Website fingerprinting as a cybercrime investigation model: Role and challenges

The mass-production of online websites is one of the most confrontations of detecting cybercriminal activities. Monitoring the construction or visitation of such websites is somewhat unsophisticated process if it relies on filtering the URL addresses alone, like Proxy. However, user online interactions can be concealed if passed through security protocols or anonymity networks, like Tor. Nowadays, Tor has been widely used to conceal website addresses, web page contents, user actions, and user anonymity. On the other hand, website traffic analysis and fingerprinting techniques endeavor to break such privacy by revealing user actions and anonymity. Basically, this is considered as a negative behavior. However, in this paper, we study how fingerprinting techniques can positively be adapted by Internet Service Providers to be used against Cybercrime activities. In other words, fingerprinting techniques can play a vital role for investigating and mitigating cybercrimes. We present several fingerprinting techniques and countermeasures from a cybercrime point of view. Then, we (1) illustrate how fingerprinting techniques can be applied as cybercrime investigation models, and (2) discuss the expected challenges of such application.

[1]  Seamus O. Ciardhuáin,et al.  An Extended Model of Cybercrime Investigations , 2004, Int. J. Digit. EVid..

[2]  Charles V. Wright,et al.  Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis , 2009, NDSS.

[3]  Thomas Engel,et al.  Website fingerprinting in onion routing based anonymization networks , 2011, WPES.

[4]  Ahmad Almulhem Network forensics: Notions and challenges , 2009, 2009 IEEE International Symposium on Signal Processing and Information Technology (ISSPIT).

[5]  David Llewellyn-Jones,et al.  A Digital Forensic Investigation Model and Tool for Online Social Networks , 2011 .

[6]  T C Mendenhall,et al.  THE CHARACTERISTIC CURVES OF COMPOSITION. , 1887, Science.

[7]  David D. Jensen,et al.  Privacy Vulnerabilities in Encrypted HTTP Streams , 2005, Privacy Enhancing Technologies.

[8]  Hannes Federrath,et al.  Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier , 2009, CCSW '09.

[9]  Yi Shi,et al.  Fingerprinting Attack on the Tor Anonymity System , 2009, ICICS.

[10]  Brijesh Joshi,et al.  Touching from a distance: website fingerprinting attacks and defenses , 2012, CCS.

[11]  Rajdeep Niyogi,et al.  Network forensic frameworks: Survey and research challenges , 2010, Digit. Investig..

[12]  Tao Wang,et al.  Improved website fingerprinting on Tor , 2013, WPES.

[13]  Eric Chan-Tin,et al.  Identifying Webbrowsers in Encrypted Communications , 2014, WPES.

[14]  Lili Qiu,et al.  Statistical identification of encrypted Web browsing traffic , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[15]  George Danezis,et al.  Proceedings of the 2012 ACM conference on Computer and communications security , 2012, CCS 2012.

[16]  Thomas Ristenpart,et al.  Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail , 2012, 2012 IEEE Symposium on Security and Privacy.

[17]  Efstathios Stamatatos,et al.  A survey of modern authorship attribution methods , 2009, J. Assoc. Inf. Sci. Technol..

[18]  Aman Jantan,et al.  A NEW APPROACH FOR RESOLVING CYBER CRIME IN NETWORK FORENSICS BASED ON GENERIC PROCESS MODEL , 2013 .

[19]  Brian Neil Levine,et al.  Inferring the source of encrypted HTTP connections , 2006, CCS '06.

[20]  Karuppannan Jaishankar,et al.  Cyber Crime and the Victimization of Women: Laws, Rights and Regulations , 2012 .

[21]  Bruce Schneier,et al.  Analysis of the SSL 3.0 protocol , 1996 .

[22]  Asmir Butkovic,et al.  Using Whois Based Geolocation and Google Maps API for support cybercrime investigations , 2013 .