Website fingerprinting

Herrmann, Dominik; Wendolsky, Rolf; Federrath, Hannes

doi:10.1145/1655008.1655013

Cited by 290 publications

(31 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…If the training and test data are both collected from the same location, a much larger fraction of sites can be accurately detected with low error rates. We find that despite working with a much noisier information source than previous web fingerprinting work [2,11,17], our website detection attack nevertheless shows that remote traffic analysis is a serious threat to Internet privacy.…”

Section: Introductionmentioning

confidence: 72%

“…Recent research has shown that traffic analysis applied to network communications can be used to compromise users' secrecy and privacy. By using packet sizes, timings, and counts, it is possible to fingerprint websites visited over an encrypted tunnel [2,4,11,17], infer keystrokes sent over a secure interactive connection [27,34] and even detect phrases in VoIP sessions [31][32][33]. These attacks have been explored in the context of a local adversary who can observe the target traffic directly on a shared network link or can monitor a wireless network from a nearby vantage point [25].…”

Section: Introductionmentioning

confidence: 99%

“…To demonstrate the feasibility of using remote traffic analysis for real malicious attack to learn sensitive information, we adapt the website fingerprinting attack [2,11,17], previously targeted at local victims, to a new scenario and introduce a remote website detection attack. Our attack can find out when a victim user under observation visits a particular target site without directly monitoring the user's traffic.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Website Detection Using Remote Traffic Analysis

Gong

Borisov

Kiyavash³

et al. 2012

Privacy Enhancing Technologies

View full text Add to dashboard Cite

Abstract. Recent work in traffic analysis has shown that traffic patterns leaked through side channels can be used to recover important semantic information. For instance, attackers can find out which website, or which page on a website, a user is accessing simply by monitoring the packet size distribution. We show that traffic analysis is even a greater threat to privacy than previously thought by introducing a new attack that can be carried out remotely. In particular, we show that, to perform traffic analysis, adversaries do not need to directly observe the traffic patterns. Instead, they can gain sufficient information by sending probes from a far-off vantage point that exploits a queuing side channel in routers. To demonstrate the threat of such remote traffic analysis, we study a remote website detection attack that works against home broadband users. Because the remotely observed traffic patterns are more noisy than those obtained using previous schemes based on direct local traffic monitoring, we take a dynamic time warping (DTW) based approach to detecting fingerprints from the same website. As a new twist on website fingerprinting, we consider a website detection attack, where the attacker aims to find out whether a user browses a particular web site, and its privacy implications. We show experimentally that, although the success of the attack is highly variable, depending on the target site, for some sites very low error rates. We also show how such website detection can be used to deanonymize message board users.

show abstract

Section: Introductionmentioning

confidence: 72%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Website Detection Using Remote Traffic Analysis

Gong

Borisov

Kiyavash³

et al. 2012

Privacy Enhancing Technologies

View full text Add to dashboard Cite

show abstract

“…Fingerprinting has become a popular method for device identification, and has been used to identify home electronics [38], websites [39], [40], [41], [42], [43], [44], the operating system of VMs [45], [46], and the source of phone calls [47]. The concept of fingerprinting stems from leveraging measurable signals caused by hardware imperfections in analog circuitry to uniquely identify devices.…”

Section: A Fingerprintingmentioning

confidence: 99%

Leveraging USB to Establish Host Identity Using Commodity Devices

Bates

Leonard

Pruse

et al. 2014

Proceedings 2014 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Abstract-Determining a computer's identity is a challenge of critical importance to users wishing to ensure that they are interacting with the correct system; it is also extremely valuable to forensics investigators. However, even hosts that contain trusted computing hardware to establish identity can be defeated by relay and impersonation attacks. In this paper, we consider how to leverage the virtually ubiquitous USB interface to uniquely identify computers based on the characteristics of their hardware, firmware, and software stacks. We collect USB data on a corpus of over 250 machines with a variety of hardware and software configurations, and through machine learning classification techniques we demonstrate that, given a period of observation on the order of tenths of a second, we can differentiate hosts based on a variety of attributes such as operating system, manufacturer, and model with upwards of 90% accuracy. Over longer periods of observation on the order of minutes, we demonstrate the ability to distinguish between hosts that are seemingly identical; using Random Forest classification and statistical analysis, we generate fingerprints that can be used to uniquely and consistently identify 70% of a field of 30 machines that share identical OS and hardware specifications. Additionally, we show that we can detect the presence of a hypervisor on a computer with 100% accuracy and that our results are resistant to concept drift, a spoofing attack in which malicious hosts provide fraudulent USB messages, and relaying of commands from other machines. Our techniques are thus generally employable in an easy-to-use and low-cost fashion.

show abstract

“…This naturally makes the task more difficult because Tor introduces two defenses [24]: combining all network traffic into one TCP stream to the first Tor router, and padding each packet to a fixed size (or a small set of sizes). Herrmann et al [35] use a multinomial naïve Bayes classifier on the histogram of packet sizes and directions successfully against VPN technologies and OpenSSH, but they achieve under 3% accuracy against Tor while classifying on a set of 775 web sites. The work of Panchenko et al [57], however, demonstrates that these defenses are not enough.…”

Section: Related Workmentioning

confidence: 99%

StegoTorus

Weinberg

Wang

Yegneswaran

et al. 2012

Proceedings of the 2012 ACM Conference on Computer and Communications Security

View full text Add to dashboard Cite

Internet censorship by governments is an increasingly common practice worldwide. Internet users and censors are locked in an arms race: as users find ways to evade censorship schemes, the censors develop countermeasures for the evasion tactics. One of the most popular and effective circumvention tools, Tor, must regularly adjust its network traffic signature to remain usable.We present StegoTorus, a tool that comprehensively disguises Tor from protocol analysis. To foil analysis of packet contents, Tor's traffic is steganographed to resemble an innocuous cover protocol, such as HTTP. To foil analysis at the transport level, the Tor circuit is distributed over many shorter-lived connections with per-packet characteristics that mimic cover-protocol traffic. Our evaluation demonstrates that StegoTorus improves the resilience of Tor to fingerprinting attacks and delivers usable performance.

show abstract

Website fingerprinting

Cited by 290 publications

References 32 publications

Website Detection Using Remote Traffic Analysis

Website Detection Using Remote Traffic Analysis

Leveraging USB to Establish Host Identity Using Commodity Devices

StegoTorus

Contact Info

Product

Resources

About