a critical evaluation of website fingerprinting attacks
play

A Critical Evaluation of Website Fingerprinting Attacks Marc Juarez - PowerPoint PPT Presentation

Jul 04, 2023 •180 likes •687 views

A Critical Evaluation of Website Fingerprinting Attacks Marc Juarez 1 Sadia Afroz 2 Gunes Acar 1 Claudia Diaz 1 Rachel Greenstadt 3 1 KU Leuven, ESAT/COSIC and iMinds, Leuven, Belgium 2 UC Berkeley, US 3 Drexel University, US CCS 2014, Scottsdale,

  1. A Critical Evaluation of Website Fingerprinting Attacks Marc Juarez 1 Sadia Afroz 2 Gunes Acar 1 Claudia Diaz 1 Rachel Greenstadt 3 1 KU Leuven, ESAT/COSIC and iMinds, Leuven, Belgium 2 UC Berkeley, US 3 Drexel University, US CCS 2014, Scottsdale, AZ, USA, November 4, 2014

  2. Introduction: how does WF work? Tor Web User Adversary User = Alice Webpage = ?? 2

  3. Why is WF so important? ● Tor as the most advanced anonymity network ● Allows an adversary to discover the browsing history ● Series of successful attacks ● Low cost to the adversary Number of top conference publications on WF (25) 3

  4. Introduction: unrealistic assumptions Tor Client settings : e.g., browsing behaviour Web User Adversary 4

  5. Introduction: unrealistic assumptions Tor Web Adversary : User e.g., replicability Adversary 4

  6. Introduction: unrealistic assumptions Tor Web : e.g., staleness Web User Adversary 4

  7. Contributions ● A critical analysis of the assumptions ● Evaluation of variables that affect accuracy ● An approach to reduce false positives ● A model of the adversary’s cost 5

  8. Methodology ● Based on Wang and Goldberg’s ○ Batches and k-fold cross-validation ○ Fast-levenshtein attack (SVM) ● Comparative experiments ○ Key: isolate variable under evaluation (e.g., TBB version) 6

  9. Comparative experiments: example ● Step 1: ● Step 2: 7

  10. Comparative experiments: example ● Step 1: Train: on data with default value Acc. Control Test: on data with default value ● Step 2: 7

  11. Comparative experiments: example ● Step 1: Train: on data with default value Test: on data with value of interest Acc. Test ● Step 2: 7

  12. Datasets ● Alexa Top Sites ● Active Linguistic Authentication Dataset (ALAD) ○ Real-world users (80 users, 40K unique URLs) ○ Training on Alexa and testing on ALAD? 8

  13. Datasets ● Alexa Top Sites ● Active Linguistic Authentication Dataset (ALAD) ○ Real-world users (80 users, 40K unique URLs) ○ Training on Alexa and testing on ALAD? 45% not in Alexa top 100 Prohibitive number of FPs 8

  14. Experiments: multitab browsing ● FF users use average 2 or 3 tabs 9

  15. Experiments: multitab browsing ● FF users use average 2 or 3 tabs ● Experiment with 2 tabs: 0.5s, 3s, 5s 9

  16. Experiments: multitab browsing ● FF users use average 2 or 3 tabs ● Experiment with 2 tabs: 0.5s, 3s, 5s 9

  17. Experiments: multitab browsing Foreground Foreground Background Background ● FF users use average 2 or 3 tabs ● Experiment with 2 tabs: 0.5s, 3s, 5s ● Background page picked at random 9

  18. Experiments: multitab browsing ● FF users use average 2 or 3 tabs ● Experiment with 2 tabs: 0.5s, 3s, 5s ● Background page picked at random ● Success: detection of either page 9

  19. Experiments: multitab browsing Accuracy for different time gaps Tab 1 Tab 2 77.08% BW Time 9.8% 7.9% 8.23% Control Test (3s) Test (0.5s) Test (5s) 10

  20. Experiments: TBB versions ● Coexisting Tor Browser Bundle (TBB) versions ● Versions: 2.4.7, 3.5 and 3.5.2.1 (changes in RP, etc.) 11

