Website Fingerprinting (WF) attacks are a subset of traffic analysis attacks where a local passive attacker attempts to infer which websites a target victim is visiting over an encrypted tunnel, such as the anonymity network Tor. We introduce the security notion of a Website Oracle (WO) that gives a WF attacker the capability to determine whether a particular monitored website was among the websites visited by Tor clients at the time of a victim’s trace. Our simulations show that combining a WO with a WF attack—which we refer to as a WF+WO attack—significantly reduces false positives for about half of all website visits and for the vast majority of websites visited over Tor. The measured false positive rate is on the order one false positive per million classified website trace for websites around Alexa rank 10,000. Less popular monitored websites show orders of magnitude lower false positive rates.
We argue that WOs are inherent to the setting of anonymity networks and should be an assumed capability of attackers when assessing WF attacks and defenses. Sources of WOs are abundant and available to a wide range of realistic attackers, e.g., due to the use of DNS, OCSP, and real-time bidding for online advertisement on the Internet, as well as the abundance of middleboxes and access logs. Access to a WO indicates that the evaluation of WF defenses in the open world should focus on the highest possible recall an attacker can achieve. Our simulations show that augmenting the Deep Fingerprinting WF attack by Sirinam et al.  with access to a WO significantly improves the attack against five state-of-the-art WF defenses, rendering some of them largely ineffective in this new WF+WO setting.
If the inline PDF is not rendering correctly, you can download the PDF file here.
 C. Abdelberi T. Chen M. Cunche E. D. Cristofaro A. Friedman and M. A. Kâafar. Censorship in the wild: Analyzing internet filtering in syria. In IMC 2014.
 K. Abe and S. Goto. Fingerprinting attack on Tor anonymity using deep learning. Proceedings of the Asia-Pacific Advanced Network 42:15–20 2016.
 O. Berthold A. Pfitzmann and R. Standtke. The disadvantages of free MIX routes and how to overcome them. In International Workshop on Design Issues in Anonymity and Unobservability 2000.
 D. Bleichenbacher. Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In CRYPTO 1998.
 N. Borisov G. Danezis P. Mittal and P. Tabriz. Denial of service or denial of security? In CCS 2007.
 X. Cai R. Nithyanand and R. Johnson. CS-BuFLO: A congestion sensitive website fingerprinting defense. In WPES 2014.
 X. Cai R. Nithyanand T. Wang R. Johnson and I. Goldberg. A systematic approach to developing and evaluating website fingerprinting defenses. In CCS 2014.
 X. Cai X. C. Zhang B. Joshi and R. Johnson. Touching from a distance: website fingerprinting attacks and defenses. In CCS 2012.
 Y. Cao Z. Qian Z. Wang T. Dao S. V. Krishnamurthy and L. M. Marvel. Off-path TCP exploits of the challenge ACK global rate limit. IEEE/ACM Trans. Netw. 26(2):765–778 2018.
 S. Chakravarty A. Stavrou and A. D. Keromytis. Traffic analysis against low-latency anonymity networks using available bandwidth estimation. In ESORICS 2010.
 H. Cheng and R. Avnur. Traffic analysis of SSL encrypted web browsing. Project paper University of Berkeley 1998.
 G. Cherubin. Bayes not naïve: Security bounds on website fingerprinting defenses. PoPETs 2017.
 C. Chow. On optimum recognition error and reject tradeoff. IEEE Transactions on information theory 16(1) 1970.
 T. Chung J. Lok B. Chandrasekaran D. R. Choffnes D. Levin B. M. Maggs A. Mislove J. P. Rula N. Sullivan and C. Wilson. Is the web ready for OCSP must-staple? In IMC 2018.
 G. Danezis. Statistical disclosure attacks. In Security and Privacy in the Age of Uncertainty IFIP SEC 2003.
 G. Danezis. The traffic analysis of continuous-time mixes. In PET 2004.
 G. Danezis and A. Serjantov. Statistical disclosure or intersection attacks on anonymity systems. In Information Hiding 6th International Workshop IH 2004.
 D. Das S. Meiser E. Mohammadi and A. Kate. Anonymity trilemma: Strong anonymity low bandwidth overhead low latency - choose two. In IEEE S&P 2018.
