A Critical Evaluation of Website Fingerprinting Attacks

Juárez, Marc; Afroz, Sadia; Acar, Güneş; Díaz, Claudia; Greenstadt, Rachel

doi:10.1145/2660267.2660368

Cited by 248 publications

(236 citation statements)

References 22 publications

Supporting

Mentioning

233

Contrasting

Order By: Relevance

“…Even with the challenges of open-world and multi-tab browsing [11], some websites may exhibit especially unique traffic patterns and be prone to high-confidence attacks. Attacks may observe visits to the same site over multiple sessions and gain confidence in a result.…”

Section: Discussion and Future Workmentioning

confidence: 99%

“…HTTPOS modifies HTTP headers and injects HTTP requests strategically [13], while Randomized Pipelining, a WF countermeasure currently implemented in the Tor Browser, randomizes the pipeline of HTTP requests. Both defenses have been shown to be ineffective in several evaluations [5,24,23,11].…”

Section: Defensesmentioning

confidence: 99%

“…This approach aims to optimally reduce the amount of padding needed to confound the attacker's classifier. These defenses, as well as traffic morphing techniques [25,12], have the shortcoming that require a database of webpage templates that needs to be frequently updated and would be costly to maintain [11].…”

Section: Defensesmentioning

confidence: 99%

“…We used a dataset that had been collected for a study about a realistic evaluation of WF attacks [11]. This dataset consists of 40 instances, collected in ten batches of four visits, for each homepage in top-100 Alexa sites [1].…”

Section: Datamentioning

confidence: 99%

See 3 more Smart Citations

Toward an Efficient Website Fingerprinting Defense

Juárez

Imani

Perry

et al. 2016

Lecture Notes in Computer Science

Self Cite

199

175

View full text Add to dashboard Cite

Abstract. Website Fingerprinting attacks enable a passive eavesdropper to recover the user's otherwise anonymized web browsing activity by matching the observed traffic with prerecorded web traffic templates. The defenses that have been proposed to counter these attacks are impractical for deployment in real-world systems due to their high cost in terms of added delay and bandwidth overhead. Further, these defenses have been designed to counter attacks that, despite their high success rates, have been criticized for assuming unrealistic attack conditions in the evaluation setting. In this paper, we propose a novel, lightweight defense based on Adaptive Padding that provides a sufficient level of security against website fingerprinting, particularly in realistic evaluation conditions. In a closed-world setting, this defense reduces the accuracy of the state-ofthe-art attack from 91% to 20%, while introducing zero latency overhead and less than 60% bandwidth overhead. In an open-world, the attack precision is just 1% and drops further as the number of sites grows.

show abstract

Section: Discussion and Future Workmentioning

confidence: 99%

Section: Defensesmentioning

confidence: 99%

Section: Defensesmentioning

confidence: 99%

Section: Datamentioning

confidence: 99%

See 2 more Smart Citations

Toward an Efficient Website Fingerprinting Defense

Juárez

Imani

Perry

et al. 2016

Lecture Notes in Computer Science

Self Cite

199

175

View full text Add to dashboard Cite

show abstract

“…We therefore implement a simple client-side WF defense, dubbed Lightweight application-Layer Masquerading Add-on (LLaMA), that works at the application layer by adding extra delays to the HTTP requests. These delays alter the order of the requests in a similar way to randomized pipelining (RP) [23], a WF countermeasure implemented in the Tor browser that has been shown to fail in several evaluations [5,14,31]. Besides delaying HTTP requests, our defense sends redundant requests to the server.…”

Section: Introductionmentioning

confidence: 99%

Website Fingerprinting Defenses at the Application Layer

Cherubin

Hayes

Juárez

2017

Proceedings on Privacy Enhancing Technologies

Self Cite

View full text Add to dashboard Cite

Website Fingerprinting (WF) allows a passive network adversary to learn the websites that a client visits by analyzing traffic patterns that are unique to each website. It has been recently shown that these attacks are particularly effective against .onion sites, anonymous web servers hosted within the Tor network. Given the sensitive nature of the content of these services, the implications of WF on the Tor network are alarming. Prior work has only considered defenses at the client-side arguing that web servers lack of incentives to adopt countermeasures. Furthermore, most of these defenses have been designed to operate on the stream of network packets, making practical deployment difficult. In this paper, we propose two application-level defenses including the first server-side defense against WF, as .onion services have incentives to support it. The other defense is a lightweight client-side defense implemented as a browser add-on, improving ease of deployment over previous approaches. In our evaluations, the server-side defense is able to reduce WF accuracy on Tor .onion sites from 69.6% to 10% and the client-side defense reduces accuracy from 64% to 31.5%.

show abstract

Introduction

2016

Information Hiding in Communication Networks: Fundamentals, Mechanisms, Applications, and Countermeasures

View full text Add to dashboard Cite

A Critical Evaluation of Website Fingerprinting Attacks

Cited by 248 publications

References 22 publications

Toward an Efficient Website Fingerprinting Defense

Toward an Efficient Website Fingerprinting Defense

Website Fingerprinting Defenses at the Application Layer

Introduction

Contact Info

Product

Resources

About