AAP: Defending Against Website Fingerprinting Through Burst Obfuscation
Authors: 
Zhenyu Yang, Xi Xiao, Bin Zhang, Guangwu Hu, Qing Li, Qixu LiuAuthors Info & Claims
Zhenyu Yang, Xi Xiao, Bin Zhang, Guangwu Hu, Qing Li, Qixu LiuAuthors Info & ClaimsPages 107 - 121
Abstract
Website fingerprinting enables eavesdroppers to identify the website a user is visiting by network surveillance, even if the traffic is protected by anonymous communication technologies such as Tor. To defend against website fingerprinting attacks, Tor provides a circuit padding framework as the official way to implement padding defenses. However, the circuit padding framework can not support additional delay, which makes most defense schemes unworkable. In this paper, we study the patterns of HTTP requests and responses generated during website loading and analyze how these high-level features correlate with the underlying features of network traffic. We find that the HTTP requests sent and responses received continuously in a short period of time, which we call HTTP burst, have a significant impact on network traffic. Then we propose a novel website fingerprinting defense algorithm, Advanced Adaptive Padding(AAP). The design principle of AAP is similar to Adaptive Padding, which works by obfuscating burst features. AAP does not delay application packets and is in line with the design philosophy of low latency networks such as Tor. Besides, AAP uses a more sensible traffic obfuscation strategy, which makes it more effective. Experiments show that AAP outperforms other zero-delay defenses with moderate bandwidth overhead.
References
[1]
Syverson, P., Dingledine, R., Mathewson, N.: Tor: the secondgeneration onion router. In: Proceedings of the 13th USENIX Security Symposium, (San Diego, CA, USA), pp. 303–320, USENIX Association (2004)
[2]
Sirinam, P., Imani, M., Juarez, M., Wright, M.: Deep fingerprinting: undermining website fingerprinting defenses with deep learning. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS, (Toronto, ON, Canada), pp. 1928–1943 (2018)
[3]
Cherubin, G., Jansen, R., Troncoso, C.: Online website fingerprinting: evaluating website fingerprinting attacks on tor in the real world. In: 31st USENIX Security Symposium (USENIX Security 22), pp. 753–770 (2022)
[4]
Shmatikov V and Wang M-H Gollmann D, Meier J, and Sabelfeld A Timing analysis in low-latency mix networks: attacks and defenses Computer Security – ESORICS 2006 2006 Heidelberg Springer 18-33
[5]
Juarez M, Imani M, Perry M, Diaz C, and Wright M Askoxylakis I, Ioannidis S, Katsikas S, and Meadows C Toward an efficient website fingerprinting defense Computer Security – ESORICS 2016 2016 Cham Springer 27-46
[6]
Dyer, K.P., Coull, S.E., Ristenpart, T., Shrimpton, T.: Peek-a-boo, i still see you: why efficient traffic analysis countermeasures fail. In: 33rd IEEE Symposium on Security and Privacy, pp. 332–346 (2012)
[7]
Cai, X., Nithyanand, R., Johnson, R.: CS-BuFLO: a congestion sensitive website fingerprinting defense. In: Proceedings of the 13th Workshop on Privacy in the Electronic Society, WPES, (Scottsdale, AZ, USA), pp. 121–130. ACM (2014)
[8]
Cai, X., Nithyanand, R., Wang, T., Johnson, R., Goldberg, I.: A systematic approach to developing and evaluating website fingerprinting defenses. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS, (Scottsdale, AZ, USA), pp. 227–238. ACM (2014)
[9]
Lu, D., Bhat, S., Kwon, A., Devadas, S.: DynaFlow: an efficient website fingerprinting defense based on dynamically-adjusting flows. In: Proceedings of the 2018 Workshop on Privacy in the Electronic Society, WPES, (Toronto, Canada), pp. 109–113. ACM (2018)
[10]
Nithyanand, R., Cai, X., Johnson, R.: Glove: a bespoke website fingerprinting defense. In: Proceedings of the 13th Workshop on Privacy in the Electronic Society, pp. 131–134 (2014)
[11]
Wang, T., Cai, X., Nithyanand, R., Johnson, R., Goldberg, I.: Effective attacks and provable defenses for website fingerprinting. In: Proceedings of the 23rd USENIX Security Symposium, (San Diego, CA, USA), pp. 143–157, USENIX Association (2014)
[12]
Wang, T., Goldberg, I.: Walkie-Talkie: an efficient defense against passive website fingerprinting attacks. In: Proceedings of the 26th USENIX Security Symposium, (Vancouver, BC), pp. 1375–1390, USENIX Association (2017)
[13]
Panchenko, A., Niessen, L., Zinnen, A., Engel, T.: Website fingerprinting in onion routing based anonymization networks. In: Proceedings of the 10th annual ACM workshop on Privacy in the electronic society, WPES, (Chicago, IL, USA), pp. 103–114 (2011)
[14]
Luo, X., Zhou, P., Chan, E.W., Lee, W., Chang, R.K., Perdisci, R., et al.: HTTPOS: sealing information leaks with browser-side obfuscation of encrypted flows. In: Proceedings of the Network and Distributed System Security Symposium, NDSS, (San Diego, CA, USA) (2011)
[15]
Cherubin G, Hayes J, and Juárez M Website fingerprinting defenses at the application layer Proc. Priv. Enhan. Technol. 2017 2017 2 186-203
[16]
Cai, X., Zhang, X.C., Joshi, B., Johnson, R.: Touching from a distance: website fingerprinting attacks and defenses. In: Proceedings of the 2012 ACM conference on Computer and communications security, CCS, pp. 605–616. ACM (2012)
[17]
Gong, J., Wang, T.: Zero-delay lightweight defenses against website fingerprinting. In: Proceedings of the 29th USENIX Security Symposium, (Boston, MA, USA), pp. 717–734, USENIX Association (2020)
[18]
Henri S, García G, Serrano P, Banchs A, Thiran P, et al. Protecting against website fingerprinting with multihoming Proc. Priv. Enhan. Technol. 2020 2020 2 89-110
[19]
De la Cadena, W., et al.: TrafficSliver: fighting website fingerprinting attacks with traffic splitting. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, CSS, (Virtual Event, USA), pp. 1971–1985. ACM (2020)
[20]
Hou, C., Gou, G., Shi, J., Fu, P., Xiong, G.: WF-GAN: fighting back against website fingerprinting attack using adversarial learning. In: IEEE Symposium on Computers and Communications, ISCC, (Rennes, France), pp. 1–7. IEEE (2020)
[21]
Xiao, C., Li, B., Zhu, J.-Y., He, W., Liu, M., Song, D.: Generating adversarial examples with adversarial networks. In: Proceedings of the 27th International Joint Conference on Artificial Intelligence, IJCAI, pp. 3905–3911. AAAI (2018)
[22]
Rahman MS, Imani M, Mathews N, and Wright M Mockingbird: defending against deep-learning-based website fingerprinting attacks with adversarial traces IEEE Trans. Inf. Forensics Secur. 2020 16 1594-1609
[23]
Nasr, M., Bahramali, A., Houmansadr, A.: Defeating DNN-based traffic analysis systems in real-time with blind adversarial perturbations. In: Proceedings of the 30th USENIX Security Symposium, (Vancouver, B.C., Canada), pp. 2705–2722, USENIX Association (2021)
[24]
Cortesi, A., Hils, M., Kriechbaumer, T.: mitmproxy: a free and open source interactive HTTPS proxy (2010) [Version 9.0]
[25]
Wang, T., Goldberg, I.: Improved website fingerprinting on tor. In: Proceedings of the 12th ACM Workshop on Workshop on Privacy in the Electronic Society, WPES, (Berlin, Germany), pp. 201–212. ACM (2013)
[26]
Panchenko, A., et al.: Website fingerprinting at internet scale. In: Proceedings of Internet Society Symposium on Network and Distributed Systems Security, (San Diego, CA, USA). IEEE (2016)
Recommendations
Deep Fingerprinting: Undermining Website Fingerprinting Defenses with Deep Learning
CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications SecurityWebsite fingerprinting enables a local eavesdropper to determine which websites a user is visiting over an encrypted connection. State-of-the-art website fingerprinting attacks have been shown to be effective even against Tor. Recently, lightweight ...
RBP: a website fingerprinting obfuscation method against intelligent fingerprinting attacks
AbstractEdge computing has developed rapidly in recent years due to its advantages of low bandwidth overhead and low delay, but it also brings challenges in data security and privacy. Website fingerprinting (WF) is a passive traffic analysis attack that ...
Defending Against Deep Learning-Based Traffic Fingerprinting Attacks With Adversarial Examples
In an increasingly digital and interconnected world, online anonymity and privacy are paramount issues for Internet users. To address this, tools like The Onion Router (Tor) offer anonymous and private communication by routing traffic through multiple ...
Comments
Information & Contributors
Information
Published In
Aug 2023
669 pages
ISBN:978-3-031-46676-2
DOI:10.1007/978-3-031-46677-9
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2023.
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 05 November 2023
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 01 Jan 2025