website fingerprinting attacks and defenses in the tor
play

Website Fingerprinting Attacks and Defenses in the Tor Onion Space - PowerPoint PPT Presentation

Sep 12, 2023 •206 likes •658 views

Website Fingerprinting Attacks and Defenses in the Tor Onion Space Marc Juarez imec-COSIC KU Leuven COSIC Seminar - 23rd October 2017, Leuven Introduction Contents of this presentation: - PETS17: Website Fingerprinting Defenses at

  1. Website Fingerprinting Attacks and Defenses in the Tor Onion Space Marc Juarez imec-COSIC KU Leuven COSIC Seminar - 23rd October 2017, Leuven

  2. Introduction • Contents of this presentation: - PETS’17: “Website Fingerprinting Defenses at the Application Layer” - CCS’17: “How Unique is Your Onion?” 2

  3. What is Website Fingerprinting (WF)? Adversary Tor network WWW Middle User Exit Entry 3

  4. Website Fingerprinting: deployment Training Testing 4

  5. Why Do We Care? • Tor is the most popular anonymity network and aims to protect against such adversaries. • Series of successful attacks with accuracies greater than 90% • … how concerned should we be in practice ? – Critical review of WF attacks (Juarez et al, 2014)

  6. Closed vs Open World Closed world Open world 6

  7. Tor Hidden Services (HS) User xyz.onion • HS: user visits xyz.onion without resolving it to an IP • Examples: Wikileaks, GlobaLeaks, Facebook, ... 7

  8. Website Fingerprinting on Hidden Services (HSes) • WF adversary can distinguish HSes from regular sites • Website Fingerprinting in HSes is more threatening: - Fewer sites makes HSes more identifiable (~ closed world) - HS users vulnerable because content is sensitive 8

  9. The SecureDrop case • Freedom of the Press Foundation • Whistleblowing platform • Vulnerable to website fingerprinting (?) 9

  10. Website Fingerprinting Defenses at the Application Layer Giovanni Cherubin 1 Jamie Hayes 2 Marc Juarez 3 1 Royal Holloway University of London 2 University College London 3 imec-COSIC KU Leuven Presented in PETS 2017, Minneapolis, MN, USA

  11. Website Fingerprinting defenses WF Defenses BuFLO Tamaraw Tor network CS-BuFLO WTF-PAD … Middle User Entry Dummy These are TCP packets or Tor messages Real 11

  12. Application-layer Defenses • Existing defenses are designed at the network layer Key observation: identifying info originates at app layer! Identifying info Web content ‘Latent‘ features: F 1 , …, F n HTTP(S) T(·) Tor Last layer of encryption TLS Observed features: O 1 , ..., O n TCP Adversary ... 12

  13. Pros and Cons of app-layer Defenses The main advantage is that they are easier to implement: • do not depend on Tor to be implemented Cons: • padding runs end-to-end may require server collaboration… but HSes have incentives! • 13

  14. LLaMA ALPaCA • Client-side (FF add-on) • Server-side (first one) • Applied on hosted content • Applied on website requests • More bandwidth overhead • More latency overhead (two different solutions, not a client-server solution) 14

  15. ALPaCA Original Target Morphed • Abstract web pages as num objects and object sizes : pad them to match a target page • Does not impact user experience: e.g., comments in HTML/JS, images’ metadata, “ display: none” styles 15

  16. ALPaCA strategies (1) Example: protect a SecureDrop page - Strategy 1: target page is Facebook securedrop securedrop.png fake.css index.html facebook index.html facebook.png style.css Padding 16

  17. ALPaCA strategies (2) - Strategy 2: pad to an “anonymity set” target page securedrop securedrop.png index.html fake.css facebook facebook.png index.html style.css target Padding Defines num objects and object sizes by: Deterministic: next multiple of λ, δ ● ● Probabilistic: sampled from empirical distribution 17

  18. Evaluation: methodology • Collect with and without defense: 100 HSes (cached) ○ Security: accuracy of attacks kNN, k-Fingerprinting (kFP), CUMUL ○ Performance: overheads - latency (extra delay) - bandwidth (extra padding/time) 18

