Website FingerPrinting on Encrypted Traffic
An analysis of website fingerprinting attacks aimed at the Tor web browser has revealed that it’s possible for an adversary to glean a website frequented by a victim.
While attacks can exceed 95% accuracy when monitoring a small set of five popular websites, indiscriminate attacks against sets of 25 and 100 websites fail to exceed an accuracy of 80% and 60%.
Tor browser offers “unlinkable communication” to its users by routing internet traffic through an overlay network, consisting of more than six thousand relays, with the goal of anonymizing the originating location and usage from third parties conducting network surveillance or traffic analysis.
The requests are encrypted once for each relay to further hinder analysis and avoid information leakage. While the Tor clients themselves are not anonymous with respect to their entry relays, because the traffic is encrypted and the requests jump through multiple hops, the entry relays cannot identify the clients’ destination, just as the exit nodes cannot discern a client for the same reason.
Website fingerprinting attacks on Tor aim to break these anonymity protections and enable an adversary observing the encrypted traffic patterns between a victim and the Tor network to predict the website visited by the victim. The adversary model involves an “online training phase that uses observations of genuine Tor traffic collected from an exit relay to continuously update the classification model over time,”.
To mitigate any ethical and privacy concerns arising out of the study, the paper’s authors stressed the safety precautions incorporated to prevent leakage of sensitive websites that users may visit via the Tor browser.The untargetted adversaries that aim to generally monitor users’ website visits will fail, but focused adversaries that target one particular client configuration and website may succeed.”
The untargetted adversaries that aim to generally monitor users’ website visits will fail, but focused adversaries that target one particular client configuration and website may succeed.”