website fingerprinting attacks against tor browser bundle
play

Website fingerprinting attacks against Tor Browser Bundle: a - PowerPoint PPT Presentation

Aug 04, 2023 •330 likes •664 views

Tor website fingerprinting Website fingerprinting attacks against Tor Browser Bundle: a comparison between HTTP/1.1 and HTTP/2 T.T.N. Marks BSc. K.C.N. Halvemaan BSc. University of Amsterdam System and Network Engineering Research Project #1

  1. Tor website fingerprinting Website fingerprinting attacks against Tor Browser Bundle: a comparison between HTTP/1.1 and HTTP/2 T.T.N. Marks BSc. K.C.N. Halvemaan BSc. University of Amsterdam System and Network Engineering Research Project #1 February 8, 2017

  2. Tor website fingerprinting Overview Introduction 1 Research questions HTTP/2 How does Tor work? Related work 2 Method 3 URLs Scraping with TBB Problems after scraping Converting packet captures to traces Training the SVM Results 4 Conclusion 5 Discussion & Future work 6 References 7

  3. Tor website fingerprinting Introduction Introduction 1 Tor: The second generation onion router 2 ”Tor is free software and an open network that helps you defend against traffic analysis , a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security.” 1 3 Often used as part of the Tor Browser Bundle (TBB). 1 https://www.torproject.org/ , retrieved on 2017-02-02.

  4. Tor website fingerprinting Introduction Problem statement 1 Website fingerprinting possible despite encryption and obfuscation techniques. 2 An eavesdropper might learn which website you have visited based on the meta data of the encrypted TCP/IP stream. 3 The web is moving from HTTP/1.1 to HTTP/2, what does this mean for website fingerprinting? 4 HTTP/2 still disabled in the TBB by default because code is not audited and possible security implications are unclear.

  5. Tor website fingerprinting Introduction Research questions Research questions 1 Can a website fingerprinting attack be done on a TBB enabled with HTTP/2? 2 Is there a difference in website fingerprinting attacks on a TBB enabled with just HTTP/1.1 and a TBB enabled with HTTP/2?

  6. Tor website fingerprinting Introduction HTTP/2 What is new in HTTP/2? 1 Mandatory HTTPS in all major browsers (de facto standard 2 ). 2 Data compression of HTTP headers. 3 Prioritisation of requests . 4 Multiplexing multiple requests over a single TCP/IP connection . 2 https://http2.github.io/faq/#does-http2-require-encryption , retrieved on 2017-02-03.

  7. Tor website fingerprinting Introduction How does Tor work? How Tor works.

  8. Tor website fingerprinting Introduction How does Tor work? Website fingerprinting

  9. Tor website fingerprinting Related work Related work 1 Fingerprinting encrypted HTTP traffic (Liberatore and Levine, 2006).

  10. Tor website fingerprinting Related work Related work 1 Fingerprinting encrypted HTTP traffic (Liberatore and Levine, 2006). 2 Extended to Tor by Herrmann et al. (2009).

  11. Tor website fingerprinting Related work Related work 1 Fingerprinting encrypted HTTP traffic (Liberatore and Levine, 2006). 2 Extended to Tor by Herrmann et al. (2009). 3 Improved by Panchenko et al. (2011) by using a Support Vector Machine.

  12. Tor website fingerprinting Related work Related work 1 Fingerprinting encrypted HTTP traffic (Liberatore and Levine, 2006). 2 Extended to Tor by Herrmann et al. (2009). 3 Improved by Panchenko et al. (2011) by using a Support Vector Machine. 4 Various defenses were discussed by Cai et al. (2012), of which the ’padding defense’ was implemented in Tor.

  13. Tor website fingerprinting Related work Related work 1 Fingerprinting encrypted HTTP traffic (Liberatore and Levine, 2006). 2 Extended to Tor by Herrmann et al. (2009). 3 Improved by Panchenko et al. (2011) by using a Support Vector Machine. 4 Various defenses were discussed by Cai et al. (2012), of which the ’padding defense’ was implemented in Tor. 5 A review of earlier methods was given in Wang and Goldberg (2013), their results were better but unrealistic setting.