 C. Díaz S. Seys J. Claessens and B. Preneel. Towards measuring anonymity. In PET 2002.
 R. Dingledine N. Mathewson and P. F. Syverson. Tor: The second-generation onion router. In USENIX Security 2004.
 K. P. Dyer S. E. Coull T. Ristenpart and T. Shrimpton. Peek-a-boo I still see you: Why efficient traffic analysis countermeasures fail. In IEEE S&P 2012.
 R. Ensafi J. C. Park D. Kapur and J. R. Crandall. Idle port scanning and non-interference analysis of network protocol stacks using model checking. In USENIX Security 2010.
 S. Goldwasser and S. Micali. Probabilistic encryption. J. Comput. Syst. Sci. 28(2):270–299 1984.
 B. Greschbach T. Pulls L. M. Roberts P. Winter and N. Feamster. The effect of DNS on Tor’s anonymity. In NDSS 2017.
 J. Hayes and G. Danezis. k-fingerprinting: A robust scalable website fingerprinting technique. In USENIX Security 2016.
 D. Herrmann R. Wendolsky and H. Federrath. Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier. In CCSW 2009.
 A. Hintz. Fingerprinting websites using traffic analysis. In PET 2002.
 R. Jansen M. Juárez R. Galvez T. Elahi and C. Díaz. Inside job: Applying traffic analysis to measure Tor from within. In NDSS 2018.
 A. Johnson C. Wacek R. Jansen M. Sherr and P. F. Syverson. Users get routed: traffic correlation on Tor by realistic adversaries. In CCS 2013.
 M. Juárez S. Afroz G. Acar C. Díaz and R. Greenstadt. A critical evaluation of website fingerprinting attacks. In CCS 2014.
 M. Juárez M. Imani M. Perry C. Díaz and M. Wright. Toward an efficient website fingerprinting defense. In ESORICS 2016.
 D. Kesdogan D. Agrawal and S. Penz. Limits of anonymity in open environments. In Information Hiding 5th International Workshop IH 2002.
 D. Kesdogan and L. Pimenidis. The hitting set attack on anonymity protocols. In Information Hiding 6th International Workshop IH 2004.
 A. Kwon M. AlSabah D. Lazar M. Dacier and S. Devadas. Circuit fingerprinting attacks: Passive deanonymization of Tor hidden services. In USENIX Security 2015.
 M. Liberatore and B. N. Levine. Inferring the source of encrypted HTTP connections. In CCS 2006.
 D. Lu S. Bhat A. Kwon and S. Devadas. Dynaflow: An efficient website fingerprinting defense based on dynamically-adjusting flows. In WPES 2018.
 D. Lyon. Surveillance snowden and big data: Capacities consequences critique. Big Data & Society 1(2) 2014.
 A. Mani T. Wilson-Brown R. Jansen A. Johnson and M. Sherr. Understanding tor usage with privacy-preserving measurement. In IMC 2018.
 N. Mathews P. Sirinam and M. Wright. Understanding feature discovery in website fingerprinting attacks. In 2018 IEEE Western New York Image and Signal Processing Workshop (WNYISPW) pages 1–5. IEEE 2018.
 R. Merget J. Somorovsky N. Aviram C. Young J. Fliegenschmidt J. Schwenk and Y. Shavitt. Scalable scanning and automatic classification of tls padding oracle vulnerabilities. In USENIX Security 2019. to appear.
 P. Mittal A. Khurshid J. Juen M. Caesar and N. Borisov. Stealthy traffic analysis of low-latency anonymous communication using throughput fingerprinting. In CCS 2011.
 S. J. Murdoch and G. Danezis. Low-cost traffic analysis of Tor. In IEEE S&P 2005.
 M. Naor and M. Yung. Public-key cryptosystems provably secure against chosen ciphertext attacks. In Proceedings of the 22nd Annual ACM Symposium on Theory of Computing 1990.
 M. Nasr A. Bahramali and A. Houmansadr. Deepcorr: Strong flow correlation attacks on Tor using deep learning. In CCS 2018.
 R. Nithyanand X. Cai and R. Johnson. Glove: A bespoke website fingerprinting defense. In WPES 2014.
 A. Panchenko F. Lanze J. Pennekamp T. Engel A. Zinnen M. Henze and K. Wehrle. Website fingerprinting at internet scale. In NDSS 2016.
