website fingerprinting on tor
play

Website fingerprinting on Tor: attacks and defenses Claudia Diaz KU - PowerPoint PPT Presentation

Apr 19, 2023 •232 likes •754 views

Website fingerprinting on Tor: attacks and defenses Claudia Diaz KU Leuven Joint work with: Marc Juarez , Sadia Afroz, Gunes Acar, Rachel Greenstadt, Mohsen Imani, Mike Perry, Matthew Wright Post-Snowden Cryptography Workshop Brussels, December

  1. Website fingerprinting on Tor: attacks and defenses Claudia Diaz KU Leuven Joint work with: Marc Juarez , Sadia Afroz, Gunes Acar, Rachel Greenstadt, Mohsen Imani, Mike Perry, Matthew Wright Post-Snowden Cryptography Workshop Brussels, December 10, 2015

  2. Metadata It’s not just about communications content: Sigint Time, duration, size, identities, location, pattern Exposed by default in communications protocols Bulk collection: size much smaller than content Machine readable, cheap to analyze, highly revealing Much lower level of legal protection Dedicated systems to protect metadata Tor network NSA program “Egotistical Giraffe”

  3. Introduction: how does WF work? Tor Web User User = Alice Adversary Webpage = ?? 2

  4. Why is WF so important? ������ ������ ���� � � ���� � � Tor as the most advanced anonymity network (according to NSA) ���� � � ���� � � ���� � � ���� � � Allows an adversary to recover users web browsing history ���� � � ���� � � ���� � � Series of successful attacks ���� � � ���� � � Weak adversary model (local adversary) Number of top conference publications on WF (30) 3

  5. Introduction: assumptions Client settings : Tor Browsing behaviour: which Web pages, one at the time User Adversary 4

  6. Introduction: assumptions Adversary : Tor Replicability system Web config, parsing (start/ User end page), clean traces Adversary 4

  7. Introduction: assumptions Web : Tor No personalisation, Web or staleness User Adversary 4

  8. Methodology Based on Wang and Goldberg’s Batches and k-fold cross-validation Fast-levenshtein attack (SVM) Comparative experiments Key: isolate variable under evaluation (e.g., TBB version) 6

  9. Comparative experiments: example ● Step 1: ● Step 2: 7

  10. Comparative experiments: example ● Step 1: Train: on data with default value Accuracy Test: on data with default value ● Step 2: Control 7

  11. Comparative experiments: example ● Step 1: Train: on data with default value Accuracy ● Step 2: Test: on data with value of interest Test 7

  12. Experiments: multitab browsing ● FF users use average 2 or 3 tabs 9

  13. Experiments: multitab browsing ● FF users use average 2 or 3 tabs ● Experiment with 2 tabs: 0.5s, 3s, 5s 9

  14. Experiments: multitab browsing ● FF users use average 2 or 3 tabs ● Experiment with 2 tabs: 0.5s, 3s, 5s 9

  15. Experiments: multitab browsing Foreground Foreground Background Background ● FF users use average 2 or 3 tabs ● Experiment with 2 tabs: 0.5s, 3s, 5s ● Background page picked at random 9

  16. Experiments: multitab browsing ● FF users use average 2 or 3 tabs ● Experiment with 2 tabs: 0.5s, 3s, 5s ● Background page picked at random for a batch ● Success: detection of either page 9

  17. Experiments: multitab browsing Accuracy for different time gaps Tab 1 Tab 2 77.08% BW Time 9.8% 7.9% 8.23% Control Test (3s) Test (0.5s) Test (5s) 10

  18. Experiments: TBB versions Coexisting Tor Browser Bundle (TBB) versions Versions: 2.4.7, 3.5 and 3.5.2.1 (changes in RP, etc.) 11

  19. Experiments: TBB versions Coexisting Tor Browser Bundle (TBB) versions Versions: 2.4.7, 3.5 and 3.5.2.1 (changes in RP, etc.) 79.58% 66.75% 6.51% Control Test Test (3.5.2.1) (3.5) (2.4.7) 11

  20. Experiments: network conditions VM Leuven VM New York VM Singapore KU Leuven DigitalOcean (virtual private servers) 12

