Herrmann, Dominik and Wendolsky, Rolf and Federrath, Hannes (2009) Website Fingerprinting: Attacking Popular Privacy Enhancing Technologies with the Multinomial Naïve-Bayes Classifier. In: CCSW '09: ACM Workshop on Cloud Computing Security, 13.11.2009, Chicago, Illinois, USA.
PDF (Paper) - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
Privacy enhancing technologies like OpenSSL, OpenVPN or Tor establish an encrypted tunnel that enables users to hide content and addresses of requested websites from external observers This protection is endangered by local traffic analysis attacks that allow an external, passive attacker between the PET system and the user to uncover the identity of the requested sites. However, existing proposals for such attacks are not practicable yet.
We present a novel method that applies common text mining techniques to the normalised frequency distribution of observable IP packet sizes. Our classifier correctly identifies up to 97% of requests on a sample of 775 sites and over 300,000 real-world traffic dumps recorded over a two-month period. It outperforms previously known methods like Jaccard's classifier and Naïve Bayes that neglect packet frequencies altogether or rely on absolute frequency values, respectively. Our method is system-agnostic: it can be used against any PET without alteration. Closed-world results indicate that many popular single-hop and even multi-hop systems like Tor and JonDonym are vulnerable against this general fingerprinting attack. Furthermore, we discuss important real-world issues, namely false alarms and the influence of the browser cache on accuracy.
|Item Type:||Conference or Workshop Item (Paper)|
|Additional information (public):||erschienen: CCSW '09: Proceedings of the 2009 ACM workshop on Cloud computing security, ACM, New York, NY, 2009. ISBN: 978-1-60558-784-4|
|Institutions:||Business, Economics and Information Systems > Institut für Wirtschaftsinformatik > Lehrstuhl für Wirtschaftsinformatik IV - Management der Informationssicherheit (Prof. Dr.-Ing. Hannes Federrath)|
|Keywords:||forensics, low-latency anonymity, text mining, traffic analysis|
|Subjects:||000 Computer science, information & general works > 004 Computer science|
|Refereed:||Yes, this version has been refereed|
|Created at the University of Regensburg:||Yes|
|Deposited On:||08 Jan 2010 09:23|
|Last Modified:||21 Jul 2011 00:13|
- ASCII Citation
- Dublin Core
- HTML Citation
- OAI-ORE Resource Map (Atom Format)
- OAI-ORE Resource Map (RDF Format)
- Reference Manager
- Simple Metadata
Literature of the same author
at publisher (via DOI)