Protecting against Website Fingerprinting with Multihoming

Sébastien Henri 1 , Gines Garcia-Aviles 2 , Pablo Serrano 3 , Albert Banchs 4  and Patrick Thiran 5
  • 1 Cisco Meraki, , USA
  • 2 University Carlos III of Madrid, , Spain
  • 3 University Carlos III of Madrid, , Spain
  • 4 IMDEA Networks Institute & University Carlos III of Madrid, , Spain
  • 5 EPFL, , Switzerland

Abstract

Anonymous communication tools, such as Tor, are extensively employed by users who want to keep their web activity private. But recent works have shown that when a local, passive adversary observes nothing more than the timestamp, size and direction (incoming or outgoing) of the packets, it can still identify with high accuracy the website accessed by a user. Several defenses against these website fingerprinting attacks have been proposed but they come at the cost of a significant overhead in traffic and/or website loading time. We propose a defense against website fingerprinting which exploits multihoming, where a user can access the Internet by sending the traffic through multiple networks. With multihoming, it is possible to protect against website fingerprinting by splitting traffic among the networks, i.e., by removing packets from one network and sending them through another, whereas current defenses can only add packets. This enables us to design a defense with no traffic overhead that, as we show through extensive experimentation against state-of-the-art attacks, reaches the same level of privacy as the best existing practical defenses. We describe and evaluate a proof-ofconcept implementation of our defense and show that is does not add significant loading-time overhead. Our solution is compatible with other state-of-the-art defenses, and we show that combining it with another defense further improves privacy.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] Improving Network Reliability Using Multipath TCP. https://developer.apple.com/documentation/foundation/urlsessionconfiguration/improving_network_reliability_using_multipath_tcp, accessed Nov. 2019.

  • [2] The Tor project. Pluggable Transports. https://2019.www.torproject.org/docs/pluggable-transports, accessed Nov. 2019.

  • [3] Tor: Inception. https://www.torproject.org/about/torusers.html.en, accessed Nov. 2019.

  • [4] ISPs Sell Clickstreams For $5 A Month, 2007. https://seekingalpha.com/article/29449-compete-ceo-isps-sellclickstreams-for-5-a-month, accessed Nov. 2019.

  • [5] Padding Negotiation. Tor Proposal 254, 2015. github.com/torproject/torspec/blob/master/proposals/254-padding-negotiation.txt, accessed Nov. 2019.

  • [6] Kota Abe and Shigeki Goto. Fingerprinting Attack on Tor Anonymity using Deep Learning. Proceedings of the Asia-Pacific Advanced Network, 2016.

  • [7] Aditya Akella, Bruce Maggs, Srinivasan Seshan, Anees Shaikh, and Ramesh Sitaraman. A Measurement-Based Analysis of Multihoming. In ACM SIGCOMM Conference, 2003.

  • [8] Mashael AlSabah, Kevin Bauer, Tariq Elahi, and Ian Goldberg. The Path Less Travelled: Overcoming Tor’s Bottlenecks with Traffic Splitting. Proceedings on Privacy Enhancing Technologies, 2013.

  • [9] Sanjit Bhat, David Lu, Albert Kwon, and Srinivas Devadas. Var-CNN: A Data-Efficient Website Fingerprinting Attack Based on Deep Learning. Proceedings on Privacy Enhancing Technologies, 2019.

  • [10] George Blakley. Safeguarding Cryptographic Keys. In National Computer Conference, 1979.

  • [11] Olivier Bonaventure and SungHoon Seo. Multipath TCP Deployments. https://www.ietfjournal.org/multipath-tcpdeployments, accessed Nov. 2019.

  • [12] D. Borman, B. Braden, V. Jacobson, and R. Scheffenegger. TCP Extensions for High Performance. RFC 7323, 2014.

  • [13] Xiang Cai, Rishab Nithyanand, and Rob Johnson. CSBuFLO: A Congestion Sensitive Website Fingerprinting Defense. In ACM Workshop on Privacy in the Electronic Society, 2014.

  • [14] Xiang Cai, Rishab Nithyanand, Tao Wang, Rob Johnson, and Ian Goldberg. A Systematic Approach to Developing and Evaluating Website Fingerprinting Defenses. In ACM Conference on Computer and Communications Security, 2014.