  21. Experiments: TBB versions ● Coexisting Tor Browser Bundle (TBB) versions Latest version of RP ● Versions: 2.4.7, 3.5 and 3.5.2.1 (changes in RP, etc.) 79.58% 66.75% 6.51% Control Test Test (3.5.2.1) (3.5) (2.4.7) 11

  22. Experiments: network conditions VM Leuven VM New York VM Singapore KU Leuven DigitalOcean (virtual private servers) 12

  23. Experiments: network conditions VM Leuven VM New York VM Singapore 66.95% 8.83% Control (LVN) Test (NY) 12

  24. Experiments: network conditions VM Leuven VM New York VM Singapore 66.95% 9.33% Control (LVN) Test (SI) 12

  25. Experiments: network conditions VM Leuven VM New York VM Singapore 76.40% 68.53% Control (SI) Test (NY) 12

  26. Experiments: entry guard config. ● What entry config. works better for training? ● 3 configs.: ○ Fix 1 entry guard ○ Pick entry from a list of 3 entries guards (default) ○ Pick entry from all possible entries guards (Wang and Goldberg) 13

  27. Experiments: entry guard config. Accuracy for different entry guard configurations 70.38% 64.40% 62.70% any 3 entry 1 entry guards guard 14

  28. Experiments: data staleness Staleness of our collected data over 90 days Less than 50% after 9d. Accuracy (%) Time (days) 15

  29. Summary 16

  30. The base rate fallacy: example ● Breathalyzer test: ○ 0.88 identifies truly drunk drivers (true positives) ○ 0.05 false positives ● Alice gives positive in the test ○ What is the probability that she is indeed drunk? ( BDR ) ○ Is it 0.95? Is it 0.88? Something in between? 17

  31. The base rate fallacy: example ● Breathalyzer test: ○ 0.88 identifies truly drunk drivers (true positives) ○ 0.05 false positives ● Alice gives positive in the test ○ What is the probability that she is indeed drunk? ( BDR ) Only 0.1! ○ Is it 0.95? Is it 0.88? Something in between? 17

  32. The base rate fallacy: example ● Circumference represents the world of drivers. ● Each dot represents a driver. 18

  33. The base rate fallacy: example ● 1% of drivers are driving drunk ( base rate or prior ). 19

  34. The base rate fallacy: example ● From drunk people 88% are identified as drunk by the test 20

  35. The base rate fallacy: example ● From the not drunk people, 5% are erroneously identified as drunk 21

  36. The base rate fallacy: example ● Alice must be within the black circumference ● Ratio of red dots within the black circumference: BDR = 7/70 = 0.1 ! 22

  37. The base rate fallacy in WF ● Base rate must be taken into account ● In WF: ○ Blue: webpages ○ Red: monitored ○ Base rate? 23

  38. The base rate fallacy in WF ● Probability of visiting a monitored page? ● “false positives matter a lot” 1 ● Experiment: 35K world 1 Mike Perry, “A Critique of Website Traffic Fingerprinting Attacks”, Tor project Blog, 2013. https://blog. torproject.org/blog/critique-website-traffic-fingerprinting-attacks. 24

  39. Experiment: BDR in a 35K world ● Uniform world ● Non-popular pages from ALAD Size of the world 25

  40. Classify, but verify ● Verification step to test classifier confidence ● Number of FPs reduced 397-42 (400) ● But BDR is still very low for non popular pages 26

  41. Cost for the adversary ● Adversary’s cost will depend on: ○ Number of pages 27

  42. Versions of a page: St Valentine’s doodle Total trace size 10 5 0 700 800 900 1000 1100 (KBytes) 13 Feb 2013 14 Feb 2013 28

  43. Cost for the adversary ● Adversary’s cost will depend on: ○ Number of pages ○ Number of targets 29

  44. Non-targeted attacks Tor Users Web . . . ISP router 30

  45. Cost for the adversary ● Adversary’s cost will depend on: ○ Number of pages ○ Number of targets ○ Training and testing complexities 31

  46. Cost for the adversary ● Adversary’s cost will depend on: ○ Number of pages ○ Number of targets ○ Training and testing complexities ● To maintain a successful WF system is costly 32

