research-article

Improved website fingerprinting on Tor

Authors:

Ian GoldbergAuthors Info & Claims

WPES '13: Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society

Pages 201 - 212

https://doi.org/10.1145/2517840.2517851

Published: 04 November 2013 Publication History

Abstract

In this paper, we propose new website fingerprinting techniques that achieve a higher classification accuracy on Tor than previous works. We describe our novel methodology for gathering data on Tor; this methodology is essential for accurate classifier comparison and analysis. We offer new ways to interpret the data by using the more fundamental Tor cells as a unit of data rather than TCP/IP packets. We demonstrate an experimental method to remove Tor SENDMEs, which are control cells that provide no useful data, in order to improve accuracy. We also propose a new set of metrics to describe the similarity between two traffic instances; they are derived from observations on how a site is loaded. Using our new metrics we achieve a higher success rate than previous authors. We conduct a thorough analysis and comparison between our new algorithms and the previous best algorithm. To identify the potential power of website fingerprinting on Tor, we perform open-world experiments; we achieve a recall rate over 95% and a false positive rate under 0.2% for several potentially monitored sites, which far exceeds previous reported recall rates. In the closed-world experiments, our accuracy is 91%, as compared to 86-87% from the best previous classifier on the same data.

References

[1]

M. AlSabah, K. Bauer, I. Goldberg, D. Grunwald, D. McCoy, S. Savage, and G. Voelker. DefenestraTor: Throwing out windows in Tor. In Proceedings of the 11th Privacy Enhancing Technologies Symposium, pages 134--154. Springer, 2011.

Digital Library

[2]

X. Cai, X. Zhang, B. Joshi, and R. Johnson. Touching from a distance: Website fingerprinting attacks and defenses. In Proceedings of the 2012 ACM conference on Computer and Communications Security, pages 605--616, 2012.

Digital Library

[3]

J. R. Crandall, D. Zinn, M. Byrd, E. Barr, and R. East. Conceptdoppler: a weather tracker for internet censorship. In Proceedings of the 14th ACM Conference on Computer and Communications Security, pages 1--4, 2007.

Digital Library

[4]

R. Dingledine, N. Mathewson, and P. Syverson. Tor: The second-generation onion router. In Proceedings of the 13th USENIX Security Symposium, 2004.

Digital Library

[5]

K. Dyer, S. Coull, T. Ristenpart, and T. Shrimpton. Peek-a-boo, I still see you: Why efficient traffic analysis countermeasures fail. In Proceedings of the 2012 IEEE Symposium on Security and Privacy, pages 332--346, 2012.

Digital Library

[6]

P. Eckersley. How unique is your web browser? In Privacy Enhancing Technologies, pages 1--18, 2010.

Digital Library

[7]

D. Herrmann, R. Wendolsky, and H. Federrath. Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naive-bayes classifier. In Proceedings of the 2009 ACM workshop on Cloud computing security, pages 31--42, 2009.

Digital Library

[8]

M. Liberatore and B. Levine. Inferring the source of encrypted HTTP connections. In Proceedings of the 13th ACM conference on Computer and Communications Security, pages 255--263, 2006.

Digital Library

[9]

N. Matthewson. Tor and the BEAST SSL attack. https://blog.torproject.org/blog/tor-and-beast-ssl-attack, September 2011. Accessed Feb. 2013.

[10]

N. Matthewson and M. Perry. Tor Controller. https://svn.torproject.org/svn/blossom/trunk/TorCtl.py, September 2007. Accessed Feb.2013.

[11]

B. J. Oommen and R. K. S. Loke. Pattern recognition of strings with substitutions, insertions, deletions and generalized transpositions. Pattern Recognition, 30(5):789--800, 1997.

[12]

A. Panchenko, L. Niessen, A. Zinnen, and T. Engel. Website fingerprinting in onion routing based anonymization networks. In Proceedings of the 10th ACM Workshop on Privacy in the Electronic Society, pages 103--114, 2011.

Digital Library

[13]

M. Perry. Experimental Defense for Website Traffic Fingerprinting. https://blog.torproject.org/blog/experimental-defense-website-traffic-f%ingerprinting, September 2011. Accessed Feb.\ 2013.

[14]

R. Pries, W. Yu, S. Graham, and X. Fu. On performance bottleneck of anonymous communication networks. In Proceedings of the 22nd IEEE International Parallel and Distributed Processing Symposium (IPDPS), pages 1--11, 2008.

[15]

Tor. Tor Metrics Portal. https://metrics.torproject.org/, July 2012. Accessed Feb.\ 2013.

[16]

V. Vapnik and A. Chervonenkis. Theory of pattern recognition. Nauka, 1974.

[17]

R. Wagner and R. Lowrance. An extension of the string-to-string correction problem. Journal of the ACM (JCM), 22(2):177--183, 1975.

Digital Library

[18]

J. Weston and C. Watkins. Support vector machines for multi-class pattern recognition. In Proceedings of the seventh European symposium on artificial neural networks, pages 219--224, 1999.

[19]

C. Wright, S. Coull, and F. Monrose. Traffic morphing: An efficient defense against statistical traffic analysis. In Proceedings of the 16th Network and Distributed Security Symposium, pages 237--250, 2009.

Cited By

Luo CTang WWang QZheng D(2025)Few-Shot Website Fingerprinting With Distribution CalibrationIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.341101422:1(632-648)Online publication date: Jan-2025
https://doi.org/10.1109/TDSC.2024.3411014
Ding YHu B(2025)A Multi-Granularity Features Representation and Dimensionality Reduction Network for Website FingerprintingIEEE Access10.1109/ACCESS.2024.352289213(574-587)Online publication date: 2025
https://doi.org/10.1109/ACCESS.2024.3522892
Ginige YDahanayaka TSeneviratne S(2024)TrafficGPT: An LLM Approach for Open-Set Encrypted Traffic ClassificationProceedings of the Asian Internet Engineering Conference 202410.1145/3674213.3674217(26-35)Online publication date: 9-Aug-2024
https://dl.acm.org/doi/10.1145/3674213.3674217
Show More Cited By

Index Terms

Improved website fingerprinting on Tor
1. Security and privacy
  1. Human and societal aspects of security and privacy
  2. Network security
2. Social and professional topics
  1. Computing / technology policy
    1. Privacy policies

Recommendations

Deep Fingerprinting: Undermining Website Fingerprinting Defenses with Deep Learning
CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

Website fingerprinting enables a local eavesdropper to determine which websites a user is visiting over an encrypted connection. State-of-the-art website fingerprinting attacks have been shown to be effective even against Tor. Recently, lightweight ...
The rise of website fingerprinting on Tor: Analysis on techniques and assumptions
Abstract
Tor is one of the most popular anonymity networks that allows Internet users to hide their browsing activity. Hiding browsing activity is essential for Internet users to increase their privacy. Only Tor users should know the website ...
Graphical abstract

Display Omitted
Highlights
- We reviewed studies related to WF on Tor which encompass 12 years of research.
- ...
Revisiting Assumptions for Website Fingerprinting Attacks
Asia CCS '19: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security

Most privacy-conscious users utilize HTTPS and an anonymity network such as Tor to mask source and destination IP addresses. It has been shown that encrypted and anonymized network traffic traces can still leak information through a type of attack ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

WPES '13: Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society

November 2013

306 pages

ISBN:9781450324854

DOI:10.1145/2517840

General Chair:
Ahmad-Reza Sadeghi
TU-Darmstadt & Fraunhofer SIT & Intel ICRI-SC, Germany
,
Program Chair:
Sara Foresti
Università degli Studi di Milano, Italy

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 November 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'13

Sponsor:

SIGSAC

CCS'13: 2013 ACM SIGSAC Conference on Computer and Communications Security

November 4, 2013

Berlin, Germany

Acceptance Rates

WPES '13 Paper Acceptance Rate 30 of 103 submissions, 29%;

Overall Acceptance Rate 106 of 355 submissions, 30%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

196
Total Citations
View Citations
1,497
Total Downloads

Downloads (Last 12 months)163
Downloads (Last 6 weeks)11

Reflects downloads up to 08 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Luo CTang WWang QZheng D(2025)Few-Shot Website Fingerprinting With Distribution CalibrationIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.341101422:1(632-648)Online publication date: Jan-2025
https://doi.org/10.1109/TDSC.2024.3411014
Ding YHu B(2025)A Multi-Granularity Features Representation and Dimensionality Reduction Network for Website FingerprintingIEEE Access10.1109/ACCESS.2024.352289213(574-587)Online publication date: 2025
https://doi.org/10.1109/ACCESS.2024.3522892
Ginige YDahanayaka TSeneviratne S(2024)TrafficGPT: An LLM Approach for Open-Set Encrypted Traffic ClassificationProceedings of the Asian Internet Engineering Conference 202410.1145/3674213.3674217(26-35)Online publication date: 9-Aug-2024
https://dl.acm.org/doi/10.1145/3674213.3674217
Kim HJo MHong JKang HMathews NOh SQuek TGao DZhou JCardenas A(2024)WhisperVoiceTrace: A Comprehensive Analysis of Voice Command FingerprintingProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3657017(667-683)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3657017
Krämer PBaier BLanderer NDiederich PGriessel AHohlfeld OBlenk AMieth MKellerer W(2024)ProFi: Scalable and Efficient Website FingerprintingIEEE Transactions on Network and Service Management10.1109/TNSM.2023.331850821:1(1271-1286)Online publication date: Feb-2024
https://doi.org/10.1109/TNSM.2023.3318508
Ma XQu JShi MAn BLi JLuo XZhang JLi ZGuan X(2024)Website Fingerprinting on Encrypted Proxies: A Flow-Context-Aware Approach and CountermeasuresIEEE/ACM Transactions on Networking10.1109/TNET.2023.333727032:3(1904-1919)Online publication date: Jun-2024
https://doi.org/10.1109/TNET.2023.3337270
Zhang XWang JCheng YLi QSun KZheng YZhang NLi X(2024)Interface-Based Side Channel in TEE-Assisted Networked ServicesIEEE/ACM Transactions on Networking10.1109/TNET.2023.329401932:1(613-626)Online publication date: Feb-2024
https://doi.org/10.1109/TNET.2023.3294019
Qian YHuang GMa CDing MYuan LChen ZWang K(2024)Enhancing Resilience in Website Fingerprinting: Novel Adversary Strategies for Noisy Traffic EnvironmentsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.343240419(7216-7231)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3432404
Walsh TThomas TBarton A(2024)Exploring the Capabilities and Limitations of Video Stream Fingerprinting2024 IEEE Security and Privacy Workshops (SPW)10.1109/SPW63631.2024.00008(28-39)Online publication date: 23-May-2024
https://doi.org/10.1109/SPW63631.2024.00008
Wang SWang ZLi CHan DYang JZhang H(2024)TrafficSiam: More Realistic Few-shot Website Fingerprinting Attack with Contrastive LearningNOMS 2024-2024 IEEE Network Operations and Management Symposium10.1109/NOMS59830.2024.10575874(1-9)Online publication date: 6-May-2024
https://doi.org/10.1109/NOMS59830.2024.10575874
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten