An introduction to support Vector Machines: and other kernel-based learning methods
An introduction to support Vector Machines: and other kernel-based learning methods
Web MIXes: a system for anonymous and unobservable Internet access
International workshop on Designing privacy enhancing technologies: design issues in anonymity and unobservability
Information Retrieval
Statistical Identification of Encrypted Web Browsing Traffic
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Low-Cost Traffic Analysis of Tor
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Inferring the source of encrypted HTTP connections
Proceedings of the 13th ACM conference on Computer and communications security
Tor: the second-generation onion router
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Analysis of the SSL 3.0 protocol
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Language identification of encrypted VoIP traffic: Alejandra y Roberto or Alice and Bob?
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Spot Me if You Can: Uncovering Spoken Phrases in Encrypted VoIP Conversations
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Shining Light in Dark Places: Understanding the Tor Network
PETS '08 Proceedings of the 8th international symposium on Privacy Enhancing Technologies
Proceedings of the 2009 ACM workshop on Cloud computing security
Fingerprinting websites using traffic analysis
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
Sampled traffic analysis by internet-exchange-level adversaries
PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
Fingerprinting websites using remote traffic analysis
Proceedings of the 17th ACM conference on Computer and communications security
Estimating continuous distributions in Bayesian classifiers
UAI'95 Proceedings of the Eleventh conference on Uncertainty in artificial intelligence
The traffic analysis of continuous-time mixes
PET'04 Proceedings of the 4th international conference on Privacy Enhancing Technologies
Privacy vulnerabilities in encrypted HTTP streams
PET'05 Proceedings of the 5th international conference on Privacy Enhancing Technologies
Spying in the dark: TCP and tor traffic analysis
PETS'12 Proceedings of the 12th international conference on Privacy Enhancing Technologies
Enhancing Tor's performance using real-time traffic classification
Proceedings of the 2012 ACM conference on Computer and communications security
Proceedings of the 2012 ACM conference on Computer and communications security
StegoTorus: a camouflage proxy for the Tor anonymity system
Proceedings of the 2012 ACM conference on Computer and communications security
Touching from a distance: website fingerprinting attacks and defenses
Proceedings of the 2012 ACM conference on Computer and communications security
Dissent in numbers: making strong anonymity scale
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Improved website fingerprinting on Tor
Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society
ScrambleSuit: a polymorphic network protocol to circumvent censorship
Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society
A tool for estimating information leakage
CAV'13 Proceedings of the 25th international conference on Computer Aided Verification
Proactively accountable anonymous messaging in verdict
SEC'13 Proceedings of the 22nd USENIX conference on Security
DupLESS: server-aided encryption for deduplicated storage
SEC'13 Proceedings of the 22nd USENIX conference on Security
Hi-index | 0.00 |
Low-latency anonymization networks such as Tor and JAP claim to hide the recipient and the content of communications from a local observer, i.e., an entity that can eavesdrop the traffic between the user and the first anonymization node. Especially users in totalitarian regimes strongly depend on such networks to freely communicate. For these people, anonymity is particularly important and an analysis of the anonymization methods against various attacks is necessary to ensure adequate protection. In this paper we show that anonymity in Tor and JAP is not as strong as expected so far and cannot resist website fingerprinting attacks under certain circumstances. We first define features for website fingerprinting solely based on volume, time, and direction of the traffic. As a result, the subsequent classification becomes much easier. We apply support vector machines with the introduced features. We are able to improve recognition results of existing works on a given state-of-the-art dataset in Tor from 3% to 55% and in JAP from 20% to 80%. The datasets assume a closed-world with 775 websites only. In a next step, we transfer our findings to a more complex and realistic open-world scenario, i.e., recognition of several websites in a set of thousands of random unknown websites. To the best of our knowledge, this work is the first successful attack in the open-world scenario. We achieve a surprisingly high true positive rate of up to 73% for a false positive rate of 0.05%. Finally, we show preliminary results of a proof-of-concept implementation that applies camouflage as a countermeasure to hamper the fingerprinting attack. For JAP, the detection rate decreases from 80% to 4% and for Tor it drops from 55% to about 3%.