website fingerprinting attacks against tor browser bundle
play

Website fingerprinting attacks against Tor Browser Bundle: a - PowerPoint PPT Presentation

Aug 04, 2023 •330 likes •664 views

Tor website fingerprinting Website fingerprinting attacks against Tor Browser Bundle: a comparison between HTTP/1.1 and HTTP/2 T.T.N. Marks BSc. K.C.N. Halvemaan BSc. University of Amsterdam System and Network Engineering Research Project #1

  1. Tor website fingerprinting Website fingerprinting attacks against Tor Browser Bundle: a comparison between HTTP/1.1 and HTTP/2 T.T.N. Marks BSc. K.C.N. Halvemaan BSc. University of Amsterdam System and Network Engineering Research Project #1 February 8, 2017

  2. Tor website fingerprinting Overview Introduction 1 Research questions HTTP/2 How does Tor work? Related work 2 Method 3 URLs Scraping with TBB Problems after scraping Converting packet captures to traces Training the SVM Results 4 Conclusion 5 Discussion & Future work 6 References 7

  3. Tor website fingerprinting Introduction Introduction 1 Tor: The second generation onion router 2 ”Tor is free software and an open network that helps you defend against traffic analysis , a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security.” 1 3 Often used as part of the Tor Browser Bundle (TBB). 1 https://www.torproject.org/ , retrieved on 2017-02-02.

  4. Tor website fingerprinting Introduction Problem statement 1 Website fingerprinting possible despite encryption and obfuscation techniques. 2 An eavesdropper might learn which website you have visited based on the meta data of the encrypted TCP/IP stream. 3 The web is moving from HTTP/1.1 to HTTP/2, what does this mean for website fingerprinting? 4 HTTP/2 still disabled in the TBB by default because code is not audited and possible security implications are unclear.

  5. Tor website fingerprinting Introduction Research questions Research questions 1 Can a website fingerprinting attack be done on a TBB enabled with HTTP/2? 2 Is there a difference in website fingerprinting attacks on a TBB enabled with just HTTP/1.1 and a TBB enabled with HTTP/2?

  6. Tor website fingerprinting Introduction HTTP/2 What is new in HTTP/2? 1 Mandatory HTTPS in all major browsers (de facto standard 2 ). 2 Data compression of HTTP headers. 3 Prioritisation of requests . 4 Multiplexing multiple requests over a single TCP/IP connection . 2 https://http2.github.io/faq/#does-http2-require-encryption , retrieved on 2017-02-03.

  7. Tor website fingerprinting Introduction How does Tor work? How Tor works.

  8. Tor website fingerprinting Introduction How does Tor work? Website fingerprinting

  9. Tor website fingerprinting Related work Related work 1 Fingerprinting encrypted HTTP traffic (Liberatore and Levine, 2006).

  10. Tor website fingerprinting Related work Related work 1 Fingerprinting encrypted HTTP traffic (Liberatore and Levine, 2006). 2 Extended to Tor by Herrmann et al. (2009).

  11. Tor website fingerprinting Related work Related work 1 Fingerprinting encrypted HTTP traffic (Liberatore and Levine, 2006). 2 Extended to Tor by Herrmann et al. (2009). 3 Improved by Panchenko et al. (2011) by using a Support Vector Machine.

  12. Tor website fingerprinting Related work Related work 1 Fingerprinting encrypted HTTP traffic (Liberatore and Levine, 2006). 2 Extended to Tor by Herrmann et al. (2009). 3 Improved by Panchenko et al. (2011) by using a Support Vector Machine. 4 Various defenses were discussed by Cai et al. (2012), of which the ’padding defense’ was implemented in Tor.

  13. Tor website fingerprinting Related work Related work 1 Fingerprinting encrypted HTTP traffic (Liberatore and Levine, 2006). 2 Extended to Tor by Herrmann et al. (2009). 3 Improved by Panchenko et al. (2011) by using a Support Vector Machine. 4 Various defenses were discussed by Cai et al. (2012), of which the ’padding defense’ was implemented in Tor. 5 A review of earlier methods was given in Wang and Goldberg (2013), their results were better but unrealistic setting.

