Protecting against Website Fingerprinting with Multihoming

Abstract Anonymous communication tools, such as Tor, are extensively employed by users who want to keep their web activity private. But recent works have shown that when a local, passive adversary observes nothing more than the timestamp, size and direction (incoming or outgoing) of the packets, it can still identify with high accuracy the website accessed by a user. Several defenses against these website fingerprinting attacks have been proposed but they come at the cost of a significant overhead in traffic and/or website loading time. We propose a defense against website fingerprinting which exploits multihoming, where a user can access the Internet by sending the traffic through multiple networks. With multihoming, it is possible to protect against website fingerprinting by splitting traffic among the networks, i.e., by removing packets from one network and sending them through another, whereas current defenses can only add packets. This enables us to design a defense with no traffic overhead that, as we show through extensive experimentation against state-of-the-art attacks, reaches the same level of privacy as the best existing practical defenses. We describe and evaluate a proof-ofconcept implementation of our defense and show that is does not add significant loading-time overhead. Our solution is compatible with other state-of-the-art defenses, and we show that combining it with another defense further improves privacy.

[1]  Tao Wang,et al.  On Realistically Attacking Tor with Website Fingerprinting , 2016, Proc. Priv. Enhancing Technol..

[2]  Thomas Engel,et al.  Website fingerprinting in onion routing based anonymization networks , 2011, WPES.

[3]  G. R. Blakley,et al.  Safeguarding cryptographic keys , 1899, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[4]  Rachel Greenstadt,et al.  A Critical Evaluation of Website Fingerprinting Attacks , 2014, CCS.

[5]  G. Danezis Traffic Analysis of the HTTP Protocol over TLS , .

[6]  Douglas J. Leith,et al.  A Web Traffic Analysis Attack Using Only Timing Information , 2014, IEEE Transactions on Information Forensics and Security.

[7]  Srinivas Devadas,et al.  Var-CNN: A Data-Efficient Website Fingerprinting Attack Based on Deep Learning , 2018, Proc. Priv. Enhancing Technol..

[8]  Mark Handley,et al.  Architectural Guidelines for Multipath TCP Development , 2011, RFC.

[9]  Tao Wang,et al.  Effective Attacks and Provable Defenses for Website Fingerprinting , 2014, USENIX Security Symposium.

[10]  Randall R. Stewart,et al.  Stream Control Transmission Protocol , 2000, RFC.

[11]  Bruce Schneier,et al.  Analysis of the SSL 3.0 protocol , 1996 .

[12]  Prateek Mittal,et al.  Robust Website Fingerprinting Through the Cache Occupancy Channel , 2018, USENIX Security Symposium.

[13]  Mohsen Imani,et al.  Deep Fingerprinting: Undermining Website Fingerprinting Defenses with Deep Learning , 2018, CCS.

[14]  Shigeki Goto,et al.  Fingerprinting Attack on Tor Anonymity using Deep Learning , 2016 .

[15]  Janardhan R. Iyengar,et al.  Concurrent Multipath Transfer Using SCTP Multihoming Over Independent End-to-End Paths , 2006, IEEE/ACM Transactions on Networking.

[16]  Donald F. Towsley,et al.  On bufferbloat and delay analysis of multipath TCP in wireless networks , 2014, 2014 IFIP Networking Conference.

[17]  Thomas Ristenpart,et al.  Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail , 2012, 2012 IEEE Symposium on Security and Privacy.

[18]  Olivier Bonaventure,et al.  Multipath QUIC: Design and Evaluation , 2017, CoNEXT.

[19]  Sami Zhioua,et al.  Finding a Needle in a Haystack: The Traffic Analysis Version , 2019, Proc. Priv. Enhancing Technol..

[20]  Rachel Greenstadt,et al.  How Unique is Your .onion?: An Analysis of the Fingerprintability of Tor Onion Services , 2017, CCS.

[21]  Charles V. Wright,et al.  Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis , 2009, NDSS.

[22]  Jin Li,et al.  Secure Deduplication with Efficient and Reliable Convergent Key Management , 2014, IEEE Transactions on Parallel and Distributed Systems.

[23]  Nicholas Hopper,et al.  p1-FP: Extraction, Classification, and Prediction of Website Fingerprints with Deep Learning , 2019, Proc. Priv. Enhancing Technol..

[24]  Hannes Federrath,et al.  Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier , 2009, CCSW '09.

[25]  Xiang Cai,et al.  CS-BuFLO: A Congestion Sensitive Website Fingerprinting Defense , 2014, WPES.

[26]  Mark Handley,et al.  How Hard Can It Be? Designing and Implementing a Deployable Multipath TCP , 2012, NSDI.

[27]  Olivier Bonaventure,et al.  Multipath TCP Deployments , 2016 .

[28]  Ling Huang,et al.  I Know Why You Went to the Clinic: Risks and Realization of HTTPS Traffic Analysis , 2014, Privacy Enhancing Technologies.

[29]  Tao Wang,et al.  Improved website fingerprinting on Tor , 2013, WPES.

[30]  Wouter Joosen,et al.  Automated Website Fingerprinting through Deep Learning , 2017, NDSS.

[31]  Klaus Wehrle,et al.  ReMP TCP: Low latency multipath TCP , 2016, 2016 IEEE International Conference on Communications (ICC).

[32]  Mike Perry,et al.  Toward an Efficient Website Fingerprinting Defense , 2015, ESORICS.

[33]  Yao Zheng,et al.  Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption , 2019, IEEE Transactions on Parallel and Distributed Systems.

[34]  Junhua Yan,et al.  Feature Selection for Website Fingerprinting , 2018, Proc. Priv. Enhancing Technol..

[35]  Yi Shi,et al.  Fingerprinting Attack on the Tor Anonymity System , 2009, ICICS.

[36]  Tao Wang,et al.  A Systematic Approach to Developing and Evaluating Website Fingerprinting Defenses , 2014, CCS.

[37]  Zhiyi Fang,et al.  Securing Vehicular Ad Hoc Networks , 2007, 2007 2nd International Conference on Pervasive Computing and Applications.

[38]  Mark Handley,et al.  TCP Extensions for Multipath Operation with Multiple Addresses , 2011 .

[39]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[40]  H. Cheng,et al.  Traffic Analysis of SSL Encrypted Web Browsing , 1998 .

[41]  Elaine Shi,et al.  Multi-cloud oblivious storage , 2013, CCS.

[42]  Steven J. Murdoch,et al.  Message Splitting Against the Partial Adversary , 2005, Privacy Enhancing Technologies.

[43]  F. Rochet Moving Tor Circuits Towards Multiple-Path : Anonymity and Performance Considerations , 2015 .

[44]  Marina Aguado,et al.  SCADA Systems in the Railway Domain: Enhancing Reliability through Redundant MultipathTCP , 2015, 2015 IEEE 18th International Conference on Intelligent Transportation Systems.

[45]  Tao Wang,et al.  Walkie-Talkie: An Efficient Defense Against Passive Website Fingerprinting Attacks , 2017, USENIX Security Symposium.

[46]  Anees Shaikh,et al.  A measurement-based analysis of multihoming , 2003, SIGCOMM '03.

[47]  George Danezis,et al.  k-fingerprinting: A Robust Scalable Website Fingerprinting Technique , 2015, USENIX Security Symposium.

[48]  Weiqi Cui,et al.  Revisiting Assumptions for Website Fingerprinting Attacks , 2019, AsiaCCS.

[49]  Brijesh Joshi,et al.  Touching from a distance: website fingerprinting attacks and defenses , 2012, CCS.

[50]  Murat Yuksel,et al.  Multi Path Considerations for Anonymized Routing: Challenges and Opportunities , 2012, 2012 5th International Conference on New Technologies, Mobility and Security (NTMS).

[51]  Julien Herzen,et al.  EMPoWER Hybrid Networks: Exploiting Multiple Paths over Wireless and ElectRical Mediums , 2016, CoNEXT.

[52]  Vitaly Shmatikov,et al.  Timing Analysis in Low-Latency Mix Networks: Attacks and Defenses , 2006, ESORICS.

[53]  Claudia Díaz,et al.  Inside Job: Applying Traffic Analysis to Measure Tor from Within , 2018, NDSS.

[54]  Klaus Wehrle,et al.  POSTER: Traffic Splitting to Counter Website Fingerprinting , 2019, CCS.

[55]  Ian Goldberg,et al.  The Path Less Travelled: Overcoming Tor's Bottlenecks with Traffic Splitting , 2013, Privacy Enhancing Technologies.

[56]  Giovanni Cherubin,et al.  Website Fingerprinting Defenses at the Application Layer , 2017, Proc. Priv. Enhancing Technol..

[57]  Shuai Li,et al.  Measuring Information Leakage in Website Fingerprinting Attacks and Defenses , 2017, CCS.

[58]  Mark Handley,et al.  Improving datacenter performance and robustness with multipath TCP , 2011, SIGCOMM.

[59]  Klaus Wehrle,et al.  Website Fingerprinting at Internet Scale , 2016, NDSS.

[60]  Mark Handley,et al.  TCP Extensions for Multipath Operation with Multiple Addresses , 2020, RFC.

[61]  Özgü Alay,et al.  Is multi-path transport suitable for latency sensitive traffic? , 2016, Comput. Networks.

[62]  Nick Feamster,et al.  Location diversity in anonymity networks , 2004, WPES '04.

[63]  Van Jacobson,et al.  TCP Extensions for High Performance , 1992, RFC.

[64]  Xiang-Yang Li,et al.  Privacy preserving cloud data access with multi-authorities , 2012, 2013 Proceedings IEEE INFOCOM.