1. bookVolume 2022 (2022): Edizione 2 (April 2022)
Dettagli della rivista
License
Formato
Rivista
eISSN
2299-0984
Prima pubblicazione
16 Apr 2015
Frequenza di pubblicazione
4 volte all'anno
Lingue
Inglese
access type Accesso libero

RegulaTor: A Straightforward Website Fingerprinting Defense

Pubblicato online: 03 Mar 2022
Volume & Edizione: Volume 2022 (2022) - Edizione 2 (April 2022)
Pagine: 344 - 362
Ricevuto: 31 Aug 2021
Accettato: 16 Dec 2021
Dettagli della rivista
License
Formato
Rivista
eISSN
2299-0984
Prima pubblicazione
16 Apr 2015
Frequenza di pubblicazione
4 volte all'anno
Lingue
Inglese
Abstract

Website Fingerprinting (WF) attacks are used by local passive attackers to determine the destination of encrypted internet traffic by comparing the sequences of packets sent to and received by the user to a previously recorded data set. As a result, WF attacks are of particular concern to privacy-enhancing technologies such as Tor. In response, a variety of WF defenses have been developed, though they tend to incur high bandwidth and latency overhead or require additional infrastructure, thus making them difficult to implement in practice. Some lighter-weight defenses have been presented as well; still, they attain only moderate effectiveness against recently published WF attacks. In this paper, we aim to present a realistic and novel defense, RegulaTor, which takes advantage of common patterns in web browsing traffic to reduce both defense overhead and the accuracy of current WF attacks. In the closed-world setting, RegulaTor reduces the accuracy of the state-of-the-art attack, Tik-Tok, against comparable defenses from 66% to 25.4%. To achieve this performance, it requires 6.6% latency overhead and a bandwidth overhead 39.3% less than the leading moderate-overhead defense. In the open-world setting, RegulaTor limits a precision-tuned Tik-Tok attack to an F1-score of. 135, compared to .625 for the best comparable defense.

Keywords

[1] Tor Project. Circuit padding developer documentation. https://github.com/torproject/tor/blob/master/doc/HACKING/CircuitPaddingDevelopment.md. Accessed: 2020-11-17. Search in Google Scholar

[2] M. Perry. A critique of website traffic fingerprinting attacks. https://blog.torproject.org/critique-website-traffic-fingerprinting-attacks. Accessed: 2020-11-17. Search in Google Scholar

[3] T. Wang. Defenses notes. http://home.cse.ust.hk/~taow/wf/defenses/. Accessed: 2020-9-21. Search in Google Scholar

[4] M. Perry. Experimental defense for website traffic fingerprinting. https://blog.torproject.org/experimental-defense-website-traffic-fingerprinting. Accessed: 2020-11-17. Search in Google Scholar

[5] Hyperopt: Distributed hyperparameter optimization. https://github.com/hyperopt/hyperopt. Accessed: 2021-5-21. Search in Google Scholar

[6] Y. Angel. obfs4 - the obfourscator. https://github.com/Yawning/obfs4. Accessed: 2021-5-21. Search in Google Scholar

[7] HTTP Archive. Report: State of the web. https://httparchive.org/reports/state-of-the-web#bytesTotal. Accessed: 2021-9-21. Search in Google Scholar

[8] Tor Project. Tor browser crawler. https://github.com/webfp/tor-browser-crawler. Accessed: 2020-11-17. Search in Google Scholar

[9] Tor Project. Tor metrics. https://metrics.torproject.org/userstats-relay-country.html. Accessed: 2019-01-20. Search in Google Scholar

[10] Tor Project. Tor: Pluggable transports. https://2019.www.torproject.org/docs/pluggable-transports.html.en. Accessed: 2021-5-21. Search in Google Scholar

[11] Tor Project. Torspec: Padding negotiation. https://gitweb.torproject.org/torspec.git/tree/proposals/254-padding-negotiation.txt. Accessed: 2021-9-21. Search in Google Scholar

[12] M. Juarez. Wfpadtools. https://github.com/mjuarezm/wfpadtools. Accessed: 2021-5-21. Search in Google Scholar

[13] J. Bergstra, R. Bardenet, Y. Bengio, and B. Kégl. Algorithms for hyper-parameter optimization. In Advances in Neural Information Processing Systems, volume 24, 2011. Search in Google Scholar

[14] S. Bhat, D. Lu, A. Kwon, and S. Devadas. Var-CNN: A Data-Efficient Website Fingerprinting Attack Based on Deep Learning. Proceedings on Privacy Enhancing Technologies, 2019(4):292–310, 2019. Search in Google Scholar

