Advertisement

Revisiting Website Fingerprinting Attacks in Real-World Scenarios: A Case Study of Shadowsocks

  • Yankang Zhao
  • Xiaobo MaEmail author
  • Jianfeng Li
  • Shui Yu
  • Wei Li
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11058)

Abstract

Website fingerprinting has been recognized as a traffic analysis attack against encrypted traffic induced by anonymity networks (e.g., Tor) and encrypted proxies. Recent studies have demonstrated that, leveraging machine learning techniques and numerous side-channel traffic features, website fingerprinting is effective in inferring which website a user is visiting via anonymity networks and encrypted proxies. In this paper, we concentrate on Shadowsocks, an encrypted proxy widely used to evade Internet censorship, and we are interested in to what extent state-of-the-art website fingerprinting techniques can break the privacy of Shadowsocks users in real-world scenarios. By design, Shadowsocks does not deploy any timing-based or packet size-based defenses like Tor. Therefore, we expect that website fingerprinting could achieve better attack performance against Shadowsocks compared to Tor. However, after deploying Shadowsocks with more than 20 active users and collecting 30 GB traces during one month, our observation is counter-intuitive. That is, the attack performance against Shadowsocks is even worse than that against Tor (based on public Tor traces). Motivated by such an observation, we investigate a series of practical factors affecting website fingerprinting, such as data labeling, feature selection, and number of instances per class. Our study reveals that state-of-the-art website fingerprinting techniques may not be effective in real-world scenarios, even in the face of Shadowsocks which does not deploy typical defenses.

References

  1. 1.
    Scikit-learn (2017). http://scikit-learn.org/stable/
  2. 2.
    Google Trend of Shadowsocks, January 2018. https://trends.google.com.hk/trends/
  3. 3.
  4. 4.
    Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)CrossRefGoogle Scholar
  5. 5.
    Cai, X., Nithyanand, R., Wang, T., Johnson, R., Goldberg, I.: A systematic approach to developing and evaluating website fingerprinting defenses. In: Proceedings of the ACM CCS (2014)Google Scholar
  6. 6.
    Dyer, K.P., Coull, S.E., Ristenpart, T., Shrimpton, T.: Peek-a-boo, i still see you: why efficient traffic analysis countermeasures fail. In: Proceedings of the IEEE Security and Privacy (2012)Google Scholar
  7. 7.
    Gong, X., Kiyavash, N., Borisov, N.: Fingerprinting websites using remote traffic analysis. In: Proceedings of the ACM CCS (2010)Google Scholar
  8. 8.
    Gu, X., Yang, M., Luo, J.: A novel website fingerprinting attack against multi-tab browsing behavior. In: Proceedings of the IEEE CSCWD (2015)Google Scholar
  9. 9.
    Hayes, J., Danezis, G.: k-fingerprinting: a robust scalable website fingerprinting technique. In: Proceedings of the USENIX Security (2016)Google Scholar
  10. 10.
    Herrmann, D., Wendolsky, R., Federrath, H.: Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier. In: Proceedings of the ACM CCSW (2009)Google Scholar
  11. 11.
    Hintz, A.: Fingerprinting websites using traffic analysis. In: Proceedings of the PET (2002)Google Scholar
  12. 12.
    Ho, T.K., Basu, M.: Complexity measures of supervised classification problems. IEEE Trans. Pattern Anal. Mach. Intell. 24(3), 289–300 (2002)CrossRefGoogle Scholar
  13. 13.
    Juarez, M., Afroz, S., Acar, G., Diaz, C., Greenstadt, R.: A critical evaluation of website fingerprinting attacks. In: Proceedings of the ACM CCS (2014)Google Scholar
  14. 14.
    Juárez, M., Imani, M., Perry, M., Díaz, C., Wright, M.: WTF-PAD: toward an efficient website fingerprinting defense for tor. CoRR abs/1512.00524 (2015). http://arxiv.org/abs/1512.00524
  15. 15.
    Li, J., et al.: Can we learn what people are doing from raw DNS queries? In: Proceedings of the IEEE INFOCOM (2018)Google Scholar
  16. 16.
    Liberatore, M., Levine, B.N.: Inferring the source of encrypted HTTP connections. In: Proceedings of the ACM CCS (2006)Google Scholar
  17. 17.
    Lu, L., Chang, E., Chan, M.C.: Website fingerprinting and identification using ordered feature sequences. In: Proceedings of the ESORICS (2010)Google Scholar
  18. 18.
    Luo, X., Zhou, P., Chan, E., Lee, W., Chang, R., Perdisci, R.: Httpos: sealing information leaks with browser-side obfuscation of encrypted flows. In: Proceedings of the NDSS (2011)Google Scholar
  19. 19.
    Nithyanand, R., Cai, X., Johnson, R.: Glove: A bespoke website fingerprinting defense. In: Proceedings of the WPES (2014)Google Scholar
  20. 20.
    Panchenko, A., et al.: Website fingerprinting at internet scale. In: Proceedings of the NDSS (2016)Google Scholar
  21. 21.
    Panchenko, A., Niessen, L., Zinnen, A., Engel, T.: Website fingerprinting in onion routing based anonymization networks. In: Proceedings of the ACM WPES (2011)Google Scholar
  22. 22.
    Shmatikov, V., Wang, M.-H.: Timing analysis in low-latency mix networks: attacks and defenses. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 18–33. Springer, Heidelberg (2006).  https://doi.org/10.1007/11863908_2CrossRefGoogle Scholar
  23. 23.
    Wang, T., Cai, X., Nithyanand, R., Johnson, R., Goldberg, I.: Effective attacks and provable defenses for website fingerprinting. In: Proceedings of the USENIX Security (2014)Google Scholar
  24. 24.
    Wright, C., Coulls, S., Monrose, F.: Traffic morphing: an efficient defense against statistical traffic analysis. In: Proceedings of the NDSS (2009)Google Scholar
  25. 25.
    Yu, S., Zhao, G., Dou, W., James, S.: Predicted packet padding for anonymous web browsing against traffic analysis attacks. IEEE Trans. Inf. Forensics Secur. 7(4), 1381–1393 (2012)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Yankang Zhao
    • 1
    • 2
  • Xiaobo Ma
    • 1
    • 2
    Email author
  • Jianfeng Li
    • 1
    • 2
  • Shui Yu
    • 3
  • Wei Li
    • 1
    • 2
  1. 1.Ministry of Education Key Laboratory of Intelligent Networks and Network SecurityXi’an Jiaotong UniversityXi’anChina
  2. 2.School of Electronic and Information EngineeringXi’an Jiaotong UniversityXi’anChina
  3. 3.School of SoftwareUniversity of Technology SydneySydneyAustralia

Personalised recommendations