This file was created by the TYPO3 extension bib --- Timezone: CEST Creation date: 2024-07-03 Creation time: 09-44-25 --- Number of references 6 inproceedings 2020_delacadena_trafficsliver TrafficSliver: Fighting Website Fingerprinting Attacks with Traffic Splitting 2020 11 12 1971-1985 Website fingerprinting (WFP) aims to infer information about the content of encrypted and anonymized connections by observing patterns of data flows based on the size and direction of packets. By collecting traffic traces at a malicious Tor entry node — one of the weakest adversaries in the attacker model of Tor — a passive eavesdropper can leverage the captured meta-data to reveal the websites visited by a Tor user. As recently shown, WFP is significantly more effective and realistic than assumed. Concurrently, former WFP defenses are either infeasible for deployment in real-world settings or defend against specific WFP attacks only. To limit the exposure of Tor users to WFP, we propose novel lightweight WFP defenses, TrafficSliver, which successfully counter today’s WFP classifiers with reasonable bandwidth and latency overheads and, thus, make them attractive candidates for adoption in Tor. Through user-controlled splitting of traffic over multiple Tor entry nodes, TrafficSliver limits the data a single entry node can observe and distorts repeatable traffic patterns exploited by WFP attacks. We first propose a network-layer defense, in which we apply the concept of multipathing entirely within the Tor network. We show that our network-layer defense reduces the accuracy from more than 98% to less than 16% for all state-of-the-art WFP attacks without adding any artificial delays or dummy traffic. We further suggest an elegant client-side application-layer defense, which is independent of the underlying anonymization network. By sending single HTTP requests for different web objects over distinct Tor entry nodes, our application-layer defense reduces the detection rate of WFP classifiers by almost 50 percentage points. Although it offers lower protection than our network-layer defense, it provides a security boost at the cost of a very low implementation overhead and is fully compatible with today’s Tor network. Traffic Analysis; Website Fingerprinting; Privacy; Anonymous Communication; Onion Routing; Web Privacy ACM Proceedings of the 27th ACM SIGSAC Conference on Computer and Communications Security (CCS '20), November 9-13, 2020, Orlando, FL, USA Virtual Event, USA November 9-13, 2020 978-1-4503-7089-9/20/11 10.1145/3372297.3423351 1 WladimirDe la Cadena AsyaMitseva JensHiller JanPennekamp SebastianReuter JulianFilter KlausWehrle ThomasEngel AndriyPanchenko inproceedings 2019_delacadena_countermeasure POSTER: Traffic Splitting to Counter Website Fingerprinting 2019 11 12 2533-2535 Website fingerprinting (WFP) is a special type of traffic analysis, which aims to infer the websites visited by a user. Recent studies have shown that WFP targeting Tor users is notably more effective than previously expected. Concurrently, state-of-the-art defenses have been proven to be less effective. In response, we present a novel WFP defense that splits traffic over multiple entry nodes to limit the data a single malicious entry can use. Here, we explore several traffic-splitting strategies to distribute user traffic. We establish that our weighted random strategy dramatically reduces the accuracy from nearly 95% to less than 35% for four state-of-the-art WFP attacks without adding any artificial delays or dummy traffic. ACM Proceedings of the 26th ACM SIGSAC Conference on Computer and Communications Security (CCS '19), November 11-15, 2019, London, United Kingdom London, United Kingdom November 11-15, 2019 978-1-4503-6747-9/19/11 10.1145/3319535.3363249 1 WladimirDe la Cadena AsyaMitseva JanPennekamp JensHiller FabianLanze ThomasEngel KlausWehrle AndriyPanchenko inproceedings 2019_pennekamp_multipath Multipathing Traffic to Reduce Entry Node Exposure in Onion Routing 2019 10 7 Users of an onion routing network, such as Tor, depend on its anonymity properties. However, especially malicious entry nodes, which know the client’s identity, can also observe the whole communication on their link to the client and, thus, conduct several de-anonymization attacks. To limit this exposure and to impede corresponding attacks, we propose to multipath traffic between the client and the middle node to reduce the information an attacker can obtain at a single vantage point. To facilitate the deployment, only clients and selected middle nodes need to implement our approach, which works transparently for the remaining legacy nodes. Furthermore, we let clients control the splitting strategy to prevent any external manipulation. Poster Session IEEE Proceedings of the 27th IEEE International Conference on Network Protocols (ICNP '19), October 7-10, 2019, Chicago, IL, USA Chicago, IL, USA 27th IEEE International Conference on Network Protocols (ICNP 2019) 7-10. Oct. 2019 978-1-7281-2700-2 2643-3303 10.1109/ICNP.2019.8888029 1 JanPennekamp JensHiller SebastianReuter WladimirDe la Cadena AsyaMitseva MartinHenze ThomasEngel KlausWehrle AndriyPanchenko inproceedings 2017-panchenko-wpes-fingerprinting Analysis of Fingerprinting Techniques for Tor Hidden Services 2017 10 30 Online ACM Proceedings of the 16th Workshop on Privacy in the Electronic Society (WPES), co-located with the 24th ACM Conference on Computer and Communications Security (CCS), Dallas, TX, USA en 978-1-4503-5175-1 10.1145/3139550.3139564 1 AndriyPanchenko AsyaMitseva MartinHenze FabianLanze KlausWehrle ThomasEngel inproceedings 2016-mitseva-ccs-fingerprinting POSTER: Fingerprinting Tor Hidden Services 2016 10 24 1766-1768 Online ACM Proceedings of the 23rd ACM Conference on Computer and Communications Security (CCS), Vienna, Austria en 978-1-4503-4139-4 10.1145/2976749.2989054 1 AsyaMitseva AndriyPanchenko FabianLanze MartinHenze KlausWehrle ThomasEngel inproceedings 2016-panchenko-ndss-fingerprinting Website Fingerprinting at Internet Scale 2016 2 21 The website fingerprinting attack aims to identify the content (i.e., a webpage accessed by a client) of encrypted and anonymized connections by observing patterns of data flows such as packet size and direction. This attack can be performed by a local passive eavesdropper – one of the weakest adversaries in the attacker model of anonymization networks such as Tor. In this paper, we present a novel website fingerprinting attack. Based on a simple and comprehensible idea, our approach outperforms all state-of-the-art methods in terms of classification accuracy while being computationally dramatically more efficient. In order to evaluate the severity of the website fingerprinting attack in reality, we collected the most representative dataset that has ever been built, where we avoid simplified assumptions made in the related work regarding selection and type of webpages and the size of the universe. Using this data, we explore the practical limits of website fingerprinting at Internet scale. Although our novel approach is by orders of magnitude computationally more efficient and superior in terms of detection accuracy, for the first time we show that no existing method – including our own – scales when applied in realistic settings. With our analysis, we explore neglected aspects of the attack and investigate the realistic probability of success for different strategies a real-world adversary may follow. Internet Society Proceedings of the 23rd Annual Network and Distributed System Security Symposium (NDSS '16), February 21-24, 2016, San Diego, CA, USA San Diego, CA, USA February 21-24, 2016 978-1-891562-41-9 10.14722/ndss.2016.23477 1 AndriyPanchenko FabianLanze AndreasZinnen MartinHenze JanPennekamp KlausWehrle ThomasEngel