Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

On Realistically Attacking Tor with Website Fingerprinting

On Realistically Attacking Tor with Website Fingerprinting Abstract Website fingerprinting allows a local, passive observer monitoring a web-browsing client’s encrypted channel to determine her web activity. Previous attacks have shown that website fingerprinting could be a threat to anonymity networks such as Tor under laboratory conditions. However, there are significant differences between laboratory conditions and realistic conditions. First, in laboratory tests we collect the training data set together with the testing data set, so the training data set is fresh, but an attacker may not be able to maintain a fresh data set. Second, laboratory packet sequences correspond to a single page each, but for realistic packet sequences the split between pages is not obvious. Third, packet sequences may include background noise from other types of web traffic. These differences adversely affect website fingerprinting under realistic conditions. In this paper, we tackle these three problems to bridge the gap between laboratory and realistic conditions for website fingerprinting. We show that we can maintain a fresh training set with minimal resources. We demonstrate several classification-based techniques that allow us to split full packet sequences effectively into sequences corresponding to a single page each. We describe several new algorithms for tackling background noise. With our techniques, we are able to build the first website fingerprinting system that can operate directly on packet sequences collected in the wild. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Proceedings on Privacy Enhancing Technologies de Gruyter

On Realistically Attacking Tor with Website Fingerprinting

Download PDF
16 pages

Loading next page...
 
/lp/de-gruyter/on-realistically-attacking-tor-with-website-fingerprinting-h6YkDZxetz
Publisher
de Gruyter
Copyright
Copyright © 2016 by the
ISSN
2299-0984
eISSN
2299-0984
DOI
10.1515/popets-2016-0027
Publisher site
See Article on Publisher Site

Abstract

Abstract Website fingerprinting allows a local, passive observer monitoring a web-browsing client’s encrypted channel to determine her web activity. Previous attacks have shown that website fingerprinting could be a threat to anonymity networks such as Tor under laboratory conditions. However, there are significant differences between laboratory conditions and realistic conditions. First, in laboratory tests we collect the training data set together with the testing data set, so the training data set is fresh, but an attacker may not be able to maintain a fresh data set. Second, laboratory packet sequences correspond to a single page each, but for realistic packet sequences the split between pages is not obvious. Third, packet sequences may include background noise from other types of web traffic. These differences adversely affect website fingerprinting under realistic conditions. In this paper, we tackle these three problems to bridge the gap between laboratory and realistic conditions for website fingerprinting. We show that we can maintain a fresh training set with minimal resources. We demonstrate several classification-based techniques that allow us to split full packet sequences effectively into sequences corresponding to a single page each. We describe several new algorithms for tackling background noise. With our techniques, we are able to build the first website fingerprinting system that can operate directly on packet sequences collected in the wild.

Journal

Proceedings on Privacy Enhancing Technologiesde Gruyter

Published: Oct 1, 2016

References

  • of SSL Encrypted Web Browsing http www cs berkeley edu daw teaching cs projects final reports ronathan heyning ps
    Cheng
  • Website Fingerprinting and Identification Using Ordered Feature Sequences In - pages
    Lu
  • Understanding web browsing behaviors through Weibull analysis of dwell time In Proceedings of the rd international ACM Conference pages
    Liu
  • Web traffic modeling exploiting TCP connections temporal clustering through HTML - REDUCE Network
    Molina
  • Circuit fingerprinting attacks : passive deanonymization of tor hidden services In th pages
    Kwon
  • Website Fingerprinting and Identification Using Ordered Feature Sequences In - pages
    Lu
  • Statistical Identification of Encrypted Web Browsing In Proceedings of the on and pages
    Sun
  • tool collects nearly everything a user does on the internet http www theguardian com world jul nsa top secret program online data Accessed Feb
    Greenwald
  • Tor Tor Portal https metrics torproject org Accessed Feb
    Metrics
  • Fingerprinting Websites Using In pages
    Hintz
  • of Website Fingerprinting Attacks https blog torproject org blog critique website trafficfingerprinting attacks November Accessed Feb
    Perry
  • Effective Attacks and Provable Defenses for Website Fingerprinting In Proceedings of the rd
    Wang
  • Effective Attacks and Provable Defenses for Website Fingerprinting In Proceedings of the rd
    Wang
  • Critical Evaluation of Website Fingerprinting Attacks In Proceedings of the th ACM Conference on Computer and Communications
    Juarez
  • Tor Tor Portal https metrics torproject org Accessed Feb
    Metrics
  • Touching from a Distance : Website Fingerprinting Attacks and Defenses In Proceedings of the th ACM Conference on Computer and Communications pages
    Cai
  • of SSL Encrypted Web Browsing http www cs berkeley edu daw teaching cs projects final reports ronathan heyning ps
    Cheng
  • Self similarity in traffic evidence possible causes Transactions on
    Crovella
  • Privacy Vulnerabilities in Encrypted HTTP Streams In pages
    Bissias
  • Tor The Second - Generation Onion Router In Proceedings of the th
    Dingledine
  • Systematic Approach to Developing and Evaluating Website Fingerprinting Defenses In Proceedings of the th ACM Conference on Computer and Communications
    Cai
  • Critical Evaluation of Website Fingerprinting Attacks In Proceedings of the th ACM Conference on Computer and Communications
    Juarez
  • tool collects nearly everything a user does on the internet http www theguardian com world jul nsa top secret program online data Accessed Feb
    Greenwald
  • Systematic Approach to Developing and Evaluating Website Fingerprinting Defenses In Proceedings of the th ACM Conference on Computer and Communications
    Cai
  • Website fingerprinting at internet scale In Proceedings of the rd Network and Distributed System
    Panchenko
  • Inferring the Source of Encrypted HTTP Connections In Proceedings of the th ACM Conference on Computer and Communications pages
    Liberatore
  • Fingerprinting Websites Using In pages
    Hintz
  • Website fingerprinting at internet scale In Proceedings of the rd Network and Distributed System
    Panchenko
  • Circuit fingerprinting attacks : passive deanonymization of tor hidden services In th pages
    Kwon
  • Website Fingerprinting : Attacking Popular Technologies with the Multinomial In Proceedings of the Workshop on Cloud pages
    Herrmann
  • Inferring the Source of Encrypted HTTP Connections In Proceedings of the th ACM Conference on Computer and Communications pages
    Liberatore
  • Web traffic modeling exploiting TCP connections temporal clustering through HTML - REDUCE Network
    Molina
  • Privacy Vulnerabilities in Encrypted HTTP Streams In pages
    Bissias
  • Website Fingerprinting : Attacking Popular Technologies with the Multinomial In Proceedings of the Workshop on Cloud pages
    Herrmann
  • Understanding web browsing behaviors through Weibull analysis of dwell time In Proceedings of the rd international ACM Conference pages
    Liu
  • Statistical Identification of Encrypted Web Browsing In Proceedings of the on and pages
    Sun
  • Self similarity in traffic evidence possible causes Transactions on
    Crovella
  • Touching from a Distance : Website Fingerprinting Attacks and Defenses In Proceedings of the th ACM Conference on Computer and Communications pages
    Cai
  • of Website Fingerprinting Attacks https blog torproject org blog critique website trafficfingerprinting attacks November Accessed Feb
    Perry
  • Improved Website Fingerprinting on Tor In Proceedings of the th ACM Workshop on Privacy in the Electronic pages
    Wang
  • Improved Website Fingerprinting on Tor In Proceedings of the th ACM Workshop on Privacy in the Electronic pages
    Wang
  • Tor The Second - Generation Onion Router In Proceedings of the th
    Dingledine