Herrmann, Dominik and Wendolsky, Rolf and Federrath, Hannes (2009) Website Fingerprinting: Attacking Popular Privacy Enhancing Technologies with the Multinomial Naïve-Bayes Classifier. In: CCSW '09: ACM Workshop on Cloud Computing Security, 13.11.2009, Chicago, Illinois, USA.
Privacy enhancing technologies like OpenSSL, OpenVPN or Tor establish an encrypted tunnel that enables users to hide content and addresses of requested websites from external observers This protection is endangered by local traffic analysis attacks that allow an external, passive attacker between the PET system and the user to uncover the identity of the requested sites. However, existing proposals for such attacks are not practicable yet.
We present a novel method that applies common text mining techniques to the normalised frequency distribution of observable IP packet sizes. Our classifier correctly identifies up to 97% of requests on a sample of 775 sites and over 300,000 real-world traffic dumps recorded over a two-month period. It outperforms previously known methods like Jaccard's classifier and Naïve Bayes that neglect packet frequencies altogether or rely on absolute frequency values, respectively. Our method is system-agnostic: it can be used against any PET without alteration. Closed-world results indicate that many popular single-hop and even multi-hop systems like Tor and JonDonym are vulnerable against this general fingerprinting attack. Furthermore, we discuss important real-world issues, namely false alarms and the influence of the browser cache on accuracy.
|Item Type:||Conference or Workshop Item (Paper)|
|Date:||13 November 2009|
|Additional information (public):||erschienen: CCSW '09: Proceedings of the 2009 ACM workshop on Cloud computing security, ACM, New York, NY, 2009. ISBN: 978-1-60558-784-4|
|Institutions:||Business, Economics and Information Systems > Institut für Wirtschaftsinformatik > Retired Professors > Lehrstuhl für Wirtschaftsinformatik IV - Management der Informationssicherheit (Prof. Dr.-Ing. Hannes Federrath)|
|Keywords:||forensics, low-latency anonymity, text mining, traffic analysis|
|Subjects:||000 Computer science, information & general works > 004 Computer science|
|Refereed:||Yes, this version has been refereed|
|Created at the University of Regensburg:||Yes|
|Deposited On:||08 Jan 2010 08:23|
|Last Modified:||20 Jul 2011 22:13|