  19. ALPaCA: results • From 40% to 60% decrease in accuracy • 50% latency and 85% bandwidth overheads 19

  20. 20

  21. How Unique is Your Onion? An Analysis of the Fingerprintability of Tor Onion Services Rebekah Overdorf 1 Marc Juarez 2 Gunes Acar 2 Rachel Greenstadt 1 Claudia Diaz 2 1 Drexel University 2 imec-COSIC KU Leuven To be presented in CCS 2017, Dallas, TX, USA

  22. Disparate impact • WF normally attacks report average success • But… – Are certain websites more susceptible to website fingerprinting attacks than others? – What makes some sites more vulnerable to the attack than others? Credit: Claudia Diaz

  23. State-of-the-Art Attacks - k-NN (Wang et al., 2015) - CUMUL (Panchenko et al., 2016) - k-Fingerprinting (Hayes and Danezis, 2016) 23

  24. k-NN (Wang et al. 2015) • Features – number of outgoing packets in spans of 30 packets – the lengths of the first 20 packets – traffic bursts (sequences of packets in the same direction) • Classification – k -NN – Tune weights of the distance metric that minimizes the distance among instances that belong to the same site. • Results – From 90% to 95% accuracy on a closed-world of 100 non-hidden service websites. Credit: Bekah Overdorf

  25. CUMUL (Panchenko et al. 2016) • Features – 100 interpolation points of the cumulative sum of packet lengths (with direction) • Classification – Radial Basis Function kernel (RBF) SVM • Results – From 90% to 93% for 100 Non HS sites. Credit: Bekah Overdorf

  26. k-Fingerprinting (Hayes and Danezis 2016) • Features – Timing and size features in the literature • Classification – Random Forest (RF) + k-NN • Results – 90% accuracy on 30 hidden services Credit: Bekah Overdorf

  27. Data • Crawled 790 sites over Tor (homepages) • Removed – Offline sites – Failed visits – Duplicates • 482 sites fit our criteria with 70 visits each Credit: Bekah Overdorf

  28. Credit: Bekah Overdorf

  29. SecureDrop sites • There was a SecureDrop site in our dataset: – Project On Gov’t Oversight’ (POGO) • CUMUL achieved 99%!!! – As compared to 80% in average

  30. Misclassifications of Hidden Services Credit: Bekah Overdorf

  31. Misclassifications of Hidden Services Credit: Bekah Overdorf

  32. Median of total incoming packet size for misclassified instances Credit: Bekah Overdorf

  33. Low-level Feature Analysis • Intra-class variance: similarity between instances of the same site. – Lower intra-class variances improves identification. • Inter-class variance: similarity between instances of different sites. – Higher inter-class variances improves identification. Top features: 1. Total Size of all Outgoing Packets 2. Total Size of Incoming Packets 3. Number of Incoming Packets 4. Number of Outgoing Packets

  34. Site-level Feature Analysis • Can we determine what characteristics of a website affect its fingerprintability ? • Site-Level Features: – Number of embedded resources – Number of fonts – Screenshot size – Use of a CMS? – …

  35. Can we predict if a site will be fingerprintable? “Meta-classifier” Random forest regressor

  36. Results: importance of site-level features

  38. Take aways • WF threatens Tor, especially its Hidden services. • Disparate impact: some pages are more fingerprintable than others (there is a bias in reporting average results). • WF defenses that alter the website design (app layer) are easier to implement and as effective as network-layer defenses. • Changes of the paget that protect against WF: – Small (e.g., fewer resources) and dynamic.

  39. Take aways • WF threatens Tor, especially its Hidden services. • Disparate impact: some pages are more fingerprintable than others (there is a bias in reporting average results). • WF defenses that alter the website design (app layer) are easier Future work Re-design ALPaCA to follow to implement and as effective as network-layer defenses. these guidelines. • Changes of the paget that protect against WF: – Small (e.g., fewer resources) and dynamic.

