1. bookVolume 2020 (2020): Issue 3 (July 2020)
Journal Details
License
Format
Journal
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English
Copyright
© 2020 Sciendo

Tik-Tok: The Utility of Packet Timing in Website Fingerprinting Attacks

Published Online: 17 Aug 2020
Page range: 5 - 24
Received: 30 Nov 2019
Accepted: 16 Mar 2020
Journal Details
License
Format
Journal
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English
Copyright
© 2020 Sciendo

A passive local eavesdropper can leverage Website Fingerprinting (WF) to deanonymize the web browsing activity of Tor users. The value of timing information to WF has often been discounted in recent works due to the volatility of low-level timing information. In this paper, we more carefully examine the extent to which packet timing can be used to facilitate WF attacks. We first propose a new set of timing-related features based on burst-level characteristics to further identify more ways that timing patterns could be used by classifiers to identify sites. Then we evaluate the effectiveness of both raw timing and directional timing which is a combination of raw timing and direction in a deep-learning-based WF attack. Our closed-world evaluation shows that directional timing performs best in most of the settings we explored, achieving: (i) 98.4% in undefended Tor traffic; (ii) 93.5% on WTF-PAD traffic, several points higher than when only directional information is used; and (iii) 64.7% against onion sites, 12% higher than using only direction. Further evaluations in the open-world setting show small increases in both precision (+2%) and recall (+6%) with directional-timing on WTF-PAD traffic. To further investigate the value of timing information, we perform an information leakage analysis on our proposed handcrafted features. Our results show that while timing features leak less information than directional features, the information contained in each feature is mutually exclusive to one another and can thus improve the robustness of a classifier.

Keywords

[1] Tor Browser Crawler. https://github.com/webfp/torbrowser-crawler.Search in Google Scholar

[2] Tor: Onion Service Protocol. https://www.torproject.org/docs/onion-services.Search in Google Scholar

[3] WFPadTools Framework. https://github.com/mjuarezm/wfpadtools.Search in Google Scholar

[4] Abe, K., and Goto, S. Fingerprinting attack on Tor anonymity using deep learning. Proceedings of the Asia-Pacific Advanced Network (2016).Search in Google Scholar

[5] Bhat, S., Lu, D., Kwon, A., and Devadas, S. Var-cnn: A data-efficient website fingerprinting attack based on deep learning. Proceedings on Privacy Enhancing Technologies 2019, 4 (2019), 292–310.Search in Google Scholar

[6] Bissias, G. D., Liberatore, M., Jensen, D., and Levine, B. N. Privacy vulnerabilities in encrypted HTTP streams. In Workshop on Privacy Enhancing Technologies (PET) (2005).Search in Google Scholar

[7] Cai, X., Nithyanand, R., and Johnson, R. CS-BuFLO: A congestion sensitive website fingerprinting defense. In Proceedings of the 13th Workshop on Privacy in the Electronic Society (WPES) (2014), ACM.Search in Google Scholar

[8] Cai, X., Nithyanand, R., Wang, T., Johnson, R., and Goldberg, I. A systematic approach to developing and evaluating website fingerprinting defenses. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS) (2014), ACM.Search in Google Scholar

[9] Cai, X., Zhang, X. C., Joshi, B., and Johnson, R. Touching from a distance: Website fingerprinting attacks and defenses. In Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCS) (2012), ACM.Search in Google Scholar

[10] Du, M., Liu, N., and Hu, X. Techniques for interpretable machine learning. Communications of the ACM 63, 1 (2019), 68–77.Search in Google Scholar

[11] Dyer, K. P., Coull, S. E., Ristenpart, T., and Shrimpton, T. Peek-a-boo, I still see you: Why efficient traffic analysis countermeasures fail. In Proceeding of the 33th IEEE Symposium on Security and Privacy (S&P) (2012).Search in Google Scholar

[12] Hayes, J., and Danezis, G. k-Fingerprinting: A robust scalable website fingerprinting technique. In Proceedings of the 25th USENIX Conference on Security SymposiumSearch in Google Scholar

(2016).Search in Google Scholar

[13] Herrmann, D., Wendolsky, R., and Federrath, H. Website fingerprinting: Attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier. In Proceedings of the 2009 ACM Workshop on Cloud Computing Security (2009).Search in Google Scholar

[14] Jansen, R., Juarez, M., Galvez, R., Elahi, T., and Diaz, C. Inside Job: Applying traffic analysis to measure tor from within. In Proceedings of the 25th Network and Distributed System Security Symposium (NDSS) (2018).Search in Google Scholar

[15] Juarez, M., Afroz, S., Acar, G., Diaz, C., and Greenstadt, R. A critical evaluation of website fingerprinting attacks. In Proceedings of the 2014 ACM Conference on Computer and Communications Security (CCS) (2014), ACM.Search in Google Scholar

[16] Juarez, M., Imani, M., Perry, M., Diaz, C., and Wright, M. Toward an efficient website fingerprinting defense. In European Symposium on Research in Computer Security (ESORICS) (2016).Search in Google Scholar

