Tik-Tok: The Utility of Packet Timing in Website Fingerprinting Attacks

Mohammad Saidur Rahman 1 , Payap Sirinam 2 , Nate Mathews 3 , Kantha Girish Gangadhara 4 , and Matthew Wright 5
  • 1 Global Cybersecurity Institute, RIT,
  • 2 Navaminda Kasatriyadhiraj Royal Air Force Academy,
  • 3 Global Cybersecurity Institute, RIT,
  • 4 Global Cybersecurity Institute, RIT,
  • 5 Global Cybersecurity Institute, RIT,

Abstract

A passive local eavesdropper can leverage Website Fingerprinting (WF) to deanonymize the web browsing activity of Tor users. The value of timing information to WF has often been discounted in recent works due to the volatility of low-level timing information. In this paper, we more carefully examine the extent to which packet timing can be used to facilitate WF attacks. We first propose a new set of timing-related features based on burst-level characteristics to further identify more ways that timing patterns could be used by classifiers to identify sites. Then we evaluate the effectiveness of both raw timing and directional timing which is a combination of raw timing and direction in a deep-learning-based WF attack. Our closed-world evaluation shows that directional timing performs best in most of the settings we explored, achieving: (i) 98.4% in undefended Tor traffic; (ii) 93.5% on WTF-PAD traffic, several points higher than when only directional information is used; and (iii) 64.7% against onion sites, 12% higher than using only direction. Further evaluations in the open-world setting show small increases in both precision (+2%) and recall (+6%) with directional-timing on WTF-PAD traffic. To further investigate the value of timing information, we perform an information leakage analysis on our proposed handcrafted features. Our results show that while timing features leak less information than directional features, the information contained in each feature is mutually exclusive to one another and can thus improve the robustness of a classifier.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [2] Tor: Onion Service Protocol. https://www.torproject.org/docs/onion-services.

  • [3] WFPadTools Framework. https://github.com/mjuarezm/wfpadtools.

  • [4] Abe, K., and Goto, S. Fingerprinting attack on Tor anonymity using deep learning. Proceedings of the Asia-Pacific Advanced Network (2016).

  • [5] Bhat, S., Lu, D., Kwon, A., and Devadas, S. Var-cnn: A data-efficient website fingerprinting attack based on deep learning. Proceedings on Privacy Enhancing Technologies 2019, 4 (2019), 292–310.

  • [6] Bissias, G. D., Liberatore, M., Jensen, D., and Levine, B. N. Privacy vulnerabilities in encrypted HTTP streams. In Workshop on Privacy Enhancing Technologies (PET) (2005).

  • [7] Cai, X., Nithyanand, R., and Johnson, R. CS-BuFLO: A congestion sensitive website fingerprinting defense. In Proceedings of the 13th Workshop on Privacy in the Electronic Society (WPES) (2014), ACM.

  • [8] Cai, X., Nithyanand, R., Wang, T., Johnson, R., and Goldberg, I. A systematic approach to developing and evaluating website fingerprinting defenses. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS) (2014), ACM.

  • [9] Cai, X., Zhang, X. C., Joshi, B., and Johnson, R. Touching from a distance: Website fingerprinting attacks and defenses. In Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCS) (2012), ACM.

  • [10] Du, M., Liu, N., and Hu, X. Techniques for interpretable machine learning. Communications of the ACM 63, 1 (2019), 68–77.

  • [11] Dyer, K. P., Coull, S. E., Ristenpart, T., and Shrimpton, T. Peek-a-boo, I still see you: Why efficient traffic analysis countermeasures fail. In Proceeding of the 33th IEEE Symposium on Security and Privacy (S&P) (2012).

  • [12] Hayes, J., and Danezis, G. k-Fingerprinting: A robust scalable website fingerprinting technique. In Proceedings of the 25th USENIX Conference on Security Symposium

  • (2016).

  • [13] Herrmann, D., Wendolsky, R., and Federrath, H. Website fingerprinting: Attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier. In Proceedings of the 2009 ACM Workshop on Cloud Computing Security (2009).

  • [14] Jansen, R., Juarez, M., Galvez, R., Elahi, T., and Diaz, C. Inside Job: Applying traffic analysis to measure tor from within. In Proceedings of the 25th Network and Distributed System Security Symposium (NDSS) (2018).

  • [15] Juarez, M., Afroz, S., Acar, G., Diaz, C., and Greenstadt, R. A critical evaluation of website fingerprinting attacks. In Proceedings of the 2014 ACM Conference on Computer and Communications Security (CCS) (2014), ACM.

  • [16] Juarez, M., Imani, M., Perry, M., Diaz, C., and Wright, M. Toward an efficient website fingerprinting defense. In European Symposium on Research in Computer Security (ESORICS) (2016).