  14. Tor website fingerprinting Related work Related work 1 Fingerprinting encrypted HTTP traffic (Liberatore and Levine, 2006). 2 Extended to Tor by Herrmann et al. (2009). 3 Improved by Panchenko et al. (2011) by using a Support Vector Machine. 4 Various defenses were discussed by Cai et al. (2012), of which the ’padding defense’ was implemented in Tor. 5 A review of earlier methods was given in Wang and Goldberg (2013), their results were better but unrealistic setting. 6 The previous work on Tor was done by looking at HTTP/1.1 traffic.

  15. Tor website fingerprinting Method Overview Introduction 1 Related work 2 Method 3 Results 4 Conclusion 5 Discussion & Future work 6 References 7

  16. Tor website fingerprinting Method Overall Implementation 1 Get a list of websites supporting HTTP/2. 2 Visit each website 40 times in TBB for both HTTP/1.1 and HTTP/2: Make packet capture and save corresponding HTTP Headers. 1 Convert packet captures to “traces”. 2 3 Calculate distance between traces. 4 Use distances to train a SVM and use it to predict unseen traces.

  17. Tor website fingerprinting Method URLs URLs 1 Alexa top million websites of 2017-01-14. 2 Test top 5000 with curl for HTTP/2 responses. 3 1110 of 5000 websites were HTTP/2 capable. 4 All Google TLDs were removed, except ”google.com”. 5 Top 130 of the HTTP/2 enabled websites were retrieved.

  18. Tor website fingerprinting Method Scraping with TBB Setup

  19. Tor website fingerprinting Method Problems after scraping Problems after scraping 1 Invalid captures, that were removed from our sample. Websites redirecting to plain http:// . 1 Websites using Cloudflare, as they would show a captcha 2 screen by default. Websites that failed to load completely more than 25% of the 3 time. 2 Left us with 56 of 130 websites scraped.

  20. Tor website fingerprinting Method Converting packet captures to traces Converting packet captures to traces 1 Based on method by Wang and Goldberg (2013). 2 Check HTTP Archive (HAR) content and verify HTTP version and status OK. 3 Filter out retransmitted and out-of-order TCP/IP packets. 4 One or more Tor cells in TCP/IP packet, extracted by rounding length of data in bytes to nearest multiple of 512 and dividing by 512. 5 Direction indicated with sign: negative for incoming and positive for outgoing. 6 Resulting trace is a list of only 1’s and -1’s indicating the direction, order and frequency of Tor cells for a specific website. 7 Still some “noise” left in traces due to SENDME Tor cells.

  21. Tor website fingerprinting Method Training the SVM Training the SVM 1 Distance between traces calculated with the optimal string aligment distance (Wang and Goldberg, 2013). Took about four hours to compute on the DAS5 1 supercomputer using 10 nodes (Bal et al., 2016). 2 Train and test the SVM in closed world model. 36 training cases and 4 testing cases for each site. 1 10-fold cross validation with one accuracy value for each of the 2 folds, so 10 accuracy’s per tested set.

  22. Tor website fingerprinting Results Results Test HTTP/1.1 HTTP/2 Train HTTP/1.1 x = 88 . 036 % s = 2 . 0164 % x = 64 . 687% s = 6 . 6631% HTTP/2 x = 54 . 667% s = 3 . 5286% x = 86 . 485 % s = 3 . 0871 %

  23. Tor website fingerprinting Results Results Test HTTP/1.1 HTTP/2 Train HTTP/1.1 x = 88 . 036 % s = 2 . 0164 % x = 64 . 687% s = 6 . 6631% HTTP/2 x = 54 . 667% s = 3 . 5286% x = 86 . 485 % s = 3 . 0871 % 1 HTTP/1.1 by Wang and Goldberg (2013): x = 90% s = 6%

  24. Tor website fingerprinting Results Results Test HTTP/1.1 HTTP/2 Train HTTP/1.1 x = 88 . 036 % s = 2 . 0164 % x = 64 . 687% s = 6 . 6631% HTTP/2 x = 54 . 667% s = 3 . 5286% x = 86 . 485 % s = 3 . 0871 % 1 HTTP/1.1 by Wang and Goldberg (2013): x = 90% s = 6% 2 Paired t-test of accuracy’s between the HTTP/1.1 and HTTP/2 sets: p value = 0 . 19392, with α = 0 . 05. The difference is not statistically significant: p value > α .

