A Critical Evaluation of Website Fingerprinting Attacks

Marc Juarez, Sadia Afroz, Gunes Acar, Claudia Diaz, Rachel Greenstadt

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Recent studies on Website Fingerprinting (WF) claim to have found highly effective attacks on Tor. However, these studies make assumptions about user settings, adversary capabilities, and the nature of the Web that do not necessarily hold in practical scenarios. The following study critically evaluates these assumptions by conducting the attack where the assumptions do not hold. We show that certain variables, for example, user's browsing habits, differences in location and version of Tor Browser Bundle, that are usually omitted from the current WF model have a significant impact on the efficacy of the attack. We also empirically show how prior work succumbs to the base rate fallacy in the open-world scenario. We address this problem by augmenting our classification method with a verification step. We conclude that even though this approach reduces the number of false positives over 63%, it does not completely solve the problem, which remains an open issue for WF attacks.
Original languageEnglish
Title of host publicationProceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security
Place of PublicationNew York, NY, USA
PublisherAssociation for Computing Machinery, Inc
Pages263–274
Number of pages12
ISBN (Print)9781450329576
DOIs
Publication statusPublished - 3 Nov 2014
EventThe 21st ACM Conference on Computer and Communications Security, 2014 - Scottsdale, United States
Duration: 3 Nov 20147 Nov 2014
Conference number: 21
https://www.sigsac.org/ccs/CCS2014/

Publication series

NameCCS '14
PublisherAssociation for Computing Machinery

Conference

ConferenceThe 21st ACM Conference on Computer and Communications Security, 2014
Abbreviated titleCCS 2014
Country/TerritoryUnited States
CityScottsdale
Period3/11/147/11/14
Internet address

Keywords

  • website fingerprinting
  • privacy
  • tor

Fingerprint

Dive into the research topics of 'A Critical Evaluation of Website Fingerprinting Attacks'. Together they form a unique fingerprint.

Cite this