  • [15] Xiang Cai, Xin Cheng Zhang, Brijesh Joshi, and Rob Johnson. Touching from a Distance: Website Fingerprinting Attacks and Defenses. In ACM Conference on Computer and Communications Security, 2012.

  • [16] Yung-Chih Chen, Yeon-sup Lim, Richard J Gibbens, Erich M Nahum, Ramin Khalili, and Don Towsley. A Measurementbased Study of Multipath TCP Performance over Wireless Networks. In ACM Internet Measurement Conference, 2013.

  • [17] Yung-Chih Chen and Don Towsley. On Bufferbloat and Delay Analysis of Multipath TCP in Wireless Networks. In IFIP Networking Conference, 2014.

  • [18] Heyning Cheng and Ron Avnur. Traffic Analysis of SSL Encrypted Web Browsing, 1998. https://pdfs.semanticscholar.org/1a98/7c4fe65fa347a863dece665955ee7e01791b.pdf, accessed Nov. 2019.

  • [19] Giovanni Cherubin, Jamie Hayes, and Marc Juarez. Website Fingerprinting Defenses at the Application Layer. Proceedings on Privacy Enhancing Technologies, 2017.

  • [20] Weiqi Cui, Tao Chen, Christian Fields, Julianna Chen, Anthony Sierra, and Eric Chan-Tin. Revisiting Assumptions for Website Fingerprinting Attacks. In ACM Asia Conference on Computer and Communications Security, 2019.

  • [21] George Danezis. Traffic Analysis of the HTTP Protocol over TLS, 2010.

  • [22] Quentin De Coninck and Olivier Bonaventure. Multipath QUIC: Design and Evaluation. In ACM International Conference on emerging Networking EXperiments and Technologies, 2017.

  • [23] Wladimir De la Cadena, Asya Mitseva, Jan Pennekamp, Jens Hiller, Fabian Lanze, Thomas Engel, Klaus Wehrle, and Andriy Panchenko. Traffic Splitting to Counter Website Fingerprinting. In ACM Conference on Computer and Communications Security, 2019.

  • [24] Kevin P Dyer, Scott E Coull, Thomas Ristenpart, and Thomas Shrimpton. Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail. In IEEE Symposium on Security and Privacy, 2012.

  • [25] Nick Feamster and Roger Dingledine. Location Diversity in Anonymity Networks. In ACM Workshop on Privacy in the Electronic Society, 2004.

  • [26] Saman Feghhi and Douglas J Leith. A Web Traffic Analysis Attack Using Only Timing Information. IEEE Transactions on Information Forensics and Security, 2016.

  • [27] Alan Ford, Costin Raiciu, Mark Handley, Sébastien Barré, and Janardhan Iyengar. Architectural Guidelines for Multipath TCP Development. RFC 6182, 2011.

  • [28] Alan Ford, Costin Raiciu, Mark Handley, and Olivier Bonaventure. TCP Extensions for Multipath Operation with Multiple Addresses. RFC 6824, 2013.

  • [29] Alexander Frommgen, Tobias Erbshäußer, Alejandro Buchmann, Torsten Zimmermann, and Klaus Wehrle. ReMPTCP: Low Latency Multipath TCP. In IEEE International Conference on Communications, 2016.

  • [30] Jamie Hayes and George Danezis. k-fingerprinting: A Robust Scalable Website Fingerprinting Technique. In USENIX Security Symposium, 2016.

  • [31] Sébastien Henri, Christina Vlachou, Julien Herzen, and Patrick Thiran. EMPoWER Hybrid Networks: Exploiting Multiple Paths over Wireless and ElectRical Mediums. In ACM International Conference on emerging Networking EXperiments and Technologies, 2016.

  • [32] Dominik Herrmann, Rolf Wendolsky, and Hannes Federrath. Website Fingerprinting: Attacking Popular Privacy Enhancing Technologies with the Multinomial Naïve-Bayes Classifier. In ACM Workshop on Cloud Computing Security, 2009.

  • [33] Janardhan R Iyengar, Paul D Amer, and Randall Stewart. Concurrent Multipath Transfer using SCTP Multihoming over Independent End-to-End Paths. IEEE/ACM Transactions on Networking, 2006.