  21. Experiments: network conditions VM Leuven VM New York VM Singapore 66.95% 8.83% Control (LVN) Test (NY) 12

  22. Experiments: network conditions VM Leuven VM New York VM Singapore 66.95% 9.33% Control (LVN) Test (SI) 12

  23. Experiments: network conditions VM Leuven VM New York VM Singapore 76.40% 68.53% Control (SI) Test (NY) 12

  24. Experiments: data staleness Staleness of our collected data over 90 days (Alexa Top 100) Less than 50% after 9d. Accuracy (%) Time (days) 15

  25. Summary 16

  26. Closed vs Open world Early prior WF works considered closed world of pages users may browse (train and test on that world) In practice: in the Tor case, extremely large universe of web pages How likely is the user (a priori) to visit a target web page? - If adversary has a good prior, the attack becomes “confirmation attack” - BUT may be hard for adversary to have a good prior, particularly for less popular pages - If the prior is not a good estimate: base rate fallacy � many false positives “False positives matter a lot” 1 1 Mike Perry, “A Critique of Website Traffic Fingerprinting Attacks”, Tor project Blog, 2013. https:// blog.torproject.org/blog/critique-website-traffic-fingerprinting-attacks.

  27. The base rate fallacy: example Breathalyzer test: 0.88 identifies truly drunk drivers (true positives) 0.05 false positives Alice gives positive in the test What is the probability that she is indeed drunk? ( BDR ) Is it 0.95? Is it 0.88? Something in between? 17

  28. The base rate fallacy: example Breathalyzer test: 0.88 identifies truly drunk drivers (true positives) 0.05 false positives Alice gives positive in the test Only 0.1! What is the probability that she is indeed drunk? ( BDR ) Is it 0.95? Is it 0.88? Something in between? 17

  29. The base rate fallacy: example ● Circumference represents the world of drivers. ● Each dot represents a driver. 18

  30. The base rate fallacy: example ● 1% of drivers are driving drunk ( base rate or prior ). 19

  31. The base rate fallacy: example ● From drunk people 88% are identified as drunk by the test 20

  32. The base rate fallacy: example ● From the not drunk people, 5% are erroneously identified as drunk 21

  33. The base rate fallacy: example ● Alice must be within the black circumference ● Ratio of red dots within the black circumference: BDR = 7/70 = 0.1 ! 22

  34. The base rate fallacy in WF Base rate must be taken into account In WF: Blue: webpages Red: monitored Base rate? 23

  35. The base rate fallacy in WF Probability of visiting a monitored page? Experiment - 4 monitored pages - Train on Alexa top 100, test on Alexa top 35K - Binary classification: monitored / non-monitored Prior probability of visiting a monitored page: - Uniform in 35K - Priors estimated from Active Linguistic Authentication Dataset (ALAD ) dataset (3,5%): Real-world users (80 users, 40K unique URLs) 24

  36. Experiment: BDR in a 35K world 0.8 ● Uniform world 0.13 ● Non-popular pages 0.026 from ALAD Size of the world 25

  37. Classify, but verify Verification step to test classifier confidence Number of FPs reduced But BDR is still very low for non popular pages 26

  38. Cost for the adversary Adversary’s cost will depend on: Number of pages (versions, personalisation) 27

  39. Cost for the adversary Adversary’s cost will depend on: Number of pages (versions, personalisation) Number of target users (system configuration, location) 29

  40. Cost for the adversary Adversary’s cost will depend on: Number of pages (versions, personalisation) Number of target users (system configuration, location) Training and testing complexities of the classifier 31

  41. Cost for the adversary Adversary’s cost will depend on: Number of pages (versions, personalisation) Number of target users (system configuration, location) Training and testing complexities of the classifier Maintaining a successful WF system is costly 32

  42. Defenses against WF attacks High level: Randomized pipelining, HTTPOS Ineffective � Supersequence approaches, traffic morphing: grouping pages to create anonymity sets Infeasible � BuFLO: constant rate Expensive (bandwidth), usability (latency) � Tamaraw, CS-BuFLO Still expensive (bandwidth), usability (latency) �

  43. Requirements defenses Effectiveness Do not increase latency No need for computing / distributing auxiliary information No server-side cooperation needed Bandwidth: some increase is tolerable in the input connections to the network

