Toward an Efficient Website Fingerprinting Defense

Marc Juarez, Mohsen Imani, Mike Perry, Claudia Diaz, Matthew Wright

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Website Fingerprinting attacks enable a passive eavesdropper to recover the user's otherwise anonymized web browsing activity by matching the observed traffic with prerecorded web traffic templates. The defenses that have been proposed to counter these attacks are impractical for deployment in real-world systems due to their high cost in terms of added delay and bandwidth overhead. Further, these defenses have been designed to counter attacks that, despite their high success rates, have been criticized for assuming unrealistic attack conditions in the evaluation setting. In this paper, we propose a novel, lightweight defense based on Adaptive Padding that provides a sufficient level of security against website fingerprinting, particularly in realistic evaluation conditions. In a closed-world setting, this defense reduces the accuracy of the state-of-the-art attack from 91 % to 20 %, while introducing zero latency overhead and less than 60 % bandwidth overhead. In an open-world, the attack precision is just 1 % and drops further as the number of sites grows.
Original languageEnglish
Title of host publicationComputer Security - ESORICS 2016: 21st European Symposium on Research in Computer Security, Heraklion, Greece, September 26-30, 2016, Proceedings, Part I
EditorsIoannis Askoxylakis, Sotiris Ioannidis, Sokratis Katsikas, Catherine Meadows
Place of PublicationCham
PublisherSpringer
Pages27-46
Number of pages20
ISBN (Electronic)978-3-319-45744-4
ISBN (Print)978-3-319-45743-7
DOIs
Publication statusPublished - 15 Sept 2016
Event21st European Symposium on Research in Computer Security - Crete, Greece
Duration: 26 Sept 201630 Sept 2016
http://www.ics.forth.gr/esorics2016/
https://www.ics.forth.gr/esorics2016/

Publication series

NameLecture Notes in Computer Science
PublisherSpringer Cham
Volume9878
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference21st European Symposium on Research in Computer Security
Abbreviated titleESORICS 2016
Country/TerritoryGreece
CityCrete
Period26/09/1630/09/16
Internet address

Keywords / Materials (for Non-textual outputs)

  • Privacy
  • Anonymous communications
  • Website Fingerprinting

Fingerprint

Dive into the research topics of 'Toward an Efficient Website Fingerprinting Defense'. Together they form a unique fingerprint.

Cite this