  • [34] Rob Jansen, Marc Juarez, Rafael Galvez, Tariq Elahi, and Claudia Diaz. Inside Job: Applying Traffic Analysis to Measure Tor from Within. In Network and Distributed System Security Symposium, 2018.

  • [35] Marc Juarez, Sadia Afroz, Gunes Acar, Claudia Diaz, and Rachel Greenstadt. A Critical Evaluation of Website Fingerprinting Attacks. In ACM Conference on Computer and Communications Security, 2014.

  • [36] Marc Juarez, Mohsen Imani, Mike Perry, Claudia Diaz, and Matthew Wright. Toward an Efficient Website Fingerprinting Defense. In European Symposium on Research in Computer Security, 2016.

  • [37] Taeho Jung, Xiang-Yang Li, Zhiguo Wan, and Meng Wan. Privacy Preserving Cloud Data Access with Multi-Authorities. In IEEE INFOCOM, 2013.

  • [38] Hasan T Karaoglu, Mehmet Burak Akgun, Mehmet Hadi Gunes, and Murat Yuksel. Multi Path Considerations for Anonymized Routing: Challenges and Opportunities. In Conference on New Technologies, Mobility and Security, 2012.

  • [39] Jin Li, Xiaofeng Chen, Mingqiang Li, Jingwei Li, Patrick PC Lee, and Wenjing Lou. Secure Deduplication with Efficient and Reliable Convergent Key Management. IEEE Transactions on Parallel and Distributed Systems, 2014.

  • [40] Ming Li, Shucheng Yu, Yao Zheng, Kui Ren, and Wenjing Lou. Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption. IEEE Transactions on Parallel and Distributed Systems, 2013.

  • [41] Shuai Li, Huajun Guo, and Nicholas Hopper. Measuring Information Leakage in Website Fingerprinting Attacks and Defenses. In ACM Conference on Computer and Communications Security, 2018.

  • [42] Igor Lopez, Marina Aguado, Christian Pinedo, and Eduardo Jacob. SCADA Systems in the Railway Domain: Enhancing Reliability Through Redundant Multipath TCP. In IEEE International Conference on Intelligent Transportation Systems, 2015.

  • [43] Brad Miller, Ling Huang, Anthony D Joseph, and J Doug Tygar. I Know Why You Went to the Clinic: Risks and Realization of HTTPS Traffic Analysis. Proceedings on Privacy Enhancing Technologies, 2014.

  • [44] Se Eun Oh, Saikrishna Sunkam, and Nicholas Hopper. p- FP: Extraction, Classification, and Prediction of Website Fingerprints with Deep Learning. Proceedings on Privacy Enhancing Technologies, 2019.

  • [45] Rebekah Overdorf, Mark Juarez, Gunes Acar, Rachel Greenstadt, and Claudia Diaz. How Unique is Your.onion?: An Analysis of the Fingerprintability of Tor Onion Services. In ACM Conference on Computer and Communications Security, 2017.

  • [46] Christoph Paasch and Sébastien Barré. Multipath TCP in the Linux Kernel. https://www.multipath-tcp.org, accessed Nov. 2019.

  • [47] Christoph Paasch and Sébastien Barré. Multipath TCP in the Linux Kernel – Configure MPTCP. https://multipathtcp.org/pmwiki.php/Users/ConfigureMPTCP, accessed Nov. 2019.

  • [48] Andriy Panchenko, Fabian Lanze, Jan Pennekamp, Thomas Engel, Andreas Zinnen, Martin Henze, and Klaus Wehrle. Website Fingerprinting at Internet Scale. In Network and Distributed System Security Symposium, 2016.

  • [49] Andriy Panchenko, Lukas Niessen, Andreas Zinnen, and Thomas Engel. Website Fingerprinting in Onion Routing Based Anonymization Networks. In ACM Workshop on Privacy in the Electronic Society, 2011.

  • [50] Mike Perry. Experimental Defense for Website Traffic Fingerprinting. Tor project Blog. https://blog.torproject.org/experimental-defense-website-traffic-fingerprinting, 2011.

  • [51] Abdullah Qasem, Sami Zhioua, and Karima Makhlouf. Finding a Needle in a Haystack: The Traffic Analysis Version. Proceedings on Privacy Enhancing Technologies, 2019.