  44. Adaptive padding Based on proposal by Shmatikov and Wang as defense for E2E traffic confirmation attacks Generates traffic packets at random times Inter-packet timings following distribution of general web traffic Does NOT introduce latency: real packets are not delayed Disturbs key traffic features exploited by classifiers (burst features, total size) in an unpredictable way, different for each visit to the same page

  45. Adaptive padding implementation Implemented as a pluggable transport Implemented by both ends (OP �� Guard or Bridge) Controlled by the client (OP) Need to obtain the distribution of inter-packet delays: crawl

  46. Adaptive padding

  47. Modifications to adaptive padding Interactivity : two additional histograms to generate dummies in response to a packet received from the other end Control messages : for client to tell server parameters of padding Soft-stop condition : sampling an infinity value (probabilistic)

  48. Adaptive padding evaluation Classifier: kNN (Wang et al.) Experimental setup: Training: Top Alexa 100 Monitored pages: 10, 25, 80 Open world: 5K-30K pages

  49. Evaluation results Comparison with other defenses Closed world: 100 pages Ideal attack conditions

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

k -fingerprinting: a Robust Scalable Website Fingerprinting Technique George Danezis Jamie Hayes

k -fingerprinting: a Robust Scalable Website Fingerprinting Technique George Danezis Jamie Hayes

k -fingerprinting: a Robust Scalable Website Fingerprinting Technique George Danezis Jamie Hayes University College London August 12, 2016 1/24 How does website fingerprinting work? - Training Tor network Relay 2 Adversary Relay 1

988 views • 24 slides
Website fingerprinting attacks against Tor Browser Bundle: a comparison between HTTP/1.1 and

Website fingerprinting attacks against Tor Browser Bundle: a comparison between HTTP/1.1 and

Tor website fingerprinting Website fingerprinting attacks against Tor Browser Bundle: a comparison between HTTP/1.1 and HTTP/2 T.T.N. Marks BSc. K.C.N. Halvemaan BSc. University of Amsterdam System and Network Engineering Research Project #1

664 views • 32 slides
Feature Selection in Website Fingerprinting Junhua Yan Advisor: Prof. Jasleen Kaur July 24,

Feature Selection in Website Fingerprinting Junhua Yan Advisor: Prof. Jasleen Kaur July 24,

Feature Selection in Website Fingerprinting Junhua Yan Advisor: Prof. Jasleen Kaur July 24, 2019 1/23 Website Fingerprinting Goal: determine the visited website by inspecting network traffic on client side client web Figure: Attacker

831 views • 59 slides
Bayes, not Nave Security Bounds on Website Fingerprinting Defenses Giovanni Cherubin Privacy

Bayes, not Nave Security Bounds on Website Fingerprinting Defenses Giovanni Cherubin Privacy

Bayes, not Nave Security Bounds on Website Fingerprinting Defenses Giovanni Cherubin Privacy Enhancing Technologies Symposium Minneapolis, Minnesota, USA 19 July, 2017 @gchers Website Fingerprinting (WF) Encrypted Tunnel Victim

400 views • 20 slides
Website Fingerprinting Attacks and Defenses in the Tor Onion Space Marc Juarez imec-COSIC KU

Website Fingerprinting Attacks and Defenses in the Tor Onion Space Marc Juarez imec-COSIC KU

Website Fingerprinting Attacks and Defenses in the Tor Onion Space Marc Juarez imec-COSIC KU Leuven COSIC Seminar - 23rd October 2017, Leuven Introduction Contents of this presentation: - PETS17: Website Fingerprinting Defenses at

658 views • 44 slides
Website Fingerprinting Attacking Popular Privacy Enhancing Technologies with the Multinomial

Website Fingerprinting Attacking Popular Privacy Enhancing Technologies with the Multinomial

Website Fingerprinting Attacking Popular Privacy Enhancing Technologies with the Multinomial Nave-Bayes Classifier Dominik Herrmann , Hannes Federrath Rolf Wendolsky University of Regensburg, Germany JonDos GmbH Motivation To Whom It May

901 views • 34 slides
Website Fingerprinting at Internet Scale Andriy Panchenko 1 , Fabian Lanze 1 , Andreas Zinnen 2 ,

Website Fingerprinting at Internet Scale Andriy Panchenko 1 , Fabian Lanze 1 , Andreas Zinnen 2 ,

