Enhancing Tor's performance using real-time traffic classification
Proceedings of the 2012 ACM conference on Computer and communications security
Proceedings of the 2012 ACM conference on Computer and communications security
Touching from a distance: website fingerprinting attacks and defenses
Proceedings of the 2012 ACM conference on Computer and communications security
Who do you sync you are?: smartphone fingerprinting via application behaviour
Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks
Approaches to adversarial drift
Proceedings of the 2013 ACM workshop on Artificial intelligence and security
Improved website fingerprinting on Tor
Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society
ScrambleSuit: a polymorphic network protocol to circumvent censorship
Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society
Passive remote source NAT detection using behavior statistics derived from netflow
AIMS'13 Proceedings of the 7th IFIP WG 6.6 international conference on Autonomous Infrastructure, Management, and Security: emerging management mechanisms for the future internet - Volume 7943
DupLESS: server-aided encryption for deduplicated storage
SEC'13 Proceedings of the 22nd USENIX conference on Security
Hi-index | 0.00 |
We consider the setting of HTTP traffic over encrypted tunnels, as used to conceal the identity of websites visited by a user. It is well known that traffic analysis (TA) attacks can accurately identify the website a user visits despite the use of encryption, and previous work has looked at specific attack/countermeasure pairings. We provide the first comprehensive analysis of general-purpose TA countermeasures. We show that nine known countermeasures are vulnerable to simple attacks that exploit coarse features of traffic (e.g., total time and bandwidth). The considered countermeasures include ones like those standardized by TLS, SSH, and IPsec, and even more complex ones like the traffic morphing scheme of Wright et al. As just one of our results, we show that despite the use of traffic morphing, one can use only total upstream and downstream bandwidth to identify--with 98% accuracy --which of two websites was visited. One implication of what we find is that, in the context of website identification, it is unlikely that bandwidth-efficient, general-purpose TA countermeasures can ever provide the type of security targeted in prior work.