TOUCHING FROM
A DISTANCE
Website
Fingerprinting
Attacks and Defenses
In a nutshell …
• Web page fingerprinting attack
• Dodges defences such as
a) HTTPOS
b) Randomized pipelining over Tor
• Ad hoc defenses unsuccessful
RECOGNIZING WEB PAGES
• Identify web pages with the help of Packet ordering
• Order of incoming and outgoing packets reveals
information about
a) The size of objects referenced in a page
b) The order in which the browser re- quests them.
RECOGNIZING WEB PAGES
• Computes the similarity of packet traces generated
when a browser loads a web page
• Converts traces into strings
• Uses a distance metric to compare them
• Trains a support vector machine using a kernel
based on edit distance
RECOGNIZING WEB SITES
Hidden Markov Model
a) capture the link structure of the site
b) capture the probable paths that users will
follow among the pages when visiting the site.
c) use page fingerprinting technique to classify
the packet traces
RECOGNIZING WEB SITES
• Forward algorithm
• Probability of observed trace of packets being
generated when loading pages from the target
web site
• Attacker can know if a sequence of a victim’s
page loads are all from the same web site
CONCLUSIONS
• Local or national governments can snoop on
citizens
• Traffic morphing, HTTPOS and randomized
pipelining impose high costs
• Do not offer the guarantee of being impregnable to
attacks
• Proposed web site classifier is able to infer user’s
online activities.