Website Fingerprinting at Internet Scale Andriy Panchenko 1 , Fabian Lanze 1 , Andreas Zinnen 2 , Martin Henze 3 , Jan Pennekamp 1 , Klaus Wehrle 3 , Thomas Engel 1 1 Interdisciplinary Centre for Security, Reliability and Trust (SnT), Luxembourg 2

567 views • 23 slides
A Critical Evaluation of Website Fingerprinting Attacks Marc Juarez 1 Sadia Afroz 2 Gunes Acar 1

A Critical Evaluation of Website Fingerprinting Attacks Marc Juarez 1 Sadia Afroz 2 Gunes Acar 1

A Critical Evaluation of Website Fingerprinting Attacks Marc Juarez 1 Sadia Afroz 2 Gunes Acar 1 Claudia Diaz 1 Rachel Greenstadt 3 1 KU Leuven, ESAT/COSIC and iMinds, Leuven, Belgium 2 UC Berkeley, US 3 Drexel University, US CCS 2014, Scottsdale,

687 views • 49 slides
Website Fingerprinting Defenses at the Application Layer Giovanni Cherubin 1 Jamie Hayes 2 Marc

Website Fingerprinting Defenses at the Application Layer Giovanni Cherubin 1 Jamie Hayes 2 Marc

Website Fingerprinting Defenses at the Application Layer Giovanni Cherubin 1 Jamie Hayes 2 Marc Juarez 3 1 Royal Holloway University of London 2 University College London 3 imec-COSIC KU Leuven 19th July 2017, PETS17, Minneapolis, MN, USA

735 views • 17 slides
Website Fingerprinting Defenses at the Application Layer Giovanni Cherubin 1 Jamie Hayes 2 Marc

Website Fingerprinting Defenses at the Application Layer Giovanni Cherubin 1 Jamie Hayes 2 Marc

Website Fingerprinting Defenses at the Application Layer Giovanni Cherubin 1 Jamie Hayes 2 Marc Juarez 3 1 Royal Holloway University of London 2 University College London 3 KU Leuven, ESAT/COSIC and imec (to appear in PoPETS 2017) Talk in the

532 views • 20 slides
CO 447 | LEC6 BLOCKCHAIN SECURITY Dr. Benjamin Livshits Stateless Fingerprinting 2 EFF

CO 447 | LEC6 BLOCKCHAIN SECURITY Dr. Benjamin Livshits Stateless Fingerprinting 2 EFF

CO 447 | LEC6 BLOCKCHAIN SECURITY Dr. Benjamin Livshits Stateless Fingerprinting 2 EFF Fingerprinting Tester https://panopticlick.eff.org 3 Panopticlick Testing 4 IE Brave Fingerprinting Components 5

1.28k views • 78 slides
Acoustic Fingerprinting Soundz Jake Runzer June 28, 2018 Jake Runzer Acoustic Fingerprinting

Acoustic Fingerprinting Soundz Jake Runzer June 28, 2018 Jake Runzer Acoustic Fingerprinting

Acoustic Fingerprinting Soundz Jake Runzer June 28, 2018 Jake Runzer Acoustic Fingerprinting June 28, 2018 1 / 35 Outline What is Acoustic Fingerprinting 1 Fingerprinting for Music Identification 2 Spectrograms 3 History 4 My

743 views • 35 slides
Fingerprinting hardware devices Fingerprinting hardware devices using clock-skewing using

Fingerprinting hardware devices Fingerprinting hardware devices using clock-skewing using

Fingerprinting hardware devices Fingerprinting hardware devices using clock-skewing using clock-skewing Renaud Lifchitz renaud.lifchitz@gmail.com #HES2010 8,9,10 April 2010 Paris, France Presenter's bio French computer security

644 views • 35 slides
Blind Elephant: Web Application Fingerprinting & Vulnerability Inferencing Patrick Thomas

Blind Elephant: Web Application Fingerprinting & Vulnerability Inferencing Patrick Thomas

Blind Elephant: Web Application Fingerprinting & Vulnerability Inferencing Patrick Thomas Qualys 7/28/10 Outline Web Apps & Security Existing Fingerprinting Approaches Static File Approach Observations From A Net Survey

832 views • 69 slides
Articulus Detecting IP Hijacking Through Server Fingerprinting Research Question How can we