  25. Tor website fingerprinting Conclusion Conclusion 1 It is possible to do a website fingerprinting attack on a TBB enabled with HTTP/2 in a closed-world scenario. 2 For a website fingerprinting attack on a TBB enabled with HTTP/2 the decrease in accuracy was minimal compared to a TBB enabled with just HTTP/1.1.

  26. Tor website fingerprinting Discussion & Future work Discussion & Future work 1 Closed-world scenario not realistic and experiments do not conform with human browsing habits (Juarez et al., 2014). 2 Some websites are hard to fingerprint due to: A/B testing, localisation and/or random content. 3 An attacker would need to continually keep his model up-to-date due to changing websites. 4 HTTP/2 prioritisation could be used to randomise traffic and increase fingerprinting difficulty.

  27. Tor website fingerprinting Discussion & Future work Thank you for listening! Thank you for listening! Are there any questions?

  28. Tor website fingerprinting Discussion & Future work Optimal string aligment distance Figure: As in Appendix B of Wang and Goldberg (2013).

  29. Tor website fingerprinting References References I ”How Tor works” images on slides 7 based on ”How Tor Works” images from https://www.torproject.org/about/overview . Devil, Py, Coding, Monitor and Onion icons in figure on slide 8, 13 and 7 made by Freepik from www.flaticon.com and is licensed by CC 3.0 BY. Server and Folder icons in figure on slide 13 and 7 made by Madebyoliver from www.flaticon.com and is licensed by CC 3.0 BY.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Website Fingerprinting Attacks and Defenses in the Tor Onion Space Marc Juarez imec-COSIC KU

Website Fingerprinting Attacks and Defenses in the Tor Onion Space Marc Juarez imec-COSIC KU

Website Fingerprinting Attacks and Defenses in the Tor Onion Space Marc Juarez imec-COSIC KU Leuven COSIC Seminar - 23rd October 2017, Leuven Introduction Contents of this presentation: - PETS17: Website Fingerprinting Defenses at

658 views • 44 slides
Website fingerprinting on Tor: attacks and defenses Claudia Diaz KU Leuven Joint work with: Marc

Website fingerprinting on Tor: attacks and defenses Claudia Diaz KU Leuven Joint work with: Marc

Website fingerprinting on Tor: attacks and defenses Claudia Diaz KU Leuven Joint work with: Marc Juarez , Sadia Afroz, Gunes Acar, Rachel Greenstadt, Mohsen Imani, Mike Perry, Matthew Wright Post-Snowden Cryptography Workshop Brussels, December

754 views • 52 slides
A Critical Evaluation of Website Fingerprinting Attacks Marc Juarez 1 Sadia Afroz 2 Gunes Acar 1

A Critical Evaluation of Website Fingerprinting Attacks Marc Juarez 1 Sadia Afroz 2 Gunes Acar 1

A Critical Evaluation of Website Fingerprinting Attacks Marc Juarez 1 Sadia Afroz 2 Gunes Acar 1 Claudia Diaz 1 Rachel Greenstadt 3 1 KU Leuven, ESAT/COSIC and iMinds, Leuven, Belgium 2 UC Berkeley, US 3 Drexel University, US CCS 2014, Scottsdale,

687 views • 49 slides
k -fingerprinting: a Robust Scalable Website Fingerprinting Technique George Danezis Jamie Hayes

k -fingerprinting: a Robust Scalable Website Fingerprinting Technique George Danezis Jamie Hayes

k -fingerprinting: a Robust Scalable Website Fingerprinting Technique George Danezis Jamie Hayes University College London August 12, 2016 1/24 How does website fingerprinting work? - Training Tor network Relay 2 Adversary Relay 1

988 views • 24 slides
Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting Soroush Karami ,

Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting Soroush Karami ,

Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting Soroush Karami , Panagiotis Ilia, Konstantinos Solomos, Jason Polakis University of Illinois at Chicago, USA skaram5@uic.edu February 24, 2020 Browser extensions

886 views • 30 slides
Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting Soroush Karami ,

Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting Soroush Karami ,

Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting Soroush Karami , Panagiotis Ilia, Konstantinos Solomos, Jason Polakis University of Illinois at Chicago, USA skaram5@uic.edu February 24, 2020 Browser extensions