  40. Software and Data • HSes have incentives to support server-side defenses: SecureDrop has implemented a prototype of ALPaCA • ALPaCA is running on a HS: 3tmaadslguc72xc2.onion • Source code defenses: github.com/camelids • Source code and data for fingerprintability analysis: cosic.esat.kuleuven.be/fingerprintability 40

  41. The HS world • Exploratory crawl: 5,000 HSes (from Ahmia.fi) • Stats for the HS world (from intercepted HTTP headers) - Distribution of types, sizes and number of resources • Most HSes are small compared to an average website • Few HSes have any JS or 3rd-party content - JS: less than 13% Assumption: no JS - 3rd party content: less than 20% Assumption: no 3rd parties 41

  42. Limitations and Future Work • ALPaCA can only make sites bigger, but not smaller • What’s the optimal padding at the app layer? Lack of a thorough feature analysis. • How do the distributions change over time? How do we update our defenses accordingly? - How does the strategy need be adapted as HSes adopt our defense(s)? 42

  43. LLaMA Client Server • Inspired by Randomized Pipelining C 1 Goal: randomize HTTP requests C 2 • Same goal from a FF add-on: δ C 1 ’ - Random delays ( δ) C 2 - Repeat previous requests (C 1 ) 43

  44. LLaMA: results • Accuracy drops between 20% and 30% • Less than 10% latency and bandwidth overheads 44

Recommend

Website fingerprinting on Tor: attacks and defenses Claudia Diaz KU Leuven Joint work with: Marc

Website fingerprinting on Tor: attacks and defenses Claudia Diaz KU Leuven Joint work with: Marc

Website fingerprinting on Tor: attacks and defenses Claudia Diaz KU Leuven Joint work with: Marc Juarez , Sadia Afroz, Gunes Acar, Rachel Greenstadt, Mohsen Imani, Mike Perry, Matthew Wright Post-Snowden Cryptography Workshop Brussels, December

754 views • 52 slides
Bayes, not Nave Security Bounds on Website Fingerprinting Defenses Giovanni Cherubin Privacy

Bayes, not Nave Security Bounds on Website Fingerprinting Defenses Giovanni Cherubin Privacy

Bayes, not Nave Security Bounds on Website Fingerprinting Defenses Giovanni Cherubin Privacy Enhancing Technologies Symposium Minneapolis, Minnesota, USA 19 July, 2017 @gchers Website Fingerprinting (WF) Encrypted Tunnel Victim

400 views • 20 slides
Website fingerprinting attacks against Tor Browser Bundle: a comparison between HTTP/1.1 and

Website fingerprinting attacks against Tor Browser Bundle: a comparison between HTTP/1.1 and

Tor website fingerprinting Website fingerprinting attacks against Tor Browser Bundle: a comparison between HTTP/1.1 and HTTP/2 T.T.N. Marks BSc. K.C.N. Halvemaan BSc. University of Amsterdam System and Network Engineering Research Project #1

664 views • 32 slides
Website Fingerprinting Defenses at the Application Layer Giovanni Cherubin 1 Jamie Hayes 2 Marc

Website Fingerprinting Defenses at the Application Layer Giovanni Cherubin 1 Jamie Hayes 2 Marc

Website Fingerprinting Defenses at the Application Layer Giovanni Cherubin 1 Jamie Hayes 2 Marc Juarez 3 1 Royal Holloway University of London 2 University College London 3 imec-COSIC KU Leuven 19th July 2017, PETS17, Minneapolis, MN, USA

735 views • 17 slides
Website Fingerprinting Defenses at the Application Layer Giovanni Cherubin 1 Jamie Hayes 2 Marc

Website Fingerprinting Defenses at the Application Layer Giovanni Cherubin 1 Jamie Hayes 2 Marc

Website Fingerprinting Defenses at the Application Layer Giovanni Cherubin 1 Jamie Hayes 2 Marc Juarez 3 1 Royal Holloway University of London 2 University College London 3 KU Leuven, ESAT/COSIC and imec (to appear in PoPETS 2017) Talk in the

532 views • 20 slides
A Critical Evaluation of Website Fingerprinting Attacks Marc Juarez 1 Sadia Afroz 2 Gunes Acar 1

A Critical Evaluation of Website Fingerprinting Attacks Marc Juarez 1 Sadia Afroz 2 Gunes Acar 1

A Critical Evaluation of Website Fingerprinting Attacks Marc Juarez 1 Sadia Afroz 2 Gunes Acar 1 Claudia Diaz 1 Rachel Greenstadt 3 1 KU Leuven, ESAT/COSIC and iMinds, Leuven, Belgium 2 UC Berkeley, US 3 Drexel University, US CCS 2014, Scottsdale,

