blob: da0959988209a55503d37bed647ac51ce0ce2ee7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
\noindent
Website Fingerprinting (WF) attacks are a subset of traffic analysis attacks
where a local passive attacker attempts to infer which websites a target victim
is visiting over an encrypted tunnel, such as the anonymity network Tor. We
introduce the security notion of a \emph{Website Oracle} (WO) that gives a WF
attacker the capability to determine whether a particular monitored website was
among the websites visited by Tor clients at the time of a victim's trace. Our
simulations show that combining a WO with a WF attack---which we refer to as a
WF+WO attack---significantly reduces false positives for about half of all
website visits and for the vast majority of websites visited over Tor. The
measured false positive rate is on the order one false positive per million
classified website trace for websites around Alexa rank 10,000. Less popular
monitored websites show orders of magnitude lower false positive rates.
{\setlength{\parindent}{6mm} We argue that WOs are inherent to the setting of
anonymity networks and should be an assumed capability of attackers when
assessing WF attacks and defenses. Sources of WOs are abundant and available to
a wide range of realistic attackers, e.g., due to the use of DNS, OCSP, and
real-time bidding for online advertisement on the Internet, as well as the
abundance of middleboxes and access logs. Access to a WO indicates that the
evaluation of WF defenses in the open world should focus on the highest possible
recall an attacker can achieve. Our simulations show that augmenting the Deep
Fingerprinting WF attack by Sirinam \emph{et~al.}~\cite{DF} with access to a WO
significantly improves the attack against five state-of-the-art WF defenses,
rendering some of them largely ineffective in this new WF+WO setting.}
|