  • [17] Karen, S., and Andrew, Z. Very deep convolutional networks for large-scale image recognition. In 3rd International Conference on Learning Representations (ICLR) (2015).

  • [18] Krizhevsky, A., Sutskever, I., and Hinton, G. E. Imagenet classification with deep convolutional neural networks. In Advances in Neural Information Processing Systems (NIPS). 2012.

  • [19] Kwon, A., AlSabah, M., Lazar, D., Dacier, M., and Devadas, S. Circuit fingerprinting attacks: Passive deanonymization of Tor hidden services. In Proceedings of the 24th USENIX Conference on Security Symposium (2015).

  • [20] LeCun, Y., Bengio, Y., and Hinton, G. Deep learning. Nature, 4 (2015), 436–444.

  • [21] Li, S., Guo, H., and Hopper, N. Measuring information leakage in website fingerprinting attacks and defenses. In ACM Conference on Computer and Communications Security (CCS) (2018).

  • [22] Mani, A., Wilson-Brown, T., Jansen, R., Johnson, A., and Sherr, M. Understanding tor usage with privacypreserving measurement. In Proceedings of the Internet Measurement Conference (2018), ACM.

  • [23] Miller, B., Huang, L., Joseph, A. D., and Tygar, J. D. I know why you went to the clinic: Risks and realization of HTTPS traffic analysis. In Privacy Enhancing Technologies Symposium (PETS) (2014).

  • [24] Oh, S. E., Sunkam, S., and Hopper, N. p-fp: Extraction, classification, and prediction of website fingerprints with deep learning. Proceedings on Privacy Enhancing Technologies 2019, 3 (2019), 191–209.

  • [25] Overdorf, R., Juarez, M., Acar, G., Greenstadt, R., and Diaz, C. How Unique is Your. onion?: an analysis of the fingerprintability of tor onion services. In Proceedings of the 2017 ACM Conference on Computer and Communications Security (CCS) (2017), ACM.

  • [26] Panchenko, A., Lanze, F., Pennekamp, J., Engel, T., Zinnen, A., Henze, M., and Wehrle, K. Website fingerprinting at Internet scale. In Proceedings of the 23rd Network and Distributed System Security Symposium (NDSS) (2016).

  • [27] Panchenko, A., Niessen, L., Zinnen, A., and Engel, T. Website fingerprinting in onion routing based anonymization networks. In Proceedings of the 10th annual ACM Workshop on Privacy in the Electronic Society (WPES) (2011).

  • [28] Perry, M. Experimental defense for website traffic fingerprinting. Tor project blog. (2011). https://blog.torproject.org/blog/experimental-defense-website-traffic-fingerprinting.

  • [29] Perry, M. A critique of website traffic fingerprinting attacks. Tor project blog. (2013). https://blog.torproject.org.

  • [30] Rimmer, V., Preuveneers, D., Juarez, M., Van Goethem, T., and Joosen, W. Automated website fingerprinting through deep learning. In Proceedings of the 25th Network and Distributed System Security Symposium (NDSS) (2018).

  • [31] Shmatikov, V., and Wang, M.-H. Timing analysis in low-latency mix networks: Attacks and defenses. European Symposium on Research in Computer Security (2006).

  • [32] Sirinam, P., Imani, M., Juarez, M., and Wright, M. Deep fingerprinting: Undermining website fingerprinting defenses with deep learning. In ACM Conference on Computer and Communications Security (CCS) (2018), ACM.

  • [33] Sirinam, P., Mathews, N., Rahman, M. S., and Wright, M. Triplet Fingerprinting: More practical and portable website fingerprinting with N-shot learning. In ACM Conference on Computer and Communications Security (CCS) (2019).

  • [34] Song, W., and Cai, J. End-to-end deep neural network for automatic speech recognition.

  • [35] Wang, T., Cai, X., Nithyanand, R., Johnson, R., and Goldberg, I. Effective attacks and provable defenses for website fingerprinting. In Proceedings of the 23rd USENIX Conference on Security Symposium (2014).

  • [36] Wang, T., and Goldberg, I. Improved website fingerprinting on Tor. In Proceedings of the 12th ACM Workshop on Workshop on Privacy in the Electronic Society (WPES) (2013).

  • [37] Wang, T., and Goldberg, I. Walkie-Talkie: An efficient defense against passive website fingerprinting attacks. In Proceedings of the 26th USENIX Conference on Security Symposium (2017).

  • [38] Yan, J., and Kaur, J. Feature selection for website fingerprinting. In Proceedings on Privacy Enhancing Technologies (PETS) (2018).

  • [39] Yan, J., and Kaur, J. Feature selection for website fingerprinting. Tech. Rep. 18-001, 2018. http://www.cs.unc.edu/techreports/18-001.pdf.

OPEN ACCESS

Journal + Issues

Search