  14. Tor website fingerprinting Related work Related work 1 Fingerprinting encrypted HTTP traffic (Liberatore and Levine, 2006). 2 Extended to Tor by Herrmann et al. (2009). 3 Improved by Panchenko et al. (2011) by using a Support Vector Machine. 4 Various defenses were discussed by Cai et al. (2012), of which the ’padding defense’ was implemented in Tor. 5 A review of earlier methods was given in Wang and Goldberg (2013), their results were better but unrealistic setting. 6 The previous work on Tor was done by looking at HTTP/1.1 traffic.

  15. Tor website fingerprinting Method Overview Introduction 1 Related work 2 Method 3 Results 4 Conclusion 5 Discussion & Future work 6 References 7

  16. Tor website fingerprinting Method Overall Implementation 1 Get a list of websites supporting HTTP/2. 2 Visit each website 40 times in TBB for both HTTP/1.1 and HTTP/2: Make packet capture and save corresponding HTTP Headers. 1 Convert packet captures to “traces”. 2 3 Calculate distance between traces. 4 Use distances to train a SVM and use it to predict unseen traces.

  17. Tor website fingerprinting Method URLs URLs 1 Alexa top million websites of 2017-01-14. 2 Test top 5000 with curl for HTTP/2 responses. 3 1110 of 5000 websites were HTTP/2 capable. 4 All Google TLDs were removed, except ”google.com”. 5 Top 130 of the HTTP/2 enabled websites were retrieved.

  18. Tor website fingerprinting Method Scraping with TBB Setup

  19. Tor website fingerprinting Method Problems after scraping Problems after scraping 1 Invalid captures, that were removed from our sample. Websites redirecting to plain http:// . 1 Websites using Cloudflare, as they would show a captcha 2 screen by default. Websites that failed to load completely more than 25% of the 3 time. 2 Left us with 56 of 130 websites scraped.

  20. Tor website fingerprinting Method Converting packet captures to traces Converting packet captures to traces 1 Based on method by Wang and Goldberg (2013). 2 Check HTTP Archive (HAR) content and verify HTTP version and status OK. 3 Filter out retransmitted and out-of-order TCP/IP packets. 4 One or more Tor cells in TCP/IP packet, extracted by rounding length of data in bytes to nearest multiple of 512 and dividing by 512. 5 Direction indicated with sign: negative for incoming and positive for outgoing. 6 Resulting trace is a list of only 1’s and -1’s indicating the direction, order and frequency of Tor cells for a specific website. 7 Still some “noise” left in traces due to SENDME Tor cells.

  21. Tor website fingerprinting Method Training the SVM Training the SVM 1 Distance between traces calculated with the optimal string aligment distance (Wang and Goldberg, 2013). Took about four hours to compute on the DAS5 1 supercomputer using 10 nodes (Bal et al., 2016). 2 Train and test the SVM in closed world model. 36 training cases and 4 testing cases for each site. 1 10-fold cross validation with one accuracy value for each of the 2 folds, so 10 accuracy’s per tested set.

  22. Tor website fingerprinting Results Results Test HTTP/1.1 HTTP/2 Train HTTP/1.1 x = 88 . 036 % s = 2 . 0164 % x = 64 . 687% s = 6 . 6631% HTTP/2 x = 54 . 667% s = 3 . 5286% x = 86 . 485 % s = 3 . 0871 %

  23. Tor website fingerprinting Results Results Test HTTP/1.1 HTTP/2 Train HTTP/1.1 x = 88 . 036 % s = 2 . 0164 % x = 64 . 687% s = 6 . 6631% HTTP/2 x = 54 . 667% s = 3 . 5286% x = 86 . 485 % s = 3 . 0871 % 1 HTTP/1.1 by Wang and Goldberg (2013): x = 90% s = 6%

  24. Tor website fingerprinting Results Results Test HTTP/1.1 HTTP/2 Train HTTP/1.1 x = 88 . 036 % s = 2 . 0164 % x = 64 . 687% s = 6 . 6631% HTTP/2 x = 54 . 667% s = 3 . 5286% x = 86 . 485 % s = 3 . 0871 % 1 HTTP/1.1 by Wang and Goldberg (2013): x = 90% s = 6% 2 Paired t-test of accuracy’s between the HTTP/1.1 and HTTP/2 sets: p value = 0 . 19392, with α = 0 . 05. The difference is not statistically significant: p value > α .