492 views • 28 slides
Br Browser fi fingerprinting Nataliia Bielova @nataliabielova February 12

Br Browser fi fingerprinting Nataliia Bielova @nataliabielova February 12

Br Browser fi fingerprinting Nataliia Bielova @nataliabielova February 12 th , 2019 Security and ethical aspects of data Universit Cote d'Azur Todays class A brief history

534 views • 38 slides
Feature Selection in Website Fingerprinting Junhua Yan Advisor: Prof. Jasleen Kaur July 24,

Feature Selection in Website Fingerprinting Junhua Yan Advisor: Prof. Jasleen Kaur July 24,

Feature Selection in Website Fingerprinting Junhua Yan Advisor: Prof. Jasleen Kaur July 24, 2019 1/23 Website Fingerprinting Goal: determine the visited website by inspecting network traffic on client side client web Figure: Attacker

831 views • 59 slides
Bayes, not Nave Security Bounds on Website Fingerprinting Defenses Giovanni Cherubin Privacy

Bayes, not Nave Security Bounds on Website Fingerprinting Defenses Giovanni Cherubin Privacy

Bayes, not Nave Security Bounds on Website Fingerprinting Defenses Giovanni Cherubin Privacy Enhancing Technologies Symposium Minneapolis, Minnesota, USA 19 July, 2017 @gchers Website Fingerprinting (WF) Encrypted Tunnel Victim

400 views • 20 slides
06. Protect ction from Browser fi fingerprinting Nataliia

06. Protect ction from Browser fi fingerprinting Nataliia

06. Protect ction from Browser fi fingerprinting Nataliia Bielova @nataliabielova September 17 th =21 st , 2018 Web Privacy course University of Trento Nataliia Bielova

857 views • 20 slides
Lab 5: Shark Attacks, Again! DNA Fingerprinting to the Rescue Notebook Lab Objectives

Lab 5: Shark Attacks, Again! DNA Fingerprinting to the Rescue Notebook Lab Objectives

Lab 5: Shark Attacks, Again! DNA Fingerprinting to the Rescue Notebook Lab Objectives Develop an understanding of the basic techniques used to study genetic polymorphisms encoded in DNA Gain familiarity with Restriction Fragment Length

436 views • 15 slides
Lab 5: Shark Attacks, Again! DNA Fingerprinting to the Rescue Notebook Lab Objectives

Lab 5: Shark Attacks, Again! DNA Fingerprinting to the Rescue Notebook Lab Objectives

Lab 5: Shark Attacks, Again! DNA Fingerprinting to the Rescue Notebook Lab Objectives Develop an understanding of the basic techniques used to study genetic polymorphisms encoded in DNA Gain familiarity with Restriction Fragment Length

659 views • 27 slides
FPRandom: Randomizing core browser objects to break advanced device fingerprinting techniques

FPRandom: Randomizing core browser objects to break advanced device fingerprinting techniques

FPRandom: Randomizing core browser objects to break advanced device fingerprinting techniques Pierre Laperdrix, Benoit Baudry, Vikas Mishra Outline 1) What is fingerprint-based tracking? 2) Randomizing core browser objects a. Generating

245 views • 22 slides
Social Fingerprinting Browser Id Proxy Piercing Device Id

Social Fingerprinting Browser Id Proxy Piercing Device Id

Email Verification Mobile Location Deep Location Site Velocity & Behaviour Social Fingerprinting Browser Id Proxy Piercing Device Id Domain Lookup VLR/HLR Lookup IP

511 views • 13 slides
2007 Self morphing viruses 2009 - The Zeus virus Man in the browser attacks no

2007 Self morphing viruses 2009 - The Zeus virus Man in the browser attacks no

2007 Self morphing viruses 2009 - The Zeus virus Man in the browser attacks no browser is safe 2011 300% increase in cyber attacks Who they are Why they do it Who are the targets Our filter processes 3 billion

407 views • 17 slides
Using Guided Missiles in Drive-bys Automatic browser fingerprinting and exploitation with the

Using Guided Missiles in Drive-bys Automatic browser fingerprinting and exploitation with the

Using Guided Missiles in Drive-bys Automatic browser fingerprinting and exploitation with the Metasploit Framework James Lee # whoami James Lee egypt Developer, Metasploit Project Co-Founder, Teardrop Security Member,