687 views • 49 slides
k -fingerprinting: a Robust Scalable Website Fingerprinting Technique George Danezis Jamie Hayes

k -fingerprinting: a Robust Scalable Website Fingerprinting Technique George Danezis Jamie Hayes

k -fingerprinting: a Robust Scalable Website Fingerprinting Technique George Danezis Jamie Hayes University College London August 12, 2016 1/24 How does website fingerprinting work? - Training Tor network Relay 2 Adversary Relay 1

988 views • 24 slides
Feature Selection in Website Fingerprinting Junhua Yan Advisor: Prof. Jasleen Kaur July 24,

Feature Selection in Website Fingerprinting Junhua Yan Advisor: Prof. Jasleen Kaur July 24,

Feature Selection in Website Fingerprinting Junhua Yan Advisor: Prof. Jasleen Kaur July 24, 2019 1/23 Website Fingerprinting Goal: determine the visited website by inspecting network traffic on client side client web Figure: Attacker

831 views • 59 slides
Advanced Man-at-the-end Attacks and Defenses Bjorn De Sutter ISSISP 2018 Canberra 1

Advanced Man-at-the-end Attacks and Defenses Bjorn De Sutter ISSISP 2018 Canberra 1

Advanced Man-at-the-end Attacks and Defenses Bjorn De Sutter ISSISP 2018 Canberra 1 Lecture Overview 1. Advanced MATE attacks models tools & techniques 2. Protected code comprehension processes 3. Advanced MATE defenses 4.

1.79k views • 114 slides
Lab 5: Shark Attacks, Again! DNA Fingerprinting to the Rescue Notebook Lab Objectives

Lab 5: Shark Attacks, Again! DNA Fingerprinting to the Rescue Notebook Lab Objectives

Lab 5: Shark Attacks, Again! DNA Fingerprinting to the Rescue Notebook Lab Objectives Develop an understanding of the basic techniques used to study genetic polymorphisms encoded in DNA Gain familiarity with Restriction Fragment Length

436 views • 15 slides
Lab 5: Shark Attacks, Again! DNA Fingerprinting to the Rescue Notebook Lab Objectives

Lab 5: Shark Attacks, Again! DNA Fingerprinting to the Rescue Notebook Lab Objectives

Lab 5: Shark Attacks, Again! DNA Fingerprinting to the Rescue Notebook Lab Objectives Develop an understanding of the basic techniques used to study genetic polymorphisms encoded in DNA Gain familiarity with Restriction Fragment Length

659 views • 27 slides
Attacks and Defenses Dr. Falko Strenzke fstrenzke@cryptosource.de cryptosource Cryptography.

Attacks and Defenses Dr. Falko Strenzke fstrenzke@cryptosource.de cryptosource Cryptography.

Attacks and Defenses Dr. Falko Strenzke fstrenzke@cryptosource.de cryptosource Cryptography. Security. Falko Strenzke 2020 For evaluation purposes only Please do not distribute August 4, 2020 Dr. Falko Strenzke Attacks and Defenses For

531 views • 30 slides
Morellian Analysis for Browsers: Making Web Authentication Stronger With Canvas Fingerprinting

Morellian Analysis for Browsers: Making Web Authentication Stronger With Canvas Fingerprinting

Morellian Analysis for Browsers: Making Web Authentication Stronger With Canvas Fingerprinting Pierre Laperdrix , Gildas Avoine, Benoit Baudry, Nick Nikiforakis DIMVA 2019 In Introduction Web attacks and data breaches 2 Attacks on the

945 views • 66 slides
Clickjacking: Attacks and Defenses University of Cyprus Department of ComputerScience Advanced

Clickjacking: Attacks and Defenses University of Cyprus Department of ComputerScience Advanced

Clickjacking: Attacks and Defenses University of Cyprus Department of ComputerScience Advanced Security Topics Name: Soteris Constantinou Instructor: Dr. Elias Athanasopoulos Authors: Lin-Shung Huang, Alex Moshchuk, Helen J. Wang, Stuart

1.65k views • 81 slides
Clickjacking Credit: paper (Clickjacking: Attacks and Defenses Huang et al.) and most slide