Articulus Detecting IP Hijacking Through Server Fingerprinting Research Question How can we

Articulus Detecting IP Hijacking Through Server Fingerprinting Research Question How can we detect BGP IP hijacking by probing the at risk subnets to detect suspect change to hosts and subnets. 2 Intro Fingerprinting Avoiding

795 views • 31 slides
Overview System Security Scanning Security Scanning and Discovery Important Security Web

Overview System Security Scanning Security Scanning and Discovery Important Security Web

Overview System Security Scanning Security Scanning and Discovery Important Security Web Sites Fingerprinting OS FingerPrinting IP Stacks Share Scans Chapter 14 SNMP Vulnerabilities FingerPrinting TCP/IP Services

439 views • 8 slides
The material below presents the briefing slide text accompanied by recommended oral comments for

The material below presents the briefing slide text accompanied by recommended oral comments for

The material below presents the briefing slide text accompanied by recommended oral comments for people interested in military reform to give to audiences. While the presentation was created in the 1980s, it is remarkably relevant to the defense

521 views • 22 slides
The case for dynamic defenses against adversarial examples Ian Goodfellow SafeML ICLR Workshop

The case for dynamic defenses against adversarial examples Ian Goodfellow SafeML ICLR Workshop

The case for dynamic defenses against adversarial examples Ian Goodfellow SafeML ICLR Workshop 2019-05-06 New Orleans Based on https://arxiv.org/pdf/1903.06293.pdf Definition Adversarial examples are inputs to machine learning models that

411 views • 22 slides
Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial

Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial

Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples Anish Athalye* 1 , Nicholas Carlini * 2 , and David Wagner 3 1 Massachusetts Institute of Technology 2 University of California, Berkeley (now

540 views • 50 slides
Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial

Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial

Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples Anish Athalye* 1 , Nicholas Carlini * 2 , and David Wagner 3 1 Massachusetts Institute of Technology 2 University of California, Berkeley (now

1.13k views • 67 slides
Outline 2 Motivation Current cyber defense landscape & open questions Pro-active

Outline 2 Motivation Current cyber defense landscape & open questions Pro-active

A DVERSARIAL AND U NCERTAIN R EASONING FOR A DAPTIVE C YBER D EFENSE : B UILDING THE S CIENTIFIC F OUNDATION Sushil Jajodia George Mason University IEEE International 5G Summit, Reston, Virginia August 19, 2017 Outline 2 Motivation

863 views • 41 slides
Poseidon: Mitigating Volumetric DDoS Attacks with Programmable Switches Menghao Zhang 1 , Guanyu

Poseidon: Mitigating Volumetric DDoS Attacks with Programmable Switches Menghao Zhang 1 , Guanyu

Poseidon: Mitigating Volumetric DDoS Attacks with Programmable Switches Menghao Zhang 1 , Guanyu Li 1 , Shicheng Wang 1 , Chang Liu 1 , Ang Chen 2 , Hongxin Hu 3 , Guofei Gu 4 , Qi Li 1 , Mingwei Xu 1 , Jianping Wu 1 1 4 2 3 DDoS Attacks are

480 views • 23 slides
Fragmentation Considered Vulnerable Yossi Gilad & Amir Herzberg Computer Science Department,

Fragmentation Considered Vulnerable Yossi Gilad & Amir Herzberg Computer Science Department,

Fragmentation Considered Vulnerable Yossi Gilad & Amir Herzberg Computer Science Department, Bar Ilan University Overview IP fragmentation recap `Easy case fragment miss -association attacks Fragmentation attacks in tunnels

238 views • 23 slides
On the Feasibility of Rerouting-based DDoS Defenses Muoi Tran , Min Suk Kang, Hsu-Chun Hsiao,

On the Feasibility of Rerouting-based DDoS Defenses Muoi Tran , Min Suk Kang, Hsu-Chun Hsiao,

On the Feasibility of Rerouting-based DDoS Defenses Muoi Tran , Min Suk Kang, Hsu-Chun Hsiao, Wei-Hsuan Chiang, Shu-Po Tung, Yu-Su Wang May 2019 | San Francisco, CA Transit-link DDoS attack: a powerful type of volumetric DDoS attack

438 views • 25 slides

More recommend