738 views • 35 slides
CyRIS Kickstart Nathan Clague, Michael Krantz, Zach Patzwald, Max Philips, Micah Stevenson,

CyRIS Kickstart Nathan Clague, Michael Krantz, Zach Patzwald, Max Philips, Micah Stevenson,

CyRIS Kickstart Nathan Clague, Michael Krantz, Zach Patzwald, Max Philips, Micah Stevenson, Jake Roman, David Vriezen I. Content Manager II. Feeds . III. Staff Directory IV. Campus Map V. Camera App Content Manager: Overview

357 views • 23 slides
WDC-SILSO: An unprecedented modernization of the sunspot record Frdric Clette, Laure

WDC-SILSO: An unprecedented modernization of the sunspot record Frdric Clette, Laure

ROB STCE WDC-SILSO: An unprecedented modernization of the sunspot record Frdric Clette, Laure Lefvre World Data Center SILSO, Royal Observatory of Belgium, Brussels Sunspot number: origins and applications RADIO SPACE TELESCOPE:

443 views • 8 slides
How THP-Plus Providers, Youth Shelters & Campuses Can Use New State Funding to Address Youth

How THP-Plus Providers, Youth Shelters & Campuses Can Use New State Funding to Address Youth

How THP-Plus Providers, Youth Shelters & Campuses Can Use New State Funding to Address Youth September 19, 2019 Homelessness 10:00 to 11:30 September 18, 2019 10:00 to 11:30 a.m. Information to participate BIRTH RECORD VARIABLE Call-in

464 views • 45 slides
2011 Licensure Road Show Striving for Excellence; Giving Our Customers Our Best! Susan T.

2011 Licensure Road Show Striving for Excellence; Giving Our Customers Our Best! Susan T.

2011 Licensure Road Show Striving for Excellence; Giving Our Customers Our Best! Susan T. Ruiz, Director Nadine C. Ejire, Asst. Section Chief Shelia M. White, Program Manager Agenda Agenda Licensure Updates Licensure Updates

327 views • 29 slides
Junior Parent Presentation February 1, 2018 Welcome Presenters: Mrs. Yvonne Sternemann Ms.

Junior Parent Presentation February 1, 2018 Welcome Presenters: Mrs. Yvonne Sternemann Ms.

Junior Parent Presentation February 1, 2018 Welcome Presenters: Mrs. Yvonne Sternemann Ms. Jenny McKenzie Graduation Requirements 4 years of English, Social Studies and PE 3 years of Math, Science 1 year of Art/Music, Health,

612 views • 18 slides
NCGIA @ 20 NCGIA @ 20 Andr Skupin San Diego State University NCGIA @ 20 NCGIA @ 20 1. There

NCGIA @ 20 NCGIA @ 20 Andr Skupin San Diego State University NCGIA @ 20 NCGIA @ 20 1. There

NCGIA @ 20 NCGIA @ 20 Andr Skupin San Diego State University NCGIA @ 20 NCGIA @ 20 1. There be dragons! 2. I link, therefore I am! 2. I link, therefore I am! 3. Nothin but a G Thing! NCGIA @ 20 born in 88 b i 88 So you are:

425 views • 38 slides
Open Access in H2020 (22 February 2017, Barcelona meeting) Dr. Peter Tom Jones More info:

Open Access in H2020 (22 February 2017, Barcelona meeting) Dr. Peter Tom Jones More info:

Open Access in H2020 (22 February 2017, Barcelona meeting) Dr. Peter Tom Jones More info: Hannelore Vanhaverbeke, PhD Research Coordination Office hannelore.vanhaverbeke@doc.kuleuven.be Open Access mandatory in H2020 Each beneficiary must

472 views • 36 slides
Per- and Polyfluoroalkyl Substances (PFAS) Emerging Characterization and Remedial Technologies

Per- and Polyfluoroalkyl Substances (PFAS) Emerging Characterization and Remedial Technologies

General Meeting of the Federal Remediation Technologies Roundtable Per- and Polyfluoroalkyl Substances (PFAS) Emerging Characterization and Remedial Technologies U.S. Geological Survey (USGS) National Center (Headquarters) 12201 Sunrise Valley

925 views • 26 slides

More recommend