Touching from a distance: Website fingerprinting attacks and defenses

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2012, Pages 605-616

  Cai, Xiang ^a   Zhang, Xin Cheng ^a   Joshi, Brijesh ^a   Johnson, Rob ^a  

^a STONY BROOK UNIVERSITY   (United States)

Author keywords

Anonymity; Website fingerprinting attacks

Indexed keywords

ANONYMITY; NETWORK BEHAVIORS; PROVABLE SECURITY; TRAFFIC ANALYSIS;

NETWORK SECURITY;

WEBSITES;

EID: 84869419567     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2382196.2382260     Document Type: Conference Paper

References (28)

1. Aurelien Bellet, Amaury Habrard, and Marc Sebban. Good edit similarity learning by loss minimization. Machine Learning, 2012.
2. George Bissias, Marc Liberatore, David Jensen, and Brian Levine. Privacy vulnerabilities in encrypted http streams. In Privacy Enhancing Technologies. 2006.
3. Xiang Cai, Xin Cheng Zhang, Brijesh Joshi, and Rob Johnson. Touching from a distance: Website fingerprinting attacks and defenses. Technical Report SPLAT-TR-12-01, Stony Brook University, 2012.
4. George Danezis. Traffic analysis of the HTTP protocol over TLS. http://research.microsoft.com/en-us/um/people/gdane/papers/TLSanon.pdf.
5. The Internet Movie Database. http://www.imdb.com/.
6. Kevin P. Dyer, Scott E. Coull, Thomas Ristenpart, and Thomas Shrimpton. Peek-a-boo, i still see you: Why efficient traffic analysis countermeasures fail. In Proceedings of the 33rd Annual IEEE Symposium on Security and Privacy, 2012.
7. Facebook. http://www.facebook.com/.
8. X. Fu, B. Graham, R. Bettati, and W. Zhao. On countermeasures to traffic analysis attacks. In Information Assurance Workshop, 2003.
9. Xun Gong, Negar Kiyavash, and Nikita Borisov. Fingerprinting websites using remote traffic analysis. In ACM CCS, 2010.
10. Dominik Herrmann, Rolf Wendolsky, and Hannes Federrath. Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naive-bayes classifier. In Proceedings of the 2009 ACM workshop on Cloud computing security.
11. Andrew Hintz. Fingerprinting websites using traffic analysis. In Privacy Enhancing Technologies. 2003.
12. The Internet Society. Hypertext Transfer Protocol -HTTP/1.1, 1999.
13. Marc Liberatore and Brian Neil Levine. Inferring the source of encrypted http connections. In ACM CCS, 2006.
14. Liming Lu, Ee-Chien Chang, and Mun Chan. Website fingerprinting and identification using ordered feature sequences. In ESORICS. 2010.
15. Xiapu Luo, Peng Zhou, Edmond W. W. Chan, Wenke Lee, Rocky K. C. Chang, and Roberto Perdisci. HTTPOS: Sealing information leaks with browser-side obfuscation of encrypted ows. In NDSS, 2011.
16. Gonzalo Navarro. A guided tour to approximate string matching. ACM Comput. Surv., 33:31-88, March 2001.
17. Andriy Panchenko, Lukas Niessen, Andreas Zinnen, and Thomas Engel. Website fingerprinting in onion routing based anonymization networks. In Proceedings of the 10th Workshop on Privacy in the Electronic Society, 2011.
18. Mike Perry. Experimental defense for website traffic fingerprinting. https://blog.torproject.org/blog/experimental-defense-website-traffic- fingerprinting, September 2011.
19. Yi Shi and Kanta Matsuura. Fingerprinting attack on the Tor anonymity system. In Information and Communications Security, volume 5927 of Lecture Notes in Computer Science, pages 425-438. Springer Berlin / Heidelberg, 2009.
20. Qixiang Sun, Daniel R. Simon, Yi-Min Wang, Wilf Russell, Venkata N. Padmanabhan, and Lili Qiu. Statistical identification of encrypted web browsing traffic. In Proceedings of the IEEE Symposium on Security and Privacy, 2002.
21. Tor project: Anonymity online. https://www.torproject.org/, August 2011.
22. Vladimir N. Vapnik. The nature of statistical learning theory. Springer-Verlag New York, Inc., 1995.
23. Harald Weinreich, Hartmut Obendorf, Eelco Herder, and Matthias Mayer. Not quite the average: An empirical study of web use. ACM Transactions on the Web, 1(2):26, 2 2008.
24. Andrew M. White, Austin R. Matthews, Kevin Z. Snow, and Fabian Monrose. Phonotactic reconstruction of encrypted VoIP conversations: Hookt on fon-iks. In Proceedings of the 32nd IEEE Symposium on Security and Privacy, 2011.
25. Charles Wright, Fabian Monrose, and Gerald M. Masson. Hmm profiles for network traffic classification. In Proceedings of the ACM workshop on Visualization and data mining for computer security, 2004.
26. Charles V. Wright, Scott E. Coull, and Fabian Monrose. Traffic morphing: An efficient defense against statistical traffic analysis. In NDSS, 2009.
27. Shui Yu, Wanlei Zhou, Weijia Jia, and Jiankun Hu. Attacking anonymous web browsing at local area networks through browsing dynamics. The Computer Journal, 2011.
28. Fan Zhang, Wenbo He, Xue Liu, and Patrick G. Bridges. Inferring users' online activities through traffic analysis. In Proceedings of the Fourth ACM conference on Wireless network security, 2011.