Website Fingerprinting at Internet Scale

Panchenko, Andriy; Lanze, Fabian; Zinnen, Andreas; Henze, Martin; Pennekamp, Jan; Wehrle, Klaus; Engel, Thomas

doi:10.14722/ndss.2016.23477

Cited by 392 publications

(424 citation statements)

References 21 publications

Supporting

Mentioning

389

Contrasting

Order By: Relevance

“…The latest attacks against Tor achieve more than 90% accuracy in a closed-world of websites, where the attacker is assumed to have samples for all the websites a target user may visit [5,11,20,30,31]. This assumption is unrealistically advantageous for the attacker [14] and a recent study has shown that the attack does not scale to large open-worlds [20].…”

Section: Attacksmentioning

confidence: 99%

“…This assumption is unrealistically advantageous for the attacker [14] and a recent study has shown that the attack does not scale to large open-worlds [20]. However, the .onion space is significantly smaller than the Web and may be feasible for an adversary to train on a substantial fraction of all .onion websites.…”

Section: Attacksmentioning

confidence: 99%

“…CUMUL depends on packet lengths and so some defenses that only operate on packet time information cannot be applied. use CUMUL [20], k-FP [11] k-NN [30] for evaluation 12 .…”

Section: P-alpaca and D-alpaca Evaluationmentioning

confidence: 99%

See 2 more Smart Citations

Website Fingerprinting Defenses at the Application Layer

Cherubin

Hayes

Juárez

2017

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Website Fingerprinting (WF) allows a passive network adversary to learn the websites that a client visits by analyzing traffic patterns that are unique to each website. It has been recently shown that these attacks are particularly effective against .onion sites, anonymous web servers hosted within the Tor network. Given the sensitive nature of the content of these services, the implications of WF on the Tor network are alarming. Prior work has only considered defenses at the client-side arguing that web servers lack of incentives to adopt countermeasures. Furthermore, most of these defenses have been designed to operate on the stream of network packets, making practical deployment difficult. In this paper, we propose two application-level defenses including the first server-side defense against WF, as .onion services have incentives to support it. The other defense is a lightweight client-side defense implemented as a browser add-on, improving ease of deployment over previous approaches. In our evaluations, the server-side defense is able to reduce WF accuracy on Tor .onion sites from 69.6% to 10% and the client-side defense reduces accuracy from 64% to 31.5%.

show abstract

Section: Attacksmentioning

confidence: 99%

Section: Attacksmentioning

confidence: 99%

See 1 more Smart Citation

Website Fingerprinting Defenses at the Application Layer

Cherubin

Hayes

Juárez

2017

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

show abstract

“…Also outside our scope are connection-level features that can divulge indications of the server involved in the connection, such as have been used in TCP fingerprinting (e.g., [17]), TLS fingerprinting (e.g., [26]), or website fingerprinting (e.g., [13,31,39]). Such features include the number of servers to which the client connects, the timing connections to relative to one another, connection volume patterns, etc.…”

Section: Securitymentioning

confidence: 99%

“…While we have made initial steps to support per-connection trafficanalysis defense (Appendix A), that defense does not immediately address traffic analysis based on aggregates of connections, e.g., the number of servers to which connections are made or the relative timings of these connections. Defending against this type of attack remains a very active area of research independent of our proposal (e.g., [13,14,31,39]). …”

Section: Scope Of Defensementioning

confidence: 99%

Personalized Pseudonyms for Servers in the Cloud

Xiao

Reiter

Zhang

2017

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

A considerable and growing fraction of servers, especially of web servers, is hosted in compute clouds. In this paper we opportunistically leverage this trend to improve privacy of clients from network attackers residing between the clients and the cloud: We design a system that can be deployed by the cloud operator to prevent a network adversary from determining which of the cloud's tenant servers a client is accessing. The core innovation in our design is a PoPSiCl (pronounced "popsicle"), a persistent pseudonym for a tenant server that can be used by a single client to access the server, whose real identity is protected by the cloud from both passive and active network attackers. When instantiated for TLS-based access to web servers, our design works with all major browsers and requires no additional client-side software and minimal changes to the client user experience. Moreover, changes to tenant servers can be hidden in supporting software (operating systems and web-programming frameworks) without imposing on web-content development. Perhaps most notably, our system boosts privacy with minimal impact to web-browsing performance, after some initial setup during a user's first access to each web server.

show abstract

Hackers versus Normal Users

2021

Intelligent Security Systems

View full text Add to dashboard Cite

Website Fingerprinting at Internet Scale

Cited by 392 publications

References 21 publications

Website Fingerprinting Defenses at the Application Layer

Website Fingerprinting Defenses at the Application Layer

Personalized Pseudonyms for Servers in the Cloud

Hackers versus Normal Users

Contact Info

Product

Resources

About