  • [52] Costin Raiciu, Sebastien Barre, Christopher Pluntke, Adam Greenhalgh, Damon Wischik, and Mark Handley. Improving Datacenter Performance and Robustness with Multipath TCP. In ACM SIGCOMM Conference, 2011.

  • [53] Costin Raiciu, Christoph Paasch, Sébastien Barré, Alan Ford, Michio Honda, Fabien Duchêne, Olivier Bonaventure, and Mark Handley. How Hard Can It Be? Designing and Implementing a Deployable Multipath TCP. In USENIX Symposium on Networked Systems Design and Implementation, 2012.

  • [54] Maxim Raya and Jean-Pierre Hubaux. Securing Vehicular Ad-Hoc Networks. Journal of Computer Security, 2007.

  • [55] Vera Rimmer, Davy Preuveneers, Marc Juarez, Tom Van Goethem, and Wouter Joosen. Automated Website Fingerprinting through Deep Learning. In Network and Distributed System Security Symposium, 2018.

  • [56] F Rochet, O Pereira, and O Bonaventure. Moving Tor Circuits Towards Multiple-Path: Anonymity and Performance Considerations. Technical report, UC Louvain, 2015. https://pdfs.semanticscholar.org/aa94/7dd4762bd0f6531bacfeac9d29ef1e1d4cd6.pdf, accessed Nov. 2019.

  • [57] Andrei Serjantov and Steven J Murdoch. Message Splitting Against the Partial Adversary. In International Workshop on Privacy Enhancing Technologies, 2005.

  • [58] Adi Shamir. How to Share a Secret. Communications of the ACM, 1979.

  • [59] Yi Shi and Kanta Matsuura. Fingerprinting Attack on the Tor Anonymity System. In International Conference on Information and Communications Security, 2009.

  • [60] Vitaly Shmatikov and Ming-Hsiu Wang. Timing Analysis in Low-Latency Mix Networks: Attacks and Defenses. In European Symposium on Research in Computer Security, 2006.

  • [61] Anatoly Shusterman, Lachlan Kang, Yarden Haskal, Yosef Meltser, Prateek Mittal, Yossi Oren, and Yuval Yarom. Robust Website Fingerprinting through the Cache Occupancy Channel. In USENIX Security Symposium, 2019.

  • [62] Payap Sirinam, Mohsen Imani, Marc Juarez, and Matthew Wright. Deep Fingerprinting: Undermining Website Fingerprinting Defenses with Deep Learning. In ACM Conference on Computer and Communications Security, 2018.

  • [63] Emil Stefanov and Elaine Shi. Multi-Cloud Oblivious Storage. In ACM Conference on Computer and Communications Security, 2013.

  • [64] Randall Stewart. Stream Control Transmission Protocol. RFC 6824, 4960.

  • [65] David Wagner and Bruce Schneier. Analysis of the SSL 3.0 Protocol. In USENIX Workshop on Electronic Commerce, 1996.

  • [66] Tao Wang, Xiang Cai, Rishab Nithyanand, Rob Johnson, and Ian Goldberg. Effective Attacks and Provable Defenses for Website Fingerprinting. In USENIX Security Symposium, 2014.

  • [67] Tao Wang and Ian Goldberg. Improved Website Fingerprinting on Tor. In ACM Workshop on Privacy in the Electronic Society, 2013.

  • [68] Tao Wang and Ian Goldberg. On Realistically Attacking Tor with Website Fingerprinting. Proceedings on Privacy Enhancing Technologies, 2016.

  • [69] Tao Wang and Ian Goldberg. Walkie-Talkie: An Efficient Defense Against Passive Website Fingerprinting Attacks. In USENIX Security Symposium, 2017.

  • [70] Charles Wright, Scott Coull, and Fabian Monrose. Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis. In Network and Distributed System Security Symposium, 2009.

  • [71] Junhua Yan and Jasleen Kaur. Feature Selection for Website Fingerprinting. Proceedings on Privacy Enhancing Technologies, 2018.

  • [72] Kiran Yedugundla, Simone Ferlin, Thomas Dreibholz, Özgü Alay, Nicolas Kuhn, Per Hurtig, and Anna Brunstrom. Is Multi-path Transport Suitable for Latency Sensitive Traffic? Computer Networks, 2016.

OPEN ACCESS

Journal + Issues

Search