Website Fingerprinting at Internet Scale
Andriy Panchenko1, Fabian Lanze1, Andreas Zinnen2,Martin Henze3, Jan Pennekamp1, Klaus Wehrle3, Thomas Engel1
1Interdisciplinary Centre for Security, Reliability and Trust (SnT), Luxembourg2RheinMain University of Applied Sciences, Germany
3RWTH Aachen University, Germany
Background
Why people use Tor...
Privacy has become a general concernAccess to the Internet is censored in many countries
Website Fingerprinting
Client
OR
OR
OR
OR
OR
OR
ORServer
?
Tor: The Onion RouterMost popular low-latency anonymization networkMany users rely on Tor to access unfiltered information
Website Fingerprinting
Client
OR
OR
OR
OR
OR
OR
ORServer
Entry Middle Exit
?
Tor: The Onion RouterMost popular low-latency anonymization networkMany users rely on Tor to access unfiltered information
Website Fingerprinting
Client
OR
OR
OR
OR
OR
OR
ORServer
Entry Middle Exit
?
Tor: The Onion RouterMost popular low-latency anonymization networkMany users rely on Tor to access unfiltered information
Website Fingerprinting
Client
OR
OR
OR
OR
OR
OR
ORServer
Entry Middle Exit
?
What is website fingerprinting?Identify website accessed without breaking cryptographyAttacker is a passive observerFeatures based on packet size, direction, ordering, timing
Website Fingerprinting - state of the art
Widely discussed and hot topic in anonymity research
State-of-the-art approach: Wang et al. (Usenix Sec’14)k-Nearest Neighbor approachmanually selected features (e.g., bursts, unique lengths)about 4,000 featuresrecognition rates > 90%
2 scenarios for evaluationClosed world: user visits only a fixed number of websitesOpen world: monitor set of sites (user may visit unknown sites)
Our method
IdeaDon’t try to guess which characteristics may be relevantUse a representation that implicitly covers all characteristics
Our feature set: (Nin,Nout,Sin,Sout︸ ︷︷ ︸basic properties
, C1, · · · , Cn︸ ︷︷ ︸cumulative features
)
0 2 4 6 8 10 12 14 16 18
Packet Number
−1000
0
1000
2000
3000
4000
5000
6000
7000
Cum
ulat
ive
Sum
ofPa
cket
Size
s C(T1)
Ci sampled for T1
C(T2)
Ci sampled for T2
Example
20 40 60 80 100
Feature Index
0
50
100
150
200
Feat
ure
Valu
e[k
Byt
e]
about.comgoogle.de
Fixed number of distinctive characteristics from traces with varyinglengthsFingerprints can be visualizedUsed as input for a Support Vector Machine
Layers of data representation
TLS records
TCP packets
Record 1 *
Packet 2
Tor cells
Packet 3Packet 1
Cell 3Cell 2Cell 1
Record 2
Cell 5Cell 4
Information src for feature extraction: Cell vs. TLS vs. TCPPractically nigligible effect on the classification accuracy
Comparison with state of the art – classification
Closed worldAccuracy [%] for 100 most popular websites
90 instances 40 instancesk-NN (3736 features) 90.84 89.19
Our method (104 features) 91.38 92.03
Open worldForeground: 100 blocked websites, background: 9,000 popular websites
TPR FPRk-NN 90.59 2.24
Our method 96.92 1.98
Comparison of computational performance
0 10000 20000 30000 40000 50000
Background Set Size
10−4
10−3
10−2
10−1
100
101
102
103A
vera
geP
roce
ssin
gT
ime
[h]
k-NNCUMULCUMUL (parallelized)
Computation time for 100 random monitored pages in open world
Website fingerprinting in reality
CritiqueData sets used are not representative!
too small, only popular websites / index pages
Simplified assumptions, wrong metrics for evaluation
RND-WWW: How do people access the world wide web?Twitter
> 120,000 web pages
Alexa-one-click
Googling the trends
Googling at random
Censored in China
Tor-Exit: Which pages do users actually access over Tor?Monitor a Tor Exit node ⇒ 211,148 web pages
Webpage fingerprinting at Internet scale
Question: Does the attack scale under realistic assumptions?
Which metric to evaluate?Accuracy: fraction of true resultsTrue Positive rate / Recall: fraction of monitored pages detectedFalse Positive Rate: fraction of false alarms
Problem: misleading interpretation ⇒ base rate fallacy
Precision: probability that the classifier is correct given it hasdetected a monitored page
Focus of evaluationPrecision and recall for increasing background set sizesRandom subset as foreground
Webpage fingerprinting at Internet scale
Question: Does the attack scale under realistic assumptions?
Results for RND-WWW
0 0.2 0.4 0.6 0.8 1Recall
0
20
40
60
80
100
Fra
ctio
nof
Fore
grou
ndPa
ges
[%]
b = 1000
b = 5000
b = 9000
b = 20000
b = 50000
b = 111884
0 0.2 0.4 0.6 0.8 1Precision
0
20
40
60
80
100
Fra
ctio
nof
Fore
grou
ndPa
ges
[%]
b = 1000
b = 5000
b = 9000
b = 20000
b = 50000
b = 111884
Webpage fingerprinting at Internet scale
Question: Does the attack scale under realistic assumptions?