  25. Tor website fingerprinting Conclusion Conclusion 1 It is possible to do a website fingerprinting attack on a TBB enabled with HTTP/2 in a closed-world scenario. 2 For a website fingerprinting attack on a TBB enabled with HTTP/2 the decrease in accuracy was minimal compared to a TBB enabled with just HTTP/1.1.

  26. Tor website fingerprinting Discussion & Future work Discussion & Future work 1 Closed-world scenario not realistic and experiments do not conform with human browsing habits (Juarez et al., 2014). 2 Some websites are hard to fingerprint due to: A/B testing, localisation and/or random content. 3 An attacker would need to continually keep his model up-to-date due to changing websites. 4 HTTP/2 prioritisation could be used to randomise traffic and increase fingerprinting difficulty.

  27. Tor website fingerprinting Discussion & Future work Thank you for listening! Thank you for listening! Are there any questions?

  28. Tor website fingerprinting Discussion & Future work Optimal string aligment distance Figure: As in Appendix B of Wang and Goldberg (2013).

  29. Tor website fingerprinting References References I ”How Tor works” images on slides 7 based on ”How Tor Works” images from https://www.torproject.org/about/overview . Devil, Py, Coding, Monitor and Onion icons in figure on slide 8, 13 and 7 made by Freepik from www.flaticon.com and is licensed by CC 3.0 BY. Server and Folder icons in figure on slide 13 and 7 made by Madebyoliver from www.flaticon.com and is licensed by CC 3.0 BY.

Recommend

Website Fingerprinting Attacks and Defenses in the Tor Onion Space Marc Juarez imec-COSIC KU

Website Fingerprinting Attacks and Defenses in the Tor Onion Space Marc Juarez imec-COSIC KU

Website Fingerprinting Attacks and Defenses in the Tor Onion Space Marc Juarez imec-COSIC KU Leuven COSIC Seminar - 23rd October 2017, Leuven Introduction Contents of this presentation: - PETS17: Website Fingerprinting Defenses at

658 views • 44 slides
Website fingerprinting on Tor: attacks and defenses Claudia Diaz KU Leuven Joint work with: Marc

Website fingerprinting on Tor: attacks and defenses Claudia Diaz KU Leuven Joint work with: Marc

Website fingerprinting on Tor: attacks and defenses Claudia Diaz KU Leuven Joint work with: Marc Juarez , Sadia Afroz, Gunes Acar, Rachel Greenstadt, Mohsen Imani, Mike Perry, Matthew Wright Post-Snowden Cryptography Workshop Brussels, December

754 views • 52 slides
A Critical Evaluation of Website Fingerprinting Attacks Marc Juarez 1 Sadia Afroz 2 Gunes Acar 1

A Critical Evaluation of Website Fingerprinting Attacks Marc Juarez 1 Sadia Afroz 2 Gunes Acar 1

A Critical Evaluation of Website Fingerprinting Attacks Marc Juarez 1 Sadia Afroz 2 Gunes Acar 1 Claudia Diaz 1 Rachel Greenstadt 3 1 KU Leuven, ESAT/COSIC and iMinds, Leuven, Belgium 2 UC Berkeley, US 3 Drexel University, US CCS 2014, Scottsdale,

687 views • 49 slides
k -fingerprinting: a Robust Scalable Website Fingerprinting Technique George Danezis Jamie Hayes

k -fingerprinting: a Robust Scalable Website Fingerprinting Technique George Danezis Jamie Hayes

k -fingerprinting: a Robust Scalable Website Fingerprinting Technique George Danezis Jamie Hayes University College London August 12, 2016 1/24 How does website fingerprinting work? - Training Tor network Relay 2 Adversary Relay 1

988 views • 24 slides
Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting Soroush Karami ,

Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting Soroush Karami ,

Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting Soroush Karami , Panagiotis Ilia, Konstantinos Solomos, Jason Polakis University of Illinois at Chicago, USA skaram5@uic.edu February 24, 2020 Browser extensions

886 views • 30 slides
Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting Soroush Karami ,

Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting Soroush Karami ,

Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting Soroush Karami , Panagiotis Ilia, Konstantinos Solomos, Jason Polakis University of Illinois at Chicago, USA skaram5@uic.edu February 24, 2020 Browser extensions

492 views • 28 slides
Br Browser fi fingerprinting Nataliia Bielova @nataliabielova February 12

Br Browser fi fingerprinting Nataliia Bielova @nataliabielova February 12

Br Browser fi fingerprinting Nataliia Bielova @nataliabielova February 12 th , 2019 Security and ethical aspects of data Universit Cote d'Azur Todays class A brief history

534 views • 38 slides
Feature Selection in Website Fingerprinting Junhua Yan Advisor: Prof. Jasleen Kaur July 24,

Feature Selection in Website Fingerprinting Junhua Yan Advisor: Prof. Jasleen Kaur July 24,

Feature Selection in Website Fingerprinting Junhua Yan Advisor: Prof. Jasleen Kaur July 24, 2019 1/23 Website Fingerprinting Goal: determine the visited website by inspecting network traffic on client side client web Figure: Attacker

831 views • 59 slides
Bayes, not Nave Security Bounds on Website Fingerprinting Defenses Giovanni Cherubin Privacy

Bayes, not Nave Security Bounds on Website Fingerprinting Defenses Giovanni Cherubin Privacy

Bayes, not Nave Security Bounds on Website Fingerprinting Defenses Giovanni Cherubin Privacy Enhancing Technologies Symposium Minneapolis, Minnesota, USA 19 July, 2017 @gchers Website Fingerprinting (WF) Encrypted Tunnel Victim

400 views • 20 slides
06. Protect ction from Browser fi fingerprinting Nataliia

06. Protect ction from Browser fi fingerprinting Nataliia

06. Protect ction from Browser fi fingerprinting Nataliia Bielova @nataliabielova September 17 th =21 st , 2018 Web Privacy course University of Trento Nataliia Bielova

857 views • 20 slides
Lab 5: Shark Attacks, Again! DNA Fingerprinting to the Rescue Notebook Lab Objectives

Lab 5: Shark Attacks, Again! DNA Fingerprinting to the Rescue Notebook Lab Objectives

Lab 5: Shark Attacks, Again! DNA Fingerprinting to the Rescue Notebook Lab Objectives Develop an understanding of the basic techniques used to study genetic polymorphisms encoded in DNA Gain familiarity with Restriction Fragment Length

436 views • 15 slides
Lab 5: Shark Attacks, Again! DNA Fingerprinting to the Rescue Notebook Lab Objectives

Lab 5: Shark Attacks, Again! DNA Fingerprinting to the Rescue Notebook Lab Objectives

Lab 5: Shark Attacks, Again! DNA Fingerprinting to the Rescue Notebook Lab Objectives Develop an understanding of the basic techniques used to study genetic polymorphisms encoded in DNA Gain familiarity with Restriction Fragment Length

659 views • 27 slides
FPRandom: Randomizing core browser objects to break advanced device fingerprinting techniques

FPRandom: Randomizing core browser objects to break advanced device fingerprinting techniques

FPRandom: Randomizing core browser objects to break advanced device fingerprinting techniques Pierre Laperdrix, Benoit Baudry, Vikas Mishra Outline 1) What is fingerprint-based tracking? 2) Randomizing core browser objects a. Generating

245 views • 22 slides
Social Fingerprinting Browser Id Proxy Piercing Device Id

Social Fingerprinting Browser Id Proxy Piercing Device Id

Email Verification Mobile Location Deep Location Site Velocity & Behaviour Social Fingerprinting Browser Id Proxy Piercing Device Id Domain Lookup VLR/HLR Lookup IP

511 views • 13 slides
2007 Self morphing viruses 2009 - The Zeus virus Man in the browser attacks no