[17] Karen, S., and Andrew, Z. Very deep convolutional networks for large-scale image recognition. In 3rd International Conference on Learning Representations (ICLR) (2015).Search in Google Scholar

[18] Krizhevsky, A., Sutskever, I., and Hinton, G. E. Imagenet classification with deep convolutional neural networks. In Advances in Neural Information Processing Systems (NIPS). 2012.Search in Google Scholar

[19] Kwon, A., AlSabah, M., Lazar, D., Dacier, M., and Devadas, S. Circuit fingerprinting attacks: Passive deanonymization of Tor hidden services. In Proceedings of the 24th USENIX Conference on Security Symposium (2015).Search in Google Scholar

[20] LeCun, Y., Bengio, Y., and Hinton, G. Deep learning. Nature, 4 (2015), 436–444.Search in Google Scholar

[21] Li, S., Guo, H., and Hopper, N. Measuring information leakage in website fingerprinting attacks and defenses. In ACM Conference on Computer and Communications Security (CCS) (2018).Search in Google Scholar

[22] Mani, A., Wilson-Brown, T., Jansen, R., Johnson, A., and Sherr, M. Understanding tor usage with privacypreserving measurement. In Proceedings of the Internet Measurement Conference (2018), ACM.Search in Google Scholar

[23] Miller, B., Huang, L., Joseph, A. D., and Tygar, J. D. I know why you went to the clinic: Risks and realization of HTTPS traffic analysis. In Privacy Enhancing Technologies Symposium (PETS) (2014).Search in Google Scholar

[24] Oh, S. E., Sunkam, S., and Hopper, N. p-fp: Extraction, classification, and prediction of website fingerprints with deep learning. Proceedings on Privacy Enhancing Technologies 2019, 3 (2019), 191–209.Search in Google Scholar

[25] Overdorf, R., Juarez, M., Acar, G., Greenstadt, R., and Diaz, C. How Unique is Your. onion?: an analysis of the fingerprintability of tor onion services. In Proceedings of the 2017 ACM Conference on Computer and Communications Security (CCS) (2017), ACM.Search in Google Scholar

[26] Panchenko, A., Lanze, F., Pennekamp, J., Engel, T., Zinnen, A., Henze, M., and Wehrle, K. Website fingerprinting at Internet scale. In Proceedings of the 23rd Network and Distributed System Security Symposium (NDSS) (2016).Search in Google Scholar

[27] Panchenko, A., Niessen, L., Zinnen, A., and Engel, T. Website fingerprinting in onion routing based anonymization networks. In Proceedings of the 10th annual ACM Workshop on Privacy in the Electronic Society (WPES) (2011).Search in Google Scholar

[28] Perry, M. Experimental defense for website traffic fingerprinting. Tor project blog. (2011). https://blog.torproject.org/blog/experimental-defense-website-traffic-fingerprinting.Search in Google Scholar

[29] Perry, M. A critique of website traffic fingerprinting attacks. Tor project blog. (2013). https://blog.torproject.org.Search in Google Scholar

[30] Rimmer, V., Preuveneers, D., Juarez, M., Van Goethem, T., and Joosen, W. Automated website fingerprinting through deep learning. In Proceedings of the 25th Network and Distributed System Security Symposium (NDSS) (2018).Search in Google Scholar

[31] Shmatikov, V., and Wang, M.-H. Timing analysis in low-latency mix networks: Attacks and defenses. European Symposium on Research in Computer Security (2006).Search in Google Scholar

[32] Sirinam, P., Imani, M., Juarez, M., and Wright, M. Deep fingerprinting: Undermining website fingerprinting defenses with deep learning. In ACM Conference on Computer and Communications Security (CCS) (2018), ACM.Search in Google Scholar

[33] Sirinam, P., Mathews, N., Rahman, M. S., and Wright, M. Triplet Fingerprinting: More practical and portable website fingerprinting with N-shot learning. In ACM Conference on Computer and Communications Security (CCS) (2019).Search in Google Scholar

[34] Song, W., and Cai, J. End-to-end deep neural network for automatic speech recognition.Search in Google Scholar

[35] Wang, T., Cai, X., Nithyanand, R., Johnson, R., and Goldberg, I. Effective attacks and provable defenses for website fingerprinting. In Proceedings of the 23rd USENIX Conference on Security Symposium (2014).Search in Google Scholar

[36] Wang, T., and Goldberg, I. Improved website fingerprinting on Tor. In Proceedings of the 12th ACM Workshop on Workshop on Privacy in the Electronic Society (WPES) (2013).Search in Google Scholar

[37] Wang, T., and Goldberg, I. Walkie-Talkie: An efficient defense against passive website fingerprinting attacks. In Proceedings of the 26th USENIX Conference on Security Symposium (2017).Search in Google Scholar

[38] Yan, J., and Kaur, J. Feature selection for website fingerprinting. In Proceedings on Privacy Enhancing Technologies (PETS) (2018).Search in Google Scholar

[39] Yan, J., and Kaur, J. Feature selection for website fingerprinting. Tech. Rep. 18-001, 2018. http://www.cs.unc.edu/techreports/18-001.pdf.Search in Google Scholar

Plan your remote conference with Sciendo