Website detection using remote traffic analysis

Xun Gong, Nikita Borisov, Negar Kiyavash, Nabil Schear

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Recent work in traffic analysis has shown that traffic patterns leaked through side channels can be used to recover important semantic information. For instance, attackers can find out which website, or which page on a website, a user is accessing simply by monitoring the packet size distribution. We show that traffic analysis is even a greater threat to privacy than previously thought by introducing a new attack that can be carried out remotely. In particular, we show that, to perform traffic analysis, adversaries do not need to directly observe the traffic patterns. Instead, they can gain sufficient information by sending probes from a far-off vantage point that exploits a queuing side channel in routers. To demonstrate the threat of such remote traffic analysis, we study a remote website detection attack that works against home broadband users. Because the remotely observed traffic patterns are more noisy than those obtained using previous schemes based on direct local traffic monitoring, we take a dynamic time warping (DTW) based approach to detecting fingerprints from the same website. As a new twist on website fingerprinting, we consider a website detection attack, where the attacker aims to find out whether a user browses a particular web site, and its privacy implications. We show experimentally that, although the success of the attack is highly variable, depending on the target site, for some sites very low error rates. We also show how such website detection can be used to deanonymize message board users.

Original languageEnglish (US)
Title of host publicationPrivacy Enhancing Technologies - 12th International Symposium, PETS 2012, Proceedings
Pages58-78
Number of pages21
DOIs
StatePublished - 2012
Event12th International Symposium on Privacy Enhancing Technologies, PETS 2012 - Vigo, Spain
Duration: Jul 11 2012Jul 13 2012

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7384 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other12th International Symposium on Privacy Enhancing Technologies, PETS 2012
Country/TerritorySpain