  47. Limitations ● We took samples and may not be representative of all possible practical scenarios ● Variables difficult to control ○ Time gap ○ Tor circuit 33

  48. Conclusions ● WF attack fails in realistic conditions ● We do not completely dismiss the attack ● Attack can be enhanced at a greater cost ● Defenses might be cheaper in practice 34

  49. Thank you for your attention. Questions?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Website fingerprinting attacks against Tor Browser Bundle: a comparison between HTTP/1.1 and

Website fingerprinting attacks against Tor Browser Bundle: a comparison between HTTP/1.1 and

Tor website fingerprinting Website fingerprinting attacks against Tor Browser Bundle: a comparison between HTTP/1.1 and HTTP/2 T.T.N. Marks BSc. K.C.N. Halvemaan BSc. University of Amsterdam System and Network Engineering Research Project #1

664 views • 32 slides
Website Fingerprinting Attacks and Defenses in the Tor Onion Space Marc Juarez imec-COSIC KU

Website Fingerprinting Attacks and Defenses in the Tor Onion Space Marc Juarez imec-COSIC KU

Website Fingerprinting Attacks and Defenses in the Tor Onion Space Marc Juarez imec-COSIC KU Leuven COSIC Seminar - 23rd October 2017, Leuven Introduction Contents of this presentation: - PETS17: Website Fingerprinting Defenses at

658 views • 44 slides
Website fingerprinting on Tor: attacks and defenses Claudia Diaz KU Leuven Joint work with: Marc

Website fingerprinting on Tor: attacks and defenses Claudia Diaz KU Leuven Joint work with: Marc

Website fingerprinting on Tor: attacks and defenses Claudia Diaz KU Leuven Joint work with: Marc Juarez , Sadia Afroz, Gunes Acar, Rachel Greenstadt, Mohsen Imani, Mike Perry, Matthew Wright Post-Snowden Cryptography Workshop Brussels, December

754 views • 52 slides
k -fingerprinting: a Robust Scalable Website Fingerprinting Technique George Danezis Jamie Hayes

k -fingerprinting: a Robust Scalable Website Fingerprinting Technique George Danezis Jamie Hayes

k -fingerprinting: a Robust Scalable Website Fingerprinting Technique George Danezis Jamie Hayes University College London August 12, 2016 1/24 How does website fingerprinting work? - Training Tor network Relay 2 Adversary Relay 1

988 views • 24 slides
Feature Selection in Website Fingerprinting Junhua Yan Advisor: Prof. Jasleen Kaur July 24,

Feature Selection in Website Fingerprinting Junhua Yan Advisor: Prof. Jasleen Kaur July 24,

Feature Selection in Website Fingerprinting Junhua Yan Advisor: Prof. Jasleen Kaur July 24, 2019 1/23 Website Fingerprinting Goal: determine the visited website by inspecting network traffic on client side client web Figure: Attacker

831 views • 59 slides
Bayes, not Nave Security Bounds on Website Fingerprinting Defenses Giovanni Cherubin Privacy

Bayes, not Nave Security Bounds on Website Fingerprinting Defenses Giovanni Cherubin Privacy

Bayes, not Nave Security Bounds on Website Fingerprinting Defenses Giovanni Cherubin Privacy Enhancing Technologies Symposium Minneapolis, Minnesota, USA 19 July, 2017 @gchers Website Fingerprinting (WF) Encrypted Tunnel Victim

400 views • 20 slides
Lab 5: Shark Attacks, Again! DNA Fingerprinting to the Rescue Notebook Lab Objectives

Lab 5: Shark Attacks, Again! DNA Fingerprinting to the Rescue Notebook Lab Objectives

Lab 5: Shark Attacks, Again! DNA Fingerprinting to the Rescue Notebook Lab Objectives Develop an understanding of the basic techniques used to study genetic polymorphisms encoded in DNA Gain familiarity with Restriction Fragment Length

436 views • 15 slides
Lab 5: Shark Attacks, Again! DNA Fingerprinting to the Rescue Notebook Lab Objectives