 A. Panchenko A. Mitseva M. Henze F. Lanze K. Wehrle and T. Engel. Analysis of fingerprinting techniques for Tor hidden services. In WPES 2017.
 A. Panchenko L. Niessen A. Zinnen and T. Engel. Website fingerprinting in onion routing based anonymization networks. In WPES 2011.
 M. Perry. A critique of website traffic fingerprinting attacks https://web.archive.org/web/20190208082403/https://blog.torproject.org/critique-website-traffic-fingerprinting-attacks.
 A. Pfitzmann and M. Hansen. A terminology for talking about privacy by data minimization: Anonymity unlinkability undetectability unobservability pseudonymity and identity management. 34 01 2010.
 Z. Qian Z. M. Mao and Y. Xie. Collaborative TCP sequence number inference attack: how to crack sequence number under a second. In CCS 2012.
 C. Rackoff and D. R. Simon. Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In CRYPTO 1991.
 J. Raymond. Traffic analysis: Protocols attacks design issues and open problems. In International Workshop on Design Issues in Anonymity and Unobservability 2000.
 M. G. Reed P. F. Syverson and D. M. Goldschlag. Anonymous connections and onion routing. IEEE Journal on Selected Areas in Communications 16(4):482–494 1998.
 V. Rimmer D. Preuveneers M. Juárez T. van Goethem and W. Joosen. Automated website fingerprinting through deep learning. In NDSS 2018.
 E. Ronen R. Gillham D. Genkin A. Shamir D. Wong and Y. Yarom. The 9 lives of bleichenbacher’s CAT: new cache attacks on TLS implementations. IACR Cryptology ePrint Archive 2018:1173 2018.
 Q. Scheitle O. Hohlfeld J. Gamba J. Jelten T. Zimmermann S. D. Strowes and N. Vallina-Rodriguez. A long way to the top: Significance structure and stability of internet top lists. In IMC 2018.
 A. Serjantov and G. Danezis. Towards an information theoretic metric for anonymity. In PET 2002.
 V. Shmatikov and M. Wang. Timing analysis in low-latency mix networks: Attacks and defenses. In ESORICS 2006.
 P. Sirinam M. Imani M. Juárez and M. Wright. Deep fingerprinting: Undermining website fingerprinting defenses with deep learning. In CCS 2018.
 A. Stolerman R. Overdorf S. Afroz and R. Greenstadt. Classify but verify: Breaking the closed-world assumption in stylometric authorship attribution. In IFIP Working Group volume 11 page 64 2013.
 Q. Sun D. R. Simon Y. Wang W. Russell V. N. Padmanabhan and L. Qiu. Statistical identification of encrypted web browsing traffic. In IEEE S&P 2002.
 Y. Sun A. Edmundson L. Vanbever O. Li J. Rexford M. Chiang and P. Mittal. RAPTOR: routing attacks on privacy in Tor. In USENIX Security 2015.
 Tor Project. Tor rendezvous specification - version 2 https://gitweb.torproject.org/torspec.git/tree/rend-spec-v2.txt.
 Tor Project. Tor rendezvous specification - version 3 https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt.
 C. Troncoso B. Gierlichs B. Preneel and I. Verbauwhede. Perfect matching disclosure attacks. In PETS 2008.
 P. Vines F. Roesner and T. Kohno. Exploring ADINT: using ad targeting for surveillance on a budget - or - how alice can buy ads to track bob. In WPES 2017.
 J. Wang W. Zhang and S. Yuan. Display advertising with real-time bidding (RTB) and behavioural targeting. Foundations and Trends in Information Retrieval 2017.
 T. Wang. Website Fingerprinting: Attacks and Defenses. PhD thesis University of Waterloo 2015.
 T. Wang X. Cai R. Nithyanand R. Johnson and I. Goldberg. Effective attacks and provable defenses for website fingerprinting. In USENIX Security 2014.
 T. Wang and I. Goldberg. On realistically attacking Tor with website fingerprinting. PoPETs 2016(4):21–36 2016.
 T. Wang and I. Goldberg. Walkie-talkie: An efficient defense against passive website fingerprinting attacks. In USENIX Security 2017.
 P. Winter R. Köwer M. Mulazzani M. Huber S. Schrittwieser S. Lindskog and E. R. Weippl. Spoiled onions: Exposing malicious tor exit relays. In PETS 2014.