2007 Self morphing viruses 2009 - The Zeus virus Man in the browser attacks no

2007 Self morphing viruses 2009 - The Zeus virus Man in the browser attacks no browser is safe 2011 300% increase in cyber attacks Who they are Why they do it Who are the targets Our filter processes 3 billion

407 views • 17 slides
Using Guided Missiles in Drive-bys Automatic browser fingerprinting and exploitation with the

Using Guided Missiles in Drive-bys Automatic browser fingerprinting and exploitation with the

Using Guided Missiles in Drive-bys Automatic browser fingerprinting and exploitation with the Metasploit Framework James Lee # whoami James Lee egypt Developer, Metasploit Project Co-Founder, Teardrop Security Member,

738 views • 35 slides
Fast and efficient Browser Identification with JavaScript Engine Fingerprinting Martin Mulazzani ,

Fast and efficient Browser Identification with JavaScript Engine Fingerprinting Martin Mulazzani ,

Fast and efficient Browser Identification with JavaScript Engine Fingerprinting Martin Mulazzani , Philipp Reschl, Manuel Leithner, Markus Huber, Edgar Weippl SBA Research Vienna, Austria Outline Motivation & Background JavaScript Engine

539 views • 33 slides
Browser and Network request Browser website CS 4803 reply Network OS Computer and Network

Browser and Network request Browser website CS 4803 reply Network OS Computer and Network

Browser and Network request Browser website CS 4803 reply Network OS Computer and Network Security Hardware Alexandra (Sasha) Boldyreva Browser sends requests May reveal private information (in forms, cookies) Web security.

517 views • 7 slides
Detection of Browser Fingerprinting by Static JavaScript Code Classification Sjors Haanen &

Detection of Browser Fingerprinting by Static JavaScript Code Classification Sjors Haanen &

Detection of Browser Fingerprinting by Static JavaScript Code Classification Sjors Haanen & Tim van Zalingen UvA February 6, 2018 Supervisors (KPMG): Aidan Barrington & Ruben de Vries Research Project 82 Sjors Haanen & Tim van

331 views • 30 slides
Web Security! Big Picture: Browser and Network request website Browser reply OS Network

Web Security! Big Picture: Browser and Network request website Browser reply OS Network

CSE 484 / CSE M 584: Computer Security and Privacy CSRF and XSS attacks Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John Mitchell,

1.29k views • 59 slides
FP-Block usable web privacy by controlling browser fingerprinting Joint work with Sjouke Mauw

FP-Block usable web privacy by controlling browser fingerprinting Joint work with Sjouke Mauw

FP-Block usable web privacy by controlling browser fingerprinting Joint work with Sjouke Mauw (UL), Christof Ferreira Torres (UL) OUtline Part 1: introduction Part 2: thwarting 3 rd party fingerprint-based web-tracking Introducing

1.52k views • 112 slides
Understanding and Combating Man-in-the- Browser Attacks 22 nd Annual FIRST Conference 16 June

Understanding and Combating Man-in-the- Browser Attacks 22 nd Annual FIRST Conference 16 June

Understanding and Combating Man-in-the- Browser Attacks 22 nd Annual FIRST Conference 16 June 2010 Jason Milletary Topics What is a Man-in-the-Browser Attack? How are they used? How can I identify and mitigate when they are

207 views • 18 slides
Mastering Astronomy Tips A. Having problems with the website? 1. Update your browser The most

Mastering Astronomy Tips A. Having problems with the website? 1. Update your browser The most

Mastering Astronomy Tips A. Having problems with the website? 1. Update your browser The most recent versions of Microsoft IE, Firefox, and Safari all work with the website. 2. Update your Flash video browser plugin Search for Adobe Flash

372 views • 13 slides
Morellian Analysis for Browsers: Making Web Authentication Stronger With Canvas Fingerprinting

Morellian Analysis for Browsers: Making Web Authentication Stronger With Canvas Fingerprinting

Morellian Analysis for Browsers: Making Web Authentication Stronger With Canvas Fingerprinting Pierre Laperdrix , Gildas Avoine, Benoit Baudry, Nick Nikiforakis DIMVA 2019 In Introduction Web attacks and data breaches 2 Attacks on the

945 views • 66 slides

More recommend