This file was created by the TYPO3 extension
bib
--- Timezone: CEST
Creation date: 2024-07-04
Creation time: 09-29-27
--- Number of references
3
inproceedings
2020_delacadena_trafficsliver
TrafficSliver: Fighting Website Fingerprinting Attacks with Traffic Splitting
2020
11
12
1971-1985
Website fingerprinting (WFP) aims to infer information about the content of encrypted and anonymized connections by observing patterns of data flows based on the size and direction of packets. By collecting traffic traces at a malicious Tor entry node — one of the weakest adversaries in the attacker model of Tor — a passive eavesdropper can leverage the captured meta-data to reveal the websites visited by a Tor user. As recently shown, WFP is significantly more effective and realistic than assumed. Concurrently, former WFP defenses are either infeasible for deployment in real-world settings or defend against specific WFP attacks only.
To limit the exposure of Tor users to WFP, we propose novel lightweight WFP defenses, TrafficSliver, which successfully counter today’s WFP classifiers with reasonable bandwidth and latency overheads and, thus, make them attractive candidates for adoption in Tor. Through user-controlled splitting of traffic over multiple Tor entry nodes, TrafficSliver limits the data a single entry node can observe and distorts repeatable traffic patterns exploited by WFP attacks. We first propose a network-layer defense, in which we apply the concept of multipathing entirely within the Tor network. We show that our network-layer defense reduces the accuracy from more than 98% to less than 16% for all state-of-the-art WFP attacks without adding any artificial delays or dummy traffic. We further suggest an elegant client-side application-layer defense, which is independent of the underlying anonymization network. By sending single HTTP requests for different web objects over distinct Tor entry nodes, our application-layer defense reduces the detection rate of WFP classifiers by almost 50 percentage points. Although it offers lower protection than our network-layer defense, it provides a security boost at the cost of a very low implementation overhead and is fully compatible with today’s Tor network.
Traffic Analysis; Website Fingerprinting; Privacy; Anonymous Communication; Onion Routing; Web Privacy
https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-delacadena-trafficsliver.pdf
https://github.com/TrafficSliver
ACM
Proceedings of the 27th ACM SIGSAC Conference on Computer and Communications Security (CCS '20), November 9-13, 2020, Orlando, FL, USA
Virtual Event, USA
November 9-13, 2020
978-1-4503-7089-9/20/11
10.1145/3372297.3423351
1
WladimirDe la Cadena
AsyaMitseva
JensHiller
JanPennekamp
SebastianReuter
JulianFilter
KlausWehrle
ThomasEngel
AndriyPanchenko
inproceedings
2020-hiller-ccs-crosssigning
The Boon and Bane of Cross-Signing: Shedding Light on a Common Practice in Public Key Infrastructures
2020
11
11
1289-1306
PKI; X.509; SSL; TLS; cross-signing; cross certification
https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-hiller-ccs-cross_signing.pdf
https://github.com/pki-xs-analysis
ACM
New York, NY, USA
Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS ’20), November 9–13, 2020, Virtual Event, USA.
Orlando, FL, USA
November 9-13, 2020
10.1145/3372297.3423345
1
JensHiller
JohannaAmann
OliverHohlfeld
article
2020-holz-ccr-tls13
Tracking the deployment of TLS 1.3 on the Web: A story of experimentation and centralization
ACM SIGCOMM Computer Communications Review (CCR)
2020
7
50
3
3-15
Selected for the 'Best of CCR' session at SIGCOMM 2021.
https://ccronline.sigcomm.org/wp-content/uploads/2020/08/sigcomm-ccr-paper430-with-open-review.pdf
Association for Computing Machinery
New York, NY, USA
10.1145/3411740.3411742
1
RalphHolz
JensHiller
JohannaAmann
AbbasRazaghpanah
ThomasJost
NarseoVallina-Rodriguez
OliverHohlfeld