Lab 5: Shark Attacks, Again! DNA Fingerprinting to the Rescue Notebook Lab Objectives

Lab 5: Shark Attacks, Again! DNA Fingerprinting to the Rescue Notebook Lab Objectives Develop an understanding of the basic techniques used to study genetic polymorphisms encoded in DNA Gain familiarity with Restriction Fragment Length

659 views • 27 slides
Morellian Analysis for Browsers: Making Web Authentication Stronger With Canvas Fingerprinting

Morellian Analysis for Browsers: Making Web Authentication Stronger With Canvas Fingerprinting

Morellian Analysis for Browsers: Making Web Authentication Stronger With Canvas Fingerprinting Pierre Laperdrix , Gildas Avoine, Benoit Baudry, Nick Nikiforakis DIMVA 2019 In Introduction Web attacks and data breaches 2 Attacks on the

945 views • 66 slides
Website Fingerprinting Attacking Popular Privacy Enhancing Technologies with the Multinomial

Website Fingerprinting Attacking Popular Privacy Enhancing Technologies with the Multinomial

Website Fingerprinting Attacking Popular Privacy Enhancing Technologies with the Multinomial Nave-Bayes Classifier Dominik Herrmann , Hannes Federrath Rolf Wendolsky University of Regensburg, Germany JonDos GmbH Motivation To Whom It May

901 views • 34 slides
using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis

using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis

Website Fingerprinting using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis Wiki says What is Traffic Analysis Wiki says Process of intercepting and examining messages in order to deduce

1.15k views • 41 slides
Website Fingerprinting at Internet Scale Andriy Panchenko 1 , Fabian Lanze 1 , Andreas Zinnen 2 ,

Website Fingerprinting at Internet Scale Andriy Panchenko 1 , Fabian Lanze 1 , Andreas Zinnen 2 ,

Website Fingerprinting at Internet Scale Andriy Panchenko 1 , Fabian Lanze 1 , Andreas Zinnen 2 , Martin Henze 3 , Jan Pennekamp 1 , Klaus Wehrle 3 , Thomas Engel 1 1 Interdisciplinary Centre for Security, Reliability and Trust (SnT), Luxembourg 2

567 views • 23 slides
Website Fingerprinting Defenses at the Application Layer Giovanni Cherubin 1 Jamie Hayes 2 Marc

Website Fingerprinting Defenses at the Application Layer Giovanni Cherubin 1 Jamie Hayes 2 Marc

Website Fingerprinting Defenses at the Application Layer Giovanni Cherubin 1 Jamie Hayes 2 Marc Juarez 3 1 Royal Holloway University of London 2 University College London 3 imec-COSIC KU Leuven 19th July 2017, PETS17, Minneapolis, MN, USA

735 views • 17 slides
Website Fingerprinting Defenses at the Application Layer Giovanni Cherubin 1 Jamie Hayes 2 Marc

Website Fingerprinting Defenses at the Application Layer Giovanni Cherubin 1 Jamie Hayes 2 Marc

Website Fingerprinting Defenses at the Application Layer Giovanni Cherubin 1 Jamie Hayes 2 Marc Juarez 3 1 Royal Holloway University of London 2 University College London 3 KU Leuven, ESAT/COSIC and imec (to appear in PoPETS 2017) Talk in the

532 views • 20 slides
Hold The Door! Fingerprinting Your Car Key to Prevent Keyless Entry Car Theft Kyungho Joo*

Hold The Door! Fingerprinting Your Car Key to Prevent Keyless Entry Car Theft Kyungho Joo*

Hold The Door! Fingerprinting Your Car Key to Prevent Keyless Entry Car Theft Kyungho Joo* Wonsuk Choi* Dong Hoon Lee Korea University * Co-first Authors Outline Introduction Attack Model Our Method Evaluation Discussion

627 views • 34 slides
Hold The Door! Fingerprinting Your Car Key to Prevent Keyless Entry Car Theft Kyungho Joo*

Hold The Door! Fingerprinting Your Car Key to Prevent Keyless Entry Car Theft Kyungho Joo*

