A critical evaluation of website fingerprinting attacks

Marc Juarez; Sadia Afroz; Gunes Acar; Claudia Diaz; Rachel Greenstadt

doi:10.1145/2660267.2660368

A critical evaluation of website fingerprinting attacks

Marc Juarez, Sadia Afroz, Gunes Acar, Claudia Diaz, Rachel Greenstadt

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Recent studies on Website Fingerprinting (WF) claim to have found highly effective attacks on Tor. However, these studies make assumptions about user settings, adversary capabilities, and the nature of the Web that do not necessarily hold in practical scenarios. The following study critically evaluates these assumptions by conducting the attack where the assumptions do not hold. We show that certain variables, for example, user's browsing habits, differences in location and version of Tor Browser Bundle, that are usually omitted from the current WF model have a significant impact on the efficacy of the attack. We also empirically show how prior work succumbs to the base rate fallacy in the open-world scenario. We address this problem by augmenting our classification method with a verification step. We conclude that even though this approach reduces the number of false positives over 63%, it does not completely solve the problem, which remains an open issue for WF attacks. Copyright is held by the owner/author(s).

Original language	English (US)
Title of host publication	Proceedings of the ACM Conference on Computer and Communications Security
Publisher	Association for Computing Machinery
Pages	263-274
Number of pages	12
ISBN (Print)	9781450329576
DOIs	https://doi.org/10.1145/2660267.2660368
State	Published - Nov 3 2014
Event	21st ACM Conference on Computer and Communications Security, CCS 2014 - Scottsdale, United States Duration: Nov 3 2014 → Nov 7 2014

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)	1543-7221

Other

Other	21st ACM Conference on Computer and Communications Security, CCS 2014
Country/Territory	United States
City	Scottsdale
Period	11/3/14 → 11/7/14

Keywords

Privacy
Tor
Website Fingerprinting

ASJC Scopus subject areas

Software
Computer Networks and Communications

Access to Document

10.1145/2660267.2660368

Cite this

Juarez, M., Afroz, S., Acar, G., Diaz, C., & Greenstadt, R. (2014). A critical evaluation of website fingerprinting attacks. In Proceedings of the ACM Conference on Computer and Communications Security (pp. 263-274). (Proceedings of the ACM Conference on Computer and Communications Security). Association for Computing Machinery. https://doi.org/10.1145/2660267.2660368

A critical evaluation of website fingerprinting attacks. / Juarez, Marc; Afroz, Sadia; Acar, Gunes et al.
Proceedings of the ACM Conference on Computer and Communications Security. Association for Computing Machinery, 2014. p. 263-274 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Juarez, M, Afroz, S, Acar, G, Diaz, C & Greenstadt, R 2014, A critical evaluation of website fingerprinting attacks. in Proceedings of the ACM Conference on Computer and Communications Security. Proceedings of the ACM Conference on Computer and Communications Security, Association for Computing Machinery, pp. 263-274, 21st ACM Conference on Computer and Communications Security, CCS 2014, Scottsdale, United States, 11/3/14. https://doi.org/10.1145/2660267.2660368

@inproceedings{7622792c5c5048bfba22f6113de45dcd,

title = "A critical evaluation of website fingerprinting attacks",

abstract = "Recent studies on Website Fingerprinting (WF) claim to have found highly effective attacks on Tor. However, these studies make assumptions about user settings, adversary capabilities, and the nature of the Web that do not necessarily hold in practical scenarios. The following study critically evaluates these assumptions by conducting the attack where the assumptions do not hold. We show that certain variables, for example, user's browsing habits, differences in location and version of Tor Browser Bundle, that are usually omitted from the current WF model have a significant impact on the efficacy of the attack. We also empirically show how prior work succumbs to the base rate fallacy in the open-world scenario. We address this problem by augmenting our classification method with a verification step. We conclude that even though this approach reduces the number of false positives over 63%, it does not completely solve the problem, which remains an open issue for WF attacks. Copyright is held by the owner/author(s).",

keywords = "Privacy, Tor, Website Fingerprinting",

author = "Marc Juarez and Sadia Afroz and Gunes Acar and Claudia Diaz and Rachel Greenstadt",

year = "2014",

month = nov,

day = "3",

doi = "10.1145/2660267.2660368",

language = "English (US)",

isbn = "9781450329576",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery",

pages = "263--274",

booktitle = "Proceedings of the ACM Conference on Computer and Communications Security",

note = "21st ACM Conference on Computer and Communications Security, CCS 2014 ; Conference date: 03-11-2014 Through 07-11-2014",

}

TY - GEN

T1 - A critical evaluation of website fingerprinting attacks

AU - Juarez, Marc

AU - Afroz, Sadia

AU - Acar, Gunes

AU - Diaz, Claudia

AU - Greenstadt, Rachel

PY - 2014/11/3

Y1 - 2014/11/3

N2 - Recent studies on Website Fingerprinting (WF) claim to have found highly effective attacks on Tor. However, these studies make assumptions about user settings, adversary capabilities, and the nature of the Web that do not necessarily hold in practical scenarios. The following study critically evaluates these assumptions by conducting the attack where the assumptions do not hold. We show that certain variables, for example, user's browsing habits, differences in location and version of Tor Browser Bundle, that are usually omitted from the current WF model have a significant impact on the efficacy of the attack. We also empirically show how prior work succumbs to the base rate fallacy in the open-world scenario. We address this problem by augmenting our classification method with a verification step. We conclude that even though this approach reduces the number of false positives over 63%, it does not completely solve the problem, which remains an open issue for WF attacks. Copyright is held by the owner/author(s).

AB - Recent studies on Website Fingerprinting (WF) claim to have found highly effective attacks on Tor. However, these studies make assumptions about user settings, adversary capabilities, and the nature of the Web that do not necessarily hold in practical scenarios. The following study critically evaluates these assumptions by conducting the attack where the assumptions do not hold. We show that certain variables, for example, user's browsing habits, differences in location and version of Tor Browser Bundle, that are usually omitted from the current WF model have a significant impact on the efficacy of the attack. We also empirically show how prior work succumbs to the base rate fallacy in the open-world scenario. We address this problem by augmenting our classification method with a verification step. We conclude that even though this approach reduces the number of false positives over 63%, it does not completely solve the problem, which remains an open issue for WF attacks. Copyright is held by the owner/author(s).

KW - Privacy

KW - Tor

KW - Website Fingerprinting

UR - http://www.scopus.com/inward/record.url?scp=84910669063&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84910669063&partnerID=8YFLogxK

U2 - 10.1145/2660267.2660368

DO - 10.1145/2660267.2660368

M3 - Conference contribution

AN - SCOPUS:84910669063

SN - 9781450329576

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 263

EP - 274

BT - Proceedings of the ACM Conference on Computer and Communications Security

PB - Association for Computing Machinery

T2 - 21st ACM Conference on Computer and Communications Security, CCS 2014

Y2 - 3 November 2014 through 7 November 2014

ER -

A critical evaluation of website fingerprinting attacks

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this