[15] X. Cai, R. Nithyanand, and R. Johnson. Cs-buflo: A congestion sensitive website fingerprinting defense. In Proceedings of the 13th Workshop on Privacy in the Electronic Society, pages 121–130, 2014.10.1145/2665943.2665949 Search in Google Scholar

[16] X. Cai, R. Nithyanand, T. Wang, R. Johnson, and I. Goldberg. A systematic approach to developing and evaluating website fingerprinting defenses. In Proceedings of the ACM Conference on Computer and Communications Security, pages 227–238. Association for Computing Machinery, nov 2014.10.1145/2660267.2660362 Search in Google Scholar

[17] X. Cai, X. Zhang, B. Joshi, and R. Johnson. Touching from a distance: Website fingerprinting attacks and defenses. In Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS ’12, page 605–616, New York, NY, USA, 2012.10.1145/2382196.2382260 Search in Google Scholar

[18] W. De la Cadena, A. Mitseva, J. Hiller, J. Pennekamp, S. Reuter, J. Filter, T. Engel, K. Wehrle, and A. Panchenko. Trafficsliver: Fighting website fingerprinting attacks with traffic splitting. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, CCS ’20, page 1971–1985, New York, NY, USA, 2020.10.1145/3372297.3423351 Search in Google Scholar

[19] R. Dingledine, N. Mathewson, and P. Syverson. Tor: The second-generation onion router. In 13th USENIX Security Symposium (USENIX Security 04), San Diego, CA, August 2004. USENIX Association.10.21236/ADA465464 Search in Google Scholar

[20] K.P. Dyer, S.E. Coull, T. Ristenpart, and T. Shrimpton. Peek-a-boo, i still see you: Why efficient traffic analysis countermeasures fail. In 2012 IEEE symposium on security and privacy, pages 332–346. IEEE, 2012.10.1109/SP.2012.28 Search in Google Scholar

[21] J. Gong and T. Wang. Zero-delay lightweight defenses against website fingerprinting. In 29th USENIX Security Symposium (USENIX Security 20), pages 717–734. USENIX Association, August 2020. Search in Google Scholar

[22] J. Hayes and G. Danezis. k-fingerprinting: A robust scalable website fingerprinting technique. In 25th USENIX Security Symposium (USENIX Security 16), pages 1187–1203, 2016. Search in Google Scholar

[23] S. Henri, G. Garcia-Aviles, P. Serrano, A. Banchs, and P. Thiran. Protecting against website fingerprinting with multihoming. Proceedings on Privacy Enhancing Technologies, 2020:89 – 110, 2020.10.2478/popets-2020-0019 Search in Google Scholar

[24] D. Herrmann, R. Wendolsky, and H. Federrath. Website fingerprinting: Attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier. In Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW ’09, page 31–42, New York, NY, USA, 2009. Association for Computing Machinery.10.1145/1655008.1655013 Search in Google Scholar

[25] A. Hintz. Fingerprinting websites using traffic analysis. In Proceedings of the 2nd International Conference on Privacy Enhancing Technologies, PET’02, page 171–178, Berlin, Heidelberg, 2002. Springer-Verlag.10.1007/3-540-36467-6_13 Search in Google Scholar

[26] F. Hutter, L. Kotthoff, and J. Vanschoren. Automated Machine Learning - Methods, Systems, Challenges. 01 2019.10.1007/978-3-030-05318-5 Search in Google Scholar

[27] R. Jansen, M. Juarez, R. Galvez, T. Elahi, and C. Diaz. Inside job: Applying traffic analysis to measure tor from within. In NDSS, 2018.10.14722/ndss.2018.23261 Search in Google Scholar

[28] M. Juarez, S. Afroz, G. Acar, C. Diaz, and R. Greenstadt. A critical evaluation of website fingerprinting attacks. Proceedings of the ACM Conference on Computer and Communications Security, pages 263–274, 2014.10.1145/2660267.2660368 Search in Google Scholar

[29] M. Juárez, M. Imani, M. Perry, C. Díaz, and M. Wright. WTF-PAD: Toward an efficient website fingerprinting defense for Tor. ESORICS 2016, abs/1512.00524, 2015. Search in Google Scholar

[30] X. Luo, P. Zhou, E.W.W. Chan, W. Lee, R. KC Chang, R. Perdisci, et al. HTTPOS: Sealing information leaks with browser-side obfuscation of encrypted flows. In NDSS, volume 11, 2011. Search in Google Scholar