Hold The Door! Fingerprinting Your Car Key to Prevent Keyless Entry Car Theft Kyungho Joo* Wonsuk Choi* Dong Hoon Lee Korea University * Co-first Authors Outline Introduction Attack Model Our Method Evaluation Discussion

487 views • 37 slides
Mi#ga#ng Browser Fingerprint Tracking: Mul#-level Reconfigura#on

Mi#ga#ng Browser Fingerprint Tracking: Mul#-level Reconfigura#on

Mi#ga#ng Browser Fingerprint Tracking: Mul#-level Reconfigura#on and Diversifica#on Pierre Laperdrix, Walter Rudametkin, Benoit Baudry Seams May, 19th

638 views • 25 slides
Homomorphic Sketches Shrinking Big Data without Sacrificing Structure Andrew McGregor University

Homomorphic Sketches Shrinking Big Data without Sacrificing Structure Andrew McGregor University

Homomorphic Sketches Shrinking Big Data without Sacrificing Structure Andrew McGregor University of Massachusetts ?=? Can test whether two n bit files are identical by comparing O(log n) bit fingerprints of each file. ? ? More generally,

721 views • 24 slides
VISABIO : French Biometric Visa System 1 CONTENTS Lessons learnt from the BIODEV 1 Pilot

VISABIO : French Biometric Visa System 1 CONTENTS Lessons learnt from the BIODEV 1 Pilot

VISABIO : French Biometric Visa System 1 CONTENTS Lessons learnt from the BIODEV 1 Pilot Project The VISABIO project : Perimeter, schedule, challenges Toward the future : connecting to the VIS project and automates at the border,

297 views • 13 slides
Fingerprints in Compressed Strings (In Proc. WADS 2013) Philip Bille 1 , Patrick Hagge Cording 1 ,

Fingerprints in Compressed Strings (In Proc. WADS 2013) Philip Bille 1 , Patrick Hagge Cording 1 ,

Fingerprints in Compressed Strings (In Proc. WADS 2013) Philip Bille 1 , Patrick Hagge Cording 1 , Inge Li Grtz 1 , Benjamin Sach 2 , Hjalte Wedel Vildhj 1 and Sren Vind 1 1 Technical University of Denmark, DTU Compute, {

279 views • 15 slides
CS 528 Mobile and Ubiquitous Computing Lecture 10b: Mobile Security and Mobile Measurements

CS 528 Mobile and Ubiquitous Computing Lecture 10b: Mobile Security and Mobile Measurements

CS 528 Mobile and Ubiquitous Computing Lecture 10b: Mobile Security and Mobile Measurements Emmanuel Agu Authentication using Biometrics Biometrics Passwords tough to remember, manage Many users have simple passwords (e.g. 1234) or do

780 views • 54 slides
Biometrics Outline Biometrics What is a Biometric Signature? What is an Authentication

Biometrics Outline Biometrics What is a Biometric Signature? What is an Authentication

Biometrics Outline Biometrics What is a Biometric Signature? What is an Authentication System? How does a Biometric System work? Biometric Comparisons Types of Biometrics Fingerprint-Scan Iris-Scan 2 BIOMETRICS

568 views • 36 slides
AniFilter: Parallel and Failure-Atomic Cuckoo Filter for Non-Volatile Memories Hyungjun Oh 1 ,

AniFilter: Parallel and Failure-Atomic Cuckoo Filter for Non-Volatile Memories Hyungjun Oh 1 ,

AniFilter: Parallel and Failure-Atomic Cuckoo Filter for Non-Volatile Memories Hyungjun Oh 1 , Bongki Cho 1 , Changdae Kim 2 , Heejin Park 1 , Jiwon Seo 1 1 2 1 Ou Outline NVM and AMQs Cuckoo Filter Optimizations in AniFilter

1.18k views • 58 slides
(VALSE webinar, 2016.1.13)

(VALSE webinar, 2016.1.13)

(VALSE webinar, 2016.1.13) http://ivg.au.tsinghua.edu.cn/~jfeng/ 1. 2. 3. Human

918 views • 52 slides

More recommend