Symposium, pages 237--250, 2009.Google Scholar
Index Terms
- A Systematic Approach to Developing and Evaluating Website Fingerprinting Defenses
Recommendations
CS-BuFLO: A Congestion Sensitive Website Fingerprinting Defense
WPES '14: Proceedings of the 13th Workshop on Privacy in the Electronic SocietyWebsite fingerprinting attacks enable an adversary to infer which website a victim is visiting, even if the victim uses an encrypting proxy, such as Tor. Previous work has shown that all proposed defenses against website fingerprinting attacks are ...
Subverting website fingerprinting defenses with robust traffic representation
SEC '23: Proceedings of the 32nd USENIX Conference on Security SymposiumAnonymity networks, e.g., Tor, are vulnerable to various website fingerprinting (WF) attacks, which allows attackers to perceive user privacy on these networks. However, the defenses developed recently can effectively interfere with WF attacks, e.g., by ...
Zero-delay lightweight defenses against website fingerprinting
SEC'20: Proceedings of the 29th USENIX Conference on Security SymposiumWebsite Fingerprinting (WF) attacks threaten user privacy on anonymity networks because they can be used by network surveillants to identify the webpage being visited by extracting features from network traffic. A number of defenses have been put forward ...
Comments