Paper | Download ( PDF | 334kB) |
Website Fingerprinting: Attacking Popular Privacy Enhancing Technologies with the Multinomial Naïve-Bayes Classifier
Herrmann, Dominik, Wendolsky, Rolf und Federrath, Hannes (2009) Website Fingerprinting: Attacking Popular Privacy Enhancing Technologies with the Multinomial Naïve-Bayes Classifier. In: CCSW '09: ACM Workshop on Cloud Computing Security, 13.11.2009, Chicago, Illinois, USA.Veröffentlichungsdatum dieses Volltextes: 08 Jan 2010 08:23
Konferenz- oder Workshop-Beitrag
DOI zum Zitieren dieses Dokuments: 10.5283/epub.11919
Zusammenfassung
Privacy enhancing technologies like OpenSSL, OpenVPN or Tor establish an encrypted tunnel that enables users to hide content and addresses of requested websites from external observers This protection is endangered by local traffic analysis attacks that allow an external, passive attacker between the PET system and the user to uncover the identity of the requested sites. However, existing ...
Privacy enhancing technologies like OpenSSL, OpenVPN or Tor establish an encrypted tunnel that enables users to hide content and addresses of requested websites from external observers This protection is endangered by local traffic analysis attacks that allow an external, passive attacker between the PET system and the user to uncover the identity of the requested sites. However, existing proposals for such attacks are not practicable yet.
We present a novel method that applies common text mining techniques to the normalised frequency distribution of observable IP packet sizes. Our classifier correctly identifies up to 97% of requests on a sample of 775 sites and over 300,000 real-world traffic dumps recorded over a two-month period. It outperforms previously known methods like Jaccard's classifier and Naïve Bayes that neglect packet frequencies altogether or rely on absolute frequency values, respectively. Our method is system-agnostic: it can be used against any PET without alteration. Closed-world results indicate that many popular single-hop and even multi-hop systems like Tor and JonDonym are vulnerable against this general fingerprinting attack. Furthermore, we discuss important real-world issues, namely false alarms and the influence of the browser cache on accuracy.
Alternative Links zum Volltext
Beteiligte Einrichtungen
Details
| Dokumentenart | Konferenz- oder Workshop-Beitrag (Paper) | ||||
| Seitenbereich: | S. 31-42 | ||||
|---|---|---|---|---|---|
| Datum | 13 November 2009 | ||||
| Zusätzliche Informationen (Öffentlich) | erschienen: CCSW '09: Proceedings of the 2009 ACM workshop on Cloud computing security, ACM, New York, NY, 2009. ISBN: 978-1-60558-784-4 | ||||
| Institutionen | Wirtschaftswissenschaften > Institut für Wirtschaftsinformatik > Entpflichtete oder im Ruhestand befindliche Professoren > Lehrstuhl für Wirtschaftsinformatik IV - Management der Informationssicherheit (Prof. Dr.-Ing. Hannes Federrath) | ||||
| Identifikationsnummer |
| ||||
| Verwandte URLs |
| ||||
| Stichwörter / Keywords | forensics, low-latency anonymity, text mining, traffic analysis | ||||
| Dewey-Dezimal-Klassifikation | 000 Informatik, Informationswissenschaft, allgemeine Werke > 004 Informatik | ||||
| Status | Veröffentlicht | ||||
| Begutachtet | Ja, diese Version wurde begutachtet | ||||
| An der Universität Regensburg entstanden | Ja | ||||
| URN der UB Regensburg | urn:nbn:de:bvb:355-epub-119198 | ||||
| Dokumenten-ID | 11919 |
Bibliographische Daten exportieren
Nur für Besitzer und Autoren: Kontrollseite des Eintrags
Downloadstatistik
Downloadstatistik