[31] R. Nithyanand, X. Cai, and R. Johnson. Glove: A bespoke website fingerprinting defense. In Proceedings of the ACM Conference on Computer and Communications Security, pages 131–134. Association for Computing Machinery, nov 2014.10.1145/2665943.2665950 Search in Google Scholar

[32] S.E. Oh, N. Mathews, M.S. Rahman, M. Wright, and N. Hopper. Gandalf: Gan for data-limited fingerprinting. Proceedings on Privacy Enhancing Technologies, 2021(2):305–322, 2021. Search in Google Scholar

[33] S.E. Oh, S. Sunkam, and N. Hopper. p1-FP: Extraction, Classification, and Prediction of Website Fingerprints with Deep Learning. Proceedings on Privacy Enhancing Technologies, 2019(3):191–209, 2019. Search in Google Scholar

[34] A. Panchenko, F. Lanze, J. Pennekamp, T. Engel, A. Zinnen, M. Henze, and K. Wehrle. Website fingerprinting at internet scale. In NDSS, 2016.10.14722/ndss.2016.23477 Search in Google Scholar

[35] A. Panchenko, L. Niessen, A. Zinnen, and T. Engel. Website fingerprinting in onion routing based anonymization networks. In Proceedings of the 10th Annual ACM Workshop on Privacy in the Electronic Society, WPES ’11, page 103–114, New York, NY, USA, 2011. Association for Computing Machinery.10.1145/2046556.2046570 Search in Google Scholar

[36] T. Pulls. Towards effective and efficient padding machines for tor. arXiv preprint arXiv:2011.13471, 2020. Search in Google Scholar

[37] T. Pulls and R. Dahlberg. Website fingerprinting with website oracles. Proceedings on Privacy Enhancing Technologies, 2020:235–255, 01 2020.10.2478/popets-2020-0013 Search in Google Scholar

[38] M.S. Rahman, P. Sirinam, N. Mathews, K.G. Gangadhara, and M. Wright. Tik-tok: The utility of packet timing in website fingerprinting attacks. Proceedings on Privacy Enhancing Technologies, 2020(3), 2020.10.2478/popets-2020-0043 Search in Google Scholar

[39] V. Rimmer, D. Preuveneers, M. Juarez, T.V. Goethem, and W. Joosen. Automated Website Fingerprinting through Deep Learning. In NDSS, 2018.10.14722/ndss.2018.23105 Search in Google Scholar

[40] V. Shmatikov and M.H. Wang. Timing analysis in low-latency mix networks: Attacks and defenses. In European Symposium on Research in Computer Security, pages 18–33. Springer, 2006.10.1007/11863908_2 Search in Google Scholar

[41] P. Sirinam. Website fingerprinting using deep learning. Thesis. Rochester Institute of Technology, 2019. Search in Google Scholar

[42] P. Sirinam, M. Imani, M. Juarez, and M. Wright. Deep fingerprinting: Undermining website fingerprinting defenses with deep learning. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS ’18, page 1928–1943, New York, NY, USA, 2018.10.1145/3243734.3243768 Search in Google Scholar

[43] P. Sirinam, N. Mathews, M.S. Rahman, and M. Wright. Triplet fingerprinting: More practical and portable website fingerprinting with n-shot learning. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS ’19, page 1131–1148, New York, NY, USA, 2019.10.1145/3319535.3354217 Search in Google Scholar

[44] T. Wang, X. Cai, R. Nithyanand, R. Johnson, and I. Goldberg. Effective Attacks and Provable Defenses for Website Fingerprinting. 23rd USENIX Security Symposium (USENIX Security 14), pages 143–157, 2014. Search in Google Scholar

[45] T. Wang and I. Goldberg. Improved website fingerprinting on Tor. Proceedings of the ACM Conference on Computer and Communications Security, pages 201–212, 2013.10.1145/2517840.2517851 Search in Google Scholar

[46] T. Wang and I. Goldberg. Walkie-talkie: An efficient defense against passive website fingerprinting attacks. In Proceedings of the 26th USENIX Conference on Security Symposium, SEC’17, page 1375–1390, USA, 2017. USENIX Association. Search in Google Scholar

[47] C.V. Wright, S.E. Coull, and F. Monrose. Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis. Technical report, 2009. Search in Google Scholar

Articoli consigliati da Trend MD

Pianifica la tua conferenza remota con Sciendo