An analysis of Web page and Web site constancy and permanence
Journal of the American Society for Information Science
Untraceable electronic mail, return addresses, and digital pseudonyms
Communications of the ACM
Web page change and persistence---a four-year longitudinal study
Journal of the American Society for Information Science and Technology
Information Retrieval
Statistical Identification of Encrypted Web Browsing Traffic
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
IWPC '99 Proceedings of the 7th International Workshop on Program Comprehension
What's new on the web?: the evolution of the web from a search engine perspective
Proceedings of the 13th international conference on World Wide Web
Low-Cost Traffic Analysis of Tor
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Internet traffic classification using bayesian analysis techniques
SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
ACM SIGCOMM Computer Communication Review
Inferring the source of encrypted HTTP connections
Proceedings of the 13th ACM conference on Computer and communications security
Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems)
Tor: the second-generation onion router
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Low-resource routing attacks against tor
Proceedings of the 2007 ACM workshop on Privacy in electronic society
On web browsing privacy in anonymized NetFlows
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Introduction to Information Retrieval
Introduction to Information Retrieval
Fingerprinting websites using traffic analysis
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
Proceedings of the 7th international conference on Privacy enhancing technologies
PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
Performance comparison of low-latency anonymisation services from a user perspective
PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
Estimating continuous distributions in Bayesian classifiers
UAI'95 Proceedings of the Eleventh conference on Uncertainty in artificial intelligence
Traffic classification using a statistical approach
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
On the privacy risks of publishing anonymized IP network traces
CMS'06 Proceedings of the 10th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
Towards practical attacker classification for risk analysis in anonymous communication
CMS'06 Proceedings of the 10th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
Privacy vulnerabilities in encrypted HTTP streams
PET'05 Proceedings of the 5th international conference on Privacy Enhancing Technologies
Fingerprinting websites using remote traffic analysis
Proceedings of the 17th ACM conference on Computer and communications security
On privacy leakage through silence suppression
ISC'10 Proceedings of the 13th international conference on Information security
Inferring users' online activities through traffic analysis
Proceedings of the fourth ACM conference on Wireless network security
Website fingerprinting in onion routing based anonymization networks
Proceedings of the 10th annual ACM workshop on Privacy in the electronic society
Malice versus AN.ON: possible risks of missing replay and integrity protection
FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
Beyond TOR: the truenyms protocol
SIIS'11 Proceedings of the 2011 international conference on Security and Intelligent Information Systems
Review: A survey on solutions and main free tools for privacy enhancing Web communications
Journal of Network and Computer Applications
Analyzing characteristic host access patterns for re-identification of web user sessions
NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
Website detection using remote traffic analysis
PETS'12 Proceedings of the 12th international conference on Privacy Enhancing Technologies
Enhancing Tor's performance using real-time traffic classification
Proceedings of the 2012 ACM conference on Computer and communications security
Proceedings of the 2012 ACM conference on Computer and communications security
StegoTorus: a camouflage proxy for the Tor anonymity system
Proceedings of the 2012 ACM conference on Computer and communications security
Touching from a distance: website fingerprinting attacks and defenses
Proceedings of the 2012 ACM conference on Computer and communications security
Probabilistic analysis of onion routing in a black-box model
ACM Transactions on Information and System Security (TISSEC)
Comparison of low-latency anonymous communication systems: practical usage and performance
AISC '11 Proceedings of the Ninth Australasian Information Security Conference - Volume 116
Improved website fingerprinting on Tor
Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society
Hi-index | 0.00 |
Privacy enhancing technologies like OpenSSL, OpenVPN or Tor establish an encrypted tunnel that enables users to hide content and addresses of requested websites from external observers This protection is endangered by local traffic analysis attacks that allow an external, passive attacker between the PET system and the user to uncover the identity of the requested sites. However, existing proposals for such attacks are not practicable yet. We present a novel method that applies common text mining techniques to the normalised frequency distribution of observable IP packet sizes. Our classifier correctly identifies up to 97% of requests on a sample of 775 sites and over 300,000 real-world traffic dumps recorded over a two-month period. It outperforms previously known methods like Jaccard's classifier and Naïve Bayes that neglect packet frequencies altogether or rely on absolute frequency values, respectively. Our method is system-agnostic: it can be used against any PET without alteration. Closed-world results indicate that many popular single-hop and even multi-hop systems like Tor and JonDonym are vulnerable against this general fingerprinting attack. Furthermore, we discuss important real-world issues, namely false alarms and the influence of the browser cache on accuracy.