Clickjacking Credit: paper (Clickjacking: Attacks and Defenses Huang et al.) and most slide

Clickjacking Credit: paper (Clickjacking: Attacks and Defenses Huang et al.) and most slide content (Vern Paxson) Misleading users Browser assumes that clicks and keystrokes = clear indication of what the user wants to do Constitutes

567 views • 24 slides
15-780 Graduate Artificial Intelligence: Adversarial attacks and provable defenses J. Zico

15-780 Graduate Artificial Intelligence: Adversarial attacks and provable defenses J. Zico

15-780 Graduate Artificial Intelligence: Adversarial attacks and provable defenses J. Zico Kolter (this lecture) and Ariel Procaccia Carnegie Mellon University Spring 2018 Portions base upon joint work with Eric Wong 1 Outline Adverarial

710 views • 39 slides
Website Fingerprinting Attacking Popular Privacy Enhancing Technologies with the Multinomial

Website Fingerprinting Attacking Popular Privacy Enhancing Technologies with the Multinomial

Website Fingerprinting Attacking Popular Privacy Enhancing Technologies with the Multinomial Nave-Bayes Classifier Dominik Herrmann , Hannes Federrath Rolf Wendolsky University of Regensburg, Germany JonDos GmbH Motivation To Whom It May

901 views • 34 slides
Physical Security Attacks and Defenses for Computing Systems Steve Weingart Senior Engineer

Physical Security Attacks and Defenses for Computing Systems Steve Weingart Senior Engineer

Physical Security Attacks and Defenses for Computing Systems Steve Weingart Senior Engineer c1shw@us.ibm.com (561) 392 6100 Secure Systems and Smart Cards IBM T.J. Watson Research Center Hawthorne, NY Physical Security Attacks &

334 views • 8 slides
Side-Channel Attacks and Defenses for SGX and SEV Yinqian Zhang Associate Professor Computer

Side-Channel Attacks and Defenses for SGX and SEV Yinqian Zhang Associate Professor Computer

Open Source Enclave Workshop 2019 Side-Channel Attacks and Defenses for SGX and SEV Yinqian Zhang Associate Professor Computer Science & Engineering The Ohio State University Userland TEEs on Commodity Processors Application VM VM

154 views • 14 slides
Buffer Overflow Attacks & Defenses Slides are borrowed from Franziska Roesner @UW and Dawn

Buffer Overflow Attacks & Defenses Slides are borrowed from Franziska Roesner @UW and Dawn

Buffer Overflow Attacks & Defenses Slides are borrowed from Franziska Roesner @UW and Dawn Song @Berkeley Linux (32-bit) process memory layout -0xFFFFFFFF Reserved for Kernal -0xC0000000 user stack %esp shared libraries -0x40000000

994 views • 85 slides
FOSAD07 Low-level Software Security: Attacks and Defenses lfar Erlingsson Microsoft

FOSAD07 Low-level Software Security: Attacks and Defenses lfar Erlingsson Microsoft

FOSAD07 Low-level Software Security: Attacks and Defenses lfar Erlingsson Microsoft Research, Silicon Valley and Reykjavk University, Iceland An example of a real-world attack Exploits a vulnerability in the GDI+ rendering of

1.26k views • 113 slides
On Adaptive Attacks to Adversarial Example Defenses Florian Tramr USENIX ScAINet August 10 th

On Adaptive Attacks to Adversarial Example Defenses Florian Tramr USENIX ScAINet August 10 th

On Adaptive Attacks to Adversarial Example Defenses Florian Tramr USENIX ScAINet August 10 th , 2020 Joint work with Nicholas Carlini, Wieland Brendel and Aleksander Madry What Are Adversarial Examples? 88% Tabby Cat 99% Guacamole Biggio

360 views • 21 slides
Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from

Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from

Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from Christopher W. Fletcher Reminder Lab assignment will be released 09/21 Monday Recommend to read Cache missing for fun and profit. (2005).

1.03k views • 66 slides
Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from

Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from

Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from Christopher W. Fletcher Reminder Lab assignment will be released 09/21 Monday Recommend to read Cache missing for fun and profit. (2005).

562 views • 38 slides

More recommend