Results for Tor-Exit
0 0.2 0.4 0.6 0.8 1Recall
0
20
40
60
80
100
Fra
ctio
nof
Fore
grou
ndPa
ges
[%]
b = 1000
b = 5000
b = 9000
b = 20000
b = 50000
b = 111884
b = 211148
0 0.2 0.4 0.6 0.8 1Precision
0
20
40
60
80
100
Fra
ctio
nof
Fore
grou
ndPa
ges
[%]
b = 1000
b = 5000
b = 9000
b = 20000
b = 50000
b = 111884
b = 211148
Webpage fingerprinting at Internet scale
Question: Does the attack scale under realistic assumptions?
Results for Tor-Exit
0 0.2 0.4 0.6 0.8 1Recall
0
20
40
60
80
100
Fra
ctio
nof
Fore
grou
ndPa
ges
[%]
b = 1000
b = 5000
b = 9000
b = 20000
b = 50000
b = 111884
b = 211148
0 0.2 0.4 0.6 0.8 1Precision
0
20
40
60
80
100
Fra
ctio
nof
Fore
grou
ndPa
ges
[%]
b = 1000
b = 5000
b = 9000
b = 20000
b = 50000
b = 111884
b = 211148
Answer: No.
Webpage fingerprinting at Internet scale
Question: Is it at least possible for certain pages?
Webpage fingerprinting at Internet scale
Question: Is it at least possible for certain pages?
Minimum number of mistakenly confused pages
0 50 100 150 200 250 300 350 4000
20
40
60
80
100
Number of Webpage Confusions
Fractionof
ForegroundPag
es[%
] b=20 000b=50 000b=100 000
No single page without a confusingly similar page in a realistic universe.
How about fingerprinting websites? (1/2)
A website is a collection of web pages served under the same domainIs it possible to fingerprint a website when only a subset of its pagesare available for training?
Experiment: 20 websites
AL
JAZE
ER
AA
MA
ZON
BB
CC
NN
EB
AY
FAC
EB
OO
KIM
DB
KIC
KA
SSL
OV
ESH
AC
KR
AK
UT
EN
RE
DD
IT RT
SPIE
GE
LST
AC
KO
VE
RF
LO
WT
MZ
TO
RP
RO
JEC
TT
WIT
TE
RW
IKIP
ED
IAX
HA
MST
ER
XN
XX
ALJAZEERAAMAZON
BBCCNN
EBAYFACEBOOK
IMDBKICKASS
LOVESHACKRAKUTEN
REDDITRT
SPIEGELSTACKOVERFLOW
TMZTORPROJECT
TWITTERWIKIPEDIAXHAMSTER
XNXX
5151
50 151
5150 1
5151
49 1 151
5151
1 1 48 151
1 5051
50 151
1 5051
0.0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1.0
AL
JAZE
ER
AA
MA
ZON
BB
CC
NN
EB
AY
FAC
EB
OO
KIM
DB
KIC
KA
SSL
OV
ESH
AC
KR
AK
UT
EN
RE
DD
IT RT
SPIE
GE
LST
AC
KO
VE
RF
LO
WT
MZ
TO
RP
RO
JEC
TT
WIT
TE
RW
IKIP
ED
IAX
HA
MST
ER
XN
XX
ALJAZEERAAMAZON
BBCCNN
EBAYFACEBOOK
IMDBKICKASS
LOVESHACKRAKUTEN
REDDITRT
SPIEGELSTACKOVERFLOW
TMZTORPROJECT
TWITTERWIKIPEDIAXHAMSTER
XNXX
47 1 2 128 5 1 1 4 3 1 1 3 3 1
43 1 1 4 22 45 1 32 1 32 3 1 2 2 1 2 2 2 1
41 2 1 1 1 2 349 2
1 49 11 45 2 2 1
1 2 2 44 1 13 484 1 44 1 11 2 1 471 3 2 1 2 3 31 1 1 2 2 2
1 2 1 46 11 1 3 7 31 1 7
4 2 1 1 1 5 1 1 1 1 331 3 1 1 5 3 37
3 1 471 50
(a) only index pages (b) different pages
How about fingerprinting websites? (2/2)
Transition of results from closed-world to the realistic open-worldsetting is typically not trivialWebsite fingerprinting scales better than webpage fingerprinting
0 20000 40000 60000 80000 100000 120000Background Set Size
0.0
0.2
0.4
0.6
0.8
1.0
PrecisionRecall
0 20000 40000 60000 80000 100000 120000Background Set Size
0.0
0.2
0.4
0.6
0.8
1.0
PrecisionRecall
Summary
Our classifier with 104 features outperforms state of the artAlarming results under simplified assumptions can’t be generalizedWebpage fingerprinting does not scale for appropriate universe sizesfor any webpageWebsite fingerprinting is not only more realistic and also significantlymore effectiveConclusions drawn need to be reconsidered
Scripts and RND-WWW dataset:http://lorre.uni.lu/~andriy/zwiebelfreunde/
We are hiring!
Our lab within the Interdisciplinary Centre for Security, Reliability and Trust(Uni Luxembourg) is looking for PhD candidates and PostDocs in the area
of anonymity and privacy
More information: http://secan-lab.uni.lu/jobs