TY - GEN
T1 - How unique is your .onion? An analysis of the fingerprintability of tor onion services
AU - Overdorf, Rebekah
AU - Juarez, Marc
AU - Acar, Gunes
AU - Greenstadt, Rachel
AU - Diaz, Claudia
N1 - Publisher Copyright:
© 2017 author(s).
PY - 2017/10/30
Y1 - 2017/10/30
N2 - Recent studies have shown that Tor onion (hidden) service websites are particularly vulnerable to website ingerprinting attacks due to their limited number and sensitive nature. In this work we present a multi-level feature analysis of onion site ingerprintability, considering three state-of-the-art website ingerprinting methods and 482 Tor onion services, making this the largest analysis of this kind completed on onion services to date. Prior studies typically report average performance results for a given website ingerprinting method or countermeasure. We investigate which sites are more or less vulnerable to ingerprinting and which features make them so. We ind that there is a high variability in the rate at which sites are classiied (and misclassiied) by these attacks, implying that average performance igures may not be informative of the risks that website ingerprinting attacks pose to particular sites. We analyze the features exploited by the diferent website ingerprinting methods and discuss what makes onion service sites more or less easily identiiable, both in terms of their traic traces as well as their webpage design. We study misclassiications to understand how onion services sites can be redesigned to be less vulnerable to website ingerprinting attacks. Our results also inform the design of website ingerprinting countermeasures and their evaluation considering disparate impact across sites.
AB - Recent studies have shown that Tor onion (hidden) service websites are particularly vulnerable to website ingerprinting attacks due to their limited number and sensitive nature. In this work we present a multi-level feature analysis of onion site ingerprintability, considering three state-of-the-art website ingerprinting methods and 482 Tor onion services, making this the largest analysis of this kind completed on onion services to date. Prior studies typically report average performance results for a given website ingerprinting method or countermeasure. We investigate which sites are more or less vulnerable to ingerprinting and which features make them so. We ind that there is a high variability in the rate at which sites are classiied (and misclassiied) by these attacks, implying that average performance igures may not be informative of the risks that website ingerprinting attacks pose to particular sites. We analyze the features exploited by the diferent website ingerprinting methods and discuss what makes onion service sites more or less easily identiiable, both in terms of their traic traces as well as their webpage design. We study misclassiications to understand how onion services sites can be redesigned to be less vulnerable to website ingerprinting attacks. Our results also inform the design of website ingerprinting countermeasures and their evaluation considering disparate impact across sites.
KW - Anonymous communications systems
KW - Tor
KW - Web privacy
KW - Website ingerprinting
UR - http://www.scopus.com/inward/record.url?scp=85041437456&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85041437456&partnerID=8YFLogxK
U2 - 10.1145/3133956.3134005
DO - 10.1145/3133956.3134005
M3 - Conference contribution
AN - SCOPUS:85041437456
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 2021
EP - 2036
BT - CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security
PB - Association for Computing Machinery
T2 - 24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017
Y2 - 30 October 2017 through 3 November 2017
ER -