TY - GEN
T1 - Fingerprinting websites using remote traffic analysis
AU - Gong, Xun
AU - Kiyavash, Negar
AU - Borisov, Nikita
N1 - Copyright:
Copyright 2011 Elsevier B.V., All rights reserved.
PY - 2010
Y1 - 2010
N2 - Recent work has shown that traffic analysis of data carried on encrypted tunnels can be used to recover important se-mantic information. As one example, attackers can find out which website, or which page on a website, a user is access-ing simply by monitoring the traffic patterns. We show that traffic analysis is a much greater threat to privacy than pre-viously thought, as such attacks can be carried out remotely. In particular, we show that, to perform traffic analysis, ad-versaries do not need to directly observe the traffic patterns. Instead, they can send probes from a far-off vantage point that exploit a queuing side channel in routers. We demonstrate the threat of such remote traffic anal-ysis by developing a remote website fingerprinting attack that works against home broadband users. Because the ob-servations obtained by probes are more noisy than direct observations, we had to take a new approach to detection that uses the full time series data contained in the observa-tion, rather than summary statistics used in previous work. We perform k-nearest neighbor classification using dynamic time warping (DTW) distance metric. We find that in our experiments, we are able to fingerprint a website with 80% accuracy in both testbed and target system. This shows that remote traffic analysis represents a real threat to privacy on the Internet.
AB - Recent work has shown that traffic analysis of data carried on encrypted tunnels can be used to recover important se-mantic information. As one example, attackers can find out which website, or which page on a website, a user is access-ing simply by monitoring the traffic patterns. We show that traffic analysis is a much greater threat to privacy than pre-viously thought, as such attacks can be carried out remotely. In particular, we show that, to perform traffic analysis, ad-versaries do not need to directly observe the traffic patterns. Instead, they can send probes from a far-off vantage point that exploit a queuing side channel in routers. We demonstrate the threat of such remote traffic anal-ysis by developing a remote website fingerprinting attack that works against home broadband users. Because the ob-servations obtained by probes are more noisy than direct observations, we had to take a new approach to detection that uses the full time series data contained in the observa-tion, rather than summary statistics used in previous work. We perform k-nearest neighbor classification using dynamic time warping (DTW) distance metric. We find that in our experiments, we are able to fingerprint a website with 80% accuracy in both testbed and target system. This shows that remote traffic analysis represents a real threat to privacy on the Internet.
KW - Security
UR - http://www.scopus.com/inward/record.url?scp=78650031731&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=78650031731&partnerID=8YFLogxK
U2 - 10.1145/1866307.1866397
DO - 10.1145/1866307.1866397
M3 - Conference contribution
AN - SCOPUS:78650031731
SN - 9781450302449
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 684
EP - 686
BT - CCS'10 - Proceedings of the 17th ACM Conference on Computer and Communications Security
T2 - 17th ACM Conference on Computer and Communications Security, CCS'10
Y2 - 4 October 2010 through 8 October 2010
ER -