Splitting Hairs and Network Traces: Improved Attacks Against Traffic Splitting as a Website Fingerprinting Defense
Authors: 
Matthias Beckerle, Jonathan Magnusson, and Tobias PullsAuthors Info & Claims
Matthias Beckerle, Jonathan Magnusson, and Tobias PullsAuthors Info & ClaimsNovember 2022
Pages 15 - 27
Abstract
The widespread use of encryption and anonymization technologies---e.g., HTTPS, VPNs, Tor, and iCloud Private Relay---makes network attackers likely to resort to traffic analysis to learn of client activity. For web traffic, such analysis of encrypted traffic is referred to as Website Fingerprinting (WF). WF attacks have improved greatly in large parts thanks to advancements in Deep Learning (DL). In 2019, a new category of defenses was proposed: traffic splitting, where traffic from the client is split over two or more network paths with the assumption that some paths are unobservable by the attacker.
In this paper, we take a look at three recently proposed defenses based on traffic splitting: HyWF, CoMPS, and TrafficSliver BWR5. We analyze real-world and simulated datasets for all three defenses to better understand their splitting strategies and effectiveness as defenses. Using our improved DL attack Maturesc on real-world datasets, we improve the classification accuracy wrt. state-of-the-art from 49.2% to 66.7% for HyWF, the F1 score from 32.9% to 72.4% for CoMPS, and the accuracy from 8.07% to 53.8% for TrafficSliver BWR5. We find that a majority of wrongly classified traces contain less than a couple hundred of packets/cells: e.g., in every dataset 25% of traces contain less than 155 packets. What cannot be observed cannot be classified. Our results show that the proposed traffic splitting defenses on average provide less protection against WF attacks than simply randomly selecting one path and sending all traffic over that path.
References
[1]
Kota Abe and Shigeki Goto. 2016. Fingerprinting attack on Tor anonymity using deep learning. Proceedings of the Asia-Pacific Advanced Network, Vol. 42 (2016), 15--20.
[2]
Daniel Agnew. 2020. Google Trends Reveals Surge in Demand for VPN. https://www.namecheap.com/blog/vpn-surge-in-demand/.
[3]
Masoud Akhoondi, Curtis Yu, and Harsha V. Madhyastha. 2012. LASTor: A Low-Latency AS-Aware Tor Client. In IEEE Symposium on Security and Privacy, SP 2012, 21--23 May 2012, San Francisco, California, USA. IEEE Computer Society, 476--490. https://doi.org/10.1109/SP.2012.35
[4]
Mashael AlSabah, Kevin Bauer, Tariq Elahi, and Ian Goldberg. 2013. The path less travelled: Overcoming Tor's bottlenecks with traffic splitting. In PETS.
[5]
Apple. 2021. iCloud Private Relay Overview. https://www.apple.com/privacy/docs/iCloud_Private_Relay _ Overview_Dec2021.PDF.
[6]
Sanjit Bhat, David Lu, Albert Kwon, and Srinivas Devadas. 2019. Var-CNN: A Data-Efficient Website Fingerprinting Attack Based on Deep Learning. Proc. Priv. Enhancing Technol., Vol. 2019, 4 (2019), 292--310. https://doi.org/10.2478/popets-2019-0070
[7]
Xiang Cai, Rishab Nithyanand, Tao Wang, Rob Johnson, and Ian Goldberg. 2014. A Systematic Approach to Developing and Evaluating Website Fingerprinting Defenses. In ACM SIGSAC. 227--238. https://doi.org/10.1145/2660267.2660362
[8]
Heyning Cheng and Ron Avnur. 1998. Traffic analysis of SSL encrypted web browsing. Project paper, University of Berkeley (1998).
[9]
Debajyoti Das, Sebastian Meiser, Esfandiar Mohammadi, and Aniket Kate. 2018. Anonymity Trilemma: Strong Anonymity, Low Bandwidth Overhead, Low Latency - Choose Two. In IEEE SP. 108--126. https://doi.org/10.1109/SP.2018.00011
[10]
Debajyoti Das, Sebastian Meiser, Esfandiar Mohammadi, and Aniket Kate. 2020. Comprehensive Anonymity Trilemma: User Coordination is not enough. Proc. Priv. Enhancing Technol., Vol. 2020, 3 (2020), 356--383. https://doi.org/10.2478/popets-2020-0056
[11]
Roger Dingledine, Nick Mathewson, and Paul F. Syverson. 2004. Tor: The Second-Generation Onion Router. In USENIX Security.
[12]
Jason A. Donenfeld. 2017. WireGuard: Next Generation Kernel Network Tunnel. In 24th Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, February 26 - March 1, 2017. The Internet Society.
[13]
Matthew Edman and Paul F. Syverson. 2009. As-awareness in Tor path selection. In Proceedings of the 2009 ACM Conference on Computer and Communications Security, CCS 2009, Chicago, Illinois, USA, November 9--13, 2009, Ehab Al-Shaer, Somesh Jha, and Angelos D. Keromytis (Eds.). ACM, 380--389. https://doi.org/10.1145/1653662.1653708
[14]
Nick Feamster and Roger Dingledine. 2004. Location diversity in anonymity networks. In Proceedings of the 2004 ACM Workshop on Privacy in the Electronic Society, WPES 2004, Washington, DC, USA, October 28, 2004, Vijay Atluri, Paul F. Syverson, and Sabrina De Capitani di Vimercati (Eds.). ACM, 66--76. https://doi.org/10.1145/1029179.1029199
[15]
Adrienne Porter Felt, Richard Barnes, April King, Chris Palmer, Chris Bentzel, and Parisa Tabriz. 2017. Measuring HTTPS Adoption on the Web. In 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, August 16--18, 2017, Engin Kirda and Thomas Ristenpart (Eds.). USENIX Association, 1323--1338. https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/felt
[16]
Simone Ferlin, Ö zgü Alay, Olivier Mehani, and Roksana Boreli. 2016. BLEST: Blocking estimation-based MPTCP scheduler for heterogeneous networks. In 2016 IFIP Networking Conference, Networking 2016 and Workshops, Vienna, Austria, May 17--19, 2016. IEEE Computer Society, 431--439. https://doi.org/10.1109/IFIPNetworking.2016.7497206
[17]
Jiajun Gong and Tao Wang. 2020. Zero-delay Lightweight Defenses against Website Fingerprinting. In 29th USENIX Security Symposium, USENIX Security 2020, August 12--14, 2020, Srdjan Capkun and Franziska Roesner (Eds.). USENIX Association, 717--734. https://www.usenix.org/conference/usenixsecurity20/presentation/gong
[18]
David Goulet and Mike Perry. 2020. Overcoming Tor's Bottlenecks with Traffic Splitting. /https://gitlab.torproject.org/tpo/core/torspec/-/raw/main/proposals/329-traffic-splitting.txt.
[19]
Jamie Hayes and George Danezis. 2015. Guard Sets for Onion Routing. PETS (2015).
[20]
Jamie Hayes and George Danezis. 2016. k-fingerprinting: A Robust Scalable Website Fingerprinting Technique. In 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10--12, 2016., Thorsten Holz and Stefan Savage (Eds.). USENIX Association, 1187--1203. https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/hayes
[21]
Kaiming He, Xiangyu Zhang, Shaoqing Ren, and Jian Sun. 2016. Deep residual learning for image recognition. In Proceedings of the IEEE conference on computer vision and pattern recognition. 770--778.
[22]
Tong He, Zhi Zhang, Hang Zhang, Zhongyue Zhang, Junyuan Xie, and Mu Li. 2019. Bag of tricks for image classification with convolutional neural networks. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 558--567.
[23]
Sé bastien Henri, Gines Garcia-Aviles, Pablo Serrano, Albert Banchs, and Patrick Thiran. 2020. Protecting against Website Fingerprinting with Multihoming. PETS (2020). https://doi.org/10.2478/popets-2020-0019
[24]
Dominik Herrmann, Rolf Wendolsky, and Hannes Federrath. 2009. Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial na"i ve-bayes classifier. In CCSW.
[25]
Andrew Hintz. 2002. Fingerprinting Websites Using Traffic Analysis. In PET.
[26]
Paul E. Hoffman and Patrick McManus. 2018. DNS Queries over HTTPS (DoH). RFC 8484. https://doi.org/10.17487/RFC8484
[27]
James K Holland and Nicholas Hopper. 2022. RegulaTor: A Straightforward Website Fingerprinting Defense. PETS (2022).
[28]
Jeremy Howard and Sylvain Gugger. 2020. Fastai: a layered API for deep learning. Information, Vol. 11, 2 (2020), 108.
[29]
Zi Hu, Liang Zhu, John Heidemann, Allison Mankin, Duane Wessels, and Paul E. Hoffman. 2016. Specification for DNS over Transport Layer Security (TLS). RFC 7858. https://doi.org/10.17487/RFC7858
[30]
Christian Huitema, Sara Dickinson, and Allison Mankin. 2022. DNS over Dedicated QUIC Connections. RFC 9250. https://doi.org/10.17487/RFC9250
[31]
Per Hurtig, Karl-Johan Grinnemo, Anna Brunströ m, Simone Ferlin, Ozgu Alay, and Nicolas Kuhn. 2019. Low-Latency Scheduling in MPTCP. IEEE/ACM Trans. Netw., Vol. 27, 1 (2019), 302--315. https://doi.org/10.1109/TNET.2018.2884791
[32]
Jana Iyengar and Martin Thomson. 2021. QUIC: A UDP-Based Multiplexed and Secure Transport. RFC 9000. https://doi.org/10.17487/RFC9000
[33]
Aaron Johnson, Chris Wacek, Rob Jansen, Micah Sherr, and Paul F. Syverson. 2013. Users get routed: traffic correlation on tor by realistic adversaries. In 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS'13, Berlin, Germany, November 4--8, 2013, Ahmad-Reza Sadeghi, Virgil D. Gligor, and Moti Yung (Eds.). ACM, 337--348. https://doi.org/10.1145/2508859.2516651
[34]
Marc Juá rez, Sadia Afroz, Gunes Acar, Claudia D'i az, and Rachel Greenstadt. 2014. A Critical Evaluation of Website Fingerprinting Attacks. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, November 3--7, 2014, Gail-Joon Ahn, Moti Yung, and Ninghui Li (Eds.). ACM, 263--274. https://doi.org/10.1145/2660267.2660368
[35]
Marc Juá rez, Mohsen Imani, Mike Perry, Claudia D'i az, and Matthew Wright. 2016. Toward an Efficient Website Fingerprinting Defense. In ESORICS. 27--46. https://doi.org/10.1007/978--3--319--45744--4_2
[36]
Wladimir De la Cadena, Asya Mitseva, Jens Hiller, Jan Pennekamp, Sebastian Reuter, Julian Filter, Thomas Engel, Klaus Wehrle, and Andriy Panchenko. 2020. TrafficSliver: Fighting Website Fingerprinting Attacks with Traffic Splitting. In CCS.
[37]
Wladimir De la Cadena, Asya Mitseva, Jan Pennekamp, Jens Hiller, Fabian Lanze, Thomas Engel, Klaus Wehrle, and Andriy Panchenko. 2019. POSTER: Traffic Splitting to Counter Website Fingerprinting. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS 2019, London, UK, November 11--15, 2019, Lorenzo Cavallaro, Johannes Kinder, XiaoFeng Wang, and Jonathan Katz (Eds.). ACM, 2533--2535. https://doi.org/10.1145/3319535.3363249
[38]
Yann LeCun, Léon Bottou, Yoshua Bengio, and Patrick Haffner. 1998. Gradient-based learning applied to document recognition. Proc. IEEE, Vol. 86, 11 (1998), 2278--2324.
[39]
Marc Liberatore and Brian Neil Levine. 2006. Inferring the source of encrypted HTTP connections. In CCS.
[40]
Yeon-sup Lim, Erich M. Nahum, Don Towsley, and Richard J. Gibbens. 2017. ECF: An MPTCP Path Scheduler to Manage Heterogeneous Paths. In Proceedings of the 13th International Conference on emerging Networking EXperiments and Technologies, CoNEXT 2017, Incheon, Republic of Korea, December 12 - 15, 2017. ACM, 147--159. https://doi.org/10.1145/3143361.3143376
[41]
Xiapu Luo, Peng Zhou, Edmond W. W. Chan, Wenke Lee, Rocky K. C. Chang, and Roberto Perdisci. 2011. HTTPOS: Sealing Information Leaks with Browser-side Obfuscation of Encrypted Flows. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2011, San Diego, California, USA, 6th February - 9th February 2011. The Internet Society. https://www.ndss-symposium.org/ndss2011/httpos-sealing-information-leaks-with-browser-side-obfuscation-of-encrypted-flows
[42]
Jonathan Magnusson. 2021. Evaluation of a Proposed Traffic-Splitting Defence for Tor: Using Directional Time and Simulation Against TrafficSliver. Master's thesis. Karlstad University, Department of Mathematics and Computer Science.
[43]
Rishab Nithyanand, Xiang Cai, and Rob Johnson. 2014. Glove: A Bespoke Website Fingerprinting Defense. In Proceedings of the 13th Workshop on Privacy in the Electronic Society, WPES 2014, Scottsdale, AZ, USA, November 3, 2014, Gail-Joon Ahn and Anupam Datta (Eds.). ACM, 131--134. https://doi.org/10.1145/2665943.2665950
[44]
Andriy Panchenko, Fabian Lanze, Jan Pennekamp, Thomas Engel, Andreas Zinnen, Martin Henze, and Klaus Wehrle. 2016. Website Fingerprinting at Internet Scale. In NDSS.
[45]
Andriy Panchenko, Lukas Niessen, Andreas Zinnen, and Thomas Engel. 2011. Website fingerprinting in onion routing based anonymization networks. In Proceedings of the 10th annual ACM workshop on Privacy in the electronic society, WPES 2011, Chicago, IL, USA, October 17, 2011, Yan Chen and Jaideep Vaidya (Eds.). ACM, 103--114. https://doi.org/10.1145/2046556.2046570
[46]
Adam Paszke, Sam Gross, Francisco Massa, Adam Lerer, James Bradbury, Gregory Chanan, Trevor Killeen, Zeming Lin, Natalia Gimelshein, Luca Antiga, et al. 2019. Pytorch: An imperative style, high-performance deep learning library. Advances in neural information processing systems, Vol. 32 (2019).
[47]
Mike Perry. 2013. A Critique of Website Traffic Fingerprinting Attacks. https://blog.torproject.org/critique-website-traffic-fingerprinting-attacks.
[48]
Andreas Pfitzmann and Marit Hansen. 2010. A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management.
[49]
Tobias Pulls and Rasmus Dahlberg. 2020. Website Fingerprinting with Website Oracles. PETS (2020).
[50]
Mohammad Saidur Rahman, Payap Sirinam, Nate Mathews, Kantha Girish Gangadhara, and Matthew Wright. 2020. Tik-Tok: The Utility of Packet Timing in Website Fingerprinting Attacks. Proc. Priv. Enhancing Technol., Vol. 2020, 3 (2020), 5--24. https://doi.org/10.2478/popets-2020-0043
[51]
Reethika Ramesh, Leonid Evdokimov, Diwen Xue, and Roya Ensafi. 2022. VPNalyzer: Systematic Investigation of the VPN Ecosystem. In Network and Distributed System Security.
[52]
Vera Rimmer, Davy Preuveneers, Marc Juá rez, Tom van Goethem, and Wouter Joosen. 2018. Automated Website Fingerprinting through Deep Learning. In NDSS. http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2018/02/ndss2018_03A-1_Rimmer_paper.pdf
[53]
Vera Rimmer, Theodor Schnitzler, Tom van Goethem, Abel Rodr'i guez Romero, Wouter Joosen, and Katharina Kohls. 2022. Trace Oddity: Methodologies for Data-Driven Traffic Analysis on Tor. Proc. Priv. Enhancing Technol., Vol. 2022, 3 (2022), 314--335. https://doi.org/10.56553/popets-2022-0074
[54]
Andrei Serjantov and Steven J. Murdoch. 2005. Message Splitting Against the Partial Adversary. In Privacy Enhancing Technologies, 5th International Workshop, PET 2005, Cavtat, Croatia, May 30-June 1, 2005, Revised Selected Papers (Lecture Notes in Computer Science, Vol. 3856), George Danezis and David M. Martin Jr. (Eds.). Springer, 26--39. https://doi.org/10.1007/11767831_3
[55]
Payap Sirinam, Mohsen Imani, Marc Juá rez, and Matthew Wright. 2018. Deep Fingerprinting: Undermining Website Fingerprinting Defenses with Deep Learning. In CCS.
[56]
Leslie N Smith. 2018. A disciplined approach to neural network hyper-parameters: Part 1-learning rate, batch size, momentum, and weight decay. arXiv preprint arXiv:1803.09820 (2018).
[57]
Robin A Snader. 2009. Path selection for performance-and security-improved onion routing. University of Illinois at Urbana-Champaign.
[58]
Qixiang Sun, Daniel R. Simon, Yi-Min Wang, Wilf Russell, Venkata N. Padmanabhan, and Lili Qiu. 2002. Statistical Identification of Encrypted Web Browsing Traffic. In IEEE S&P.
[59]
Chris Wacek, Henry Tan, Kevin S. Bauer, and Micah Sherr. 2013. An Empirical Evaluation of Relay Selection in Tor. In 20th Annual Network and Distributed System Security Symposium, NDSS 2013, San Diego, California, USA, February 24--27, 2013. The Internet Society. https://www.ndss-symposium.org/ndss2013/empirical-evaluation-relay-selection-tor
[60]
Mona Wang, Anunay Kulshrestha, Liang Wang, and Prateek Mittal. 2022. Leveraging strategic connection migration-powered traffic splitting for privacy. PETS (2022).
[61]
Tao Wang, Kevin S. Bauer, Clara Forero, and Ian Goldberg. 2012. Congestion-Aware Path Selection for Tor. In Financial Cryptography and Data Security - 16th International Conference, FC 2012, Kralendijk, Bonaire, Februray 27-March 2, 2012, Revised Selected Papers (Lecture Notes in Computer Science, Vol. 7397), Angelos D. Keromytis (Ed.). Springer, 98--113. https://doi.org/10.1007/978--3--642--32946--3_9
[62]
Tao Wang, Xiang Cai, Rishab Nithyanand, Rob Johnson, and Ian Goldberg. 2014. Effective Attacks and Provable Defenses for Website Fingerprinting. In USENIX Security. 143--157. https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/wang_tao
[63]
Tao Wang and Ian Goldberg. 2016. On Realistically Attacking Tor with Website Fingerprinting. PoPETs, Vol. 2016, 4 (2016), 21--36. https://doi.org/10.1515/popets-2016-0027
[64]
Tao Wang and Ian Goldberg. 2017. Walkie-Talkie: An Efficient Defense Against Passive Website Fingerprinting Attacks. In 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, August 16--18, 2017, Engin Kirda and Thomas Ristenpart (Eds.). USENIX Association, 1375--1390. https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-tao
Index Terms
- Splitting Hairs and Network Traces: Improved Attacks Against Traffic Splitting as a Website Fingerprinting Defense
Recommendations
TrafficSliver: Fighting Website Fingerprinting Attacks with Traffic Splitting
CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications SecurityWebsite fingerprinting (WFP) aims to infer information about the content of encrypted and anonymized connections by observing patterns of data flows based on the size and direction of packets. By collecting traffic traces at a malicious Tor entry node --...
Deep Fingerprinting: Undermining Website Fingerprinting Defenses with Deep Learning
CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications SecurityWebsite fingerprinting enables a local eavesdropper to determine which websites a user is visiting over an encrypted connection. State-of-the-art website fingerprinting attacks have been shown to be effective even against Tor. Recently, lightweight ...
Adversarial Traces for Website Fingerprinting Defense
CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications SecurityWebsite Fingerprinting (WF) is a traffic analysis attack that enables an eavesdropper to infer the victim's web activity even when encrypted and even when using the Tor anonymity system. Using deep learning classifiers, the attack can reach up to 98% ...
Comments
Information & Contributors
Information
Published In
Copyright © 2022 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 07 November 2022
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- The Swedish Internet Foundation
- Mullvad VPN
Conference
CCS '22
Sponsor:
CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security
November 7, 2022
CA, Los Angeles, USA
Acceptance Rates
Overall Acceptance Rate 106 of 355 submissions, 30%
Upcoming Conference
CCS '24
- Sponsor:
- sigsac
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 442Total Downloads
- Downloads (Last 12 months)239
- Downloads (Last 6 weeks)12
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in