Abstract
We consider website fingerprinting over encrypted and proxied channel. It has been shown that information on packet sizes is sufficient to achieve good identification accuracy. Recently, traffic morphing [1] was proposed to thwart website fingerprinting by changing the packet size distribution so as to mimic some other website, while minimizing bandwidth overhead. In this paper, we point out that packet ordering information, though noisy, can be utilized to enhance website fingerprinting. In addition, traces of the ordering information remain even under traffic morphing and they can be extracted for identification. When web access is performed over OpenSSH and 2000 profiled websites, the identification accuracy of our scheme reaches 81%, which is 11% better than Liberatore and Levine’s scheme presented in CCS’06 [2]. We are able to identify 78% of the morphed traffic among 2000 websites while Liberatore and Levine’s scheme identifies only 52%. Our analysis suggests that an effective countermeasure to website fingerprinting should not only hide the packet size distribution, but also aggressively remove the ordering information.
Keywords
Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Wright, C.V., Coull, S.E., Monrose, F.: Traffic morphing: An Efficient Defense against Statistical Traffic Analysis. In: 16th NDSS (2009)
Liberatore, M., Levine, B.N.: Inferring the Source of Encrypted HTTP connections. In: 13th ACM CCS, pp. 255–263 (2006)
Hintz, A.: Fingerprinting Websites using Traffic Analysis. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 229–233. Springer, Heidelberg (2003)
Sun, Q., Simon, D.R., Wang, Y.M., Russell, W., Padmanabhan, V.N., Qiu, L.: Statistical Identification of Encrypted Web Browsing Traffic. In: IEEE S&P 2002, pp. 19–30 (2002)
Song, D.X., Wagner, D., Tian, X.: Timing Analysis of Keystrokes and Timing Attacks on SSH. In: 10th USENIX Security Symposium (2001)
Saponas, T.S., Lester, J., Hartung, C., Agarwal, S.: Devices that Tell on You: Privacy Trends in Consumer Ubiquitous Computing. In: 16th USENIX Security Symposium, pp. 55–70 (2007)
Bonfiglio, D., Mellia, M., Meo, M., Rossi, D., Tofanelli, P.: Revealing Skype Traffic: When Randomness Plays with You. ACM SIGCOMM Computer Communication Review 37(4), 37–48 (2007)
Wright, C.V., Monrose, F., Masson, G.M.: On Inferring Application Protocol Behaviors in Encrypted Network Traffic. Journal of Machine Learning Research 7, 2745–2769 (2006)
Bissias, G.D., Liberatore, M., Jensen, D., Levine, B.N.: Privacy Vulnerabilities in Encrypted HTTP Streams. In: Danezis, G., Martin, D. (eds.) PET 2005. LNCS, vol. 3856, pp. 1–11. Springer, Heidelberg (2006)
Levenshtein, V.I.: Binary Codes Capable of Correcting Deletions, Insertions, and Reversals. Journal of Soviet Physics Doklady 10(8), 707–710 (1966)
Norvig, P.: How to Write a Spelling Corrector, http://www.norvig.com
Wilson, C.: Who checks the spell-checkers, http://www.slate.com/id/2206973/pagenum/all/
Gusfield, D.: Algorithms on Strings, Trees, and Sequences: Computer Science and Computational Biology. Cambridge University Press, Cambridge (1997)
Needleman, S.B., Wunsch, C.D.: A General Method Applicable to the Search for Similarities in the Amino Acid Sequence of Two Proteins. Journal of Molecular Biology 48, 443–453 (1970)
Navarro, G.: A Guided Tour to Approximate String Matching. Journal of ACM Computing Surveys 33(1), 31–88 (2001)
Gooskens, C., Heeringa, W.: Perceptive Evaluation of Levenshtein Dialect Distance Measurements using Norwegian Dialect Data. Journal of Language Variation and Change 16(3), 189–207 (2004)
Felten, E.W., Schneider, M.A.: Timing Attacks on Web Privacy. In: 7th ACM CCS (2000)
Wagner, R.A., Fischer, M.J.: The String-to-String Correction Problem. J. ACM 21(1), 168–173 (1974)
TCPDump, http://www.tcpdump.org
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lu, L., Chang, EC., Chan, M.C. (2010). Website Fingerprinting and Identification Using Ordered Feature Sequences. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds) Computer Security – ESORICS 2010. ESORICS 2010. Lecture Notes in Computer Science, vol 6345. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15497-3_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-15497-3_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15496-6
Online ISBN: 978-3-642-15497-3
eBook Packages: Computer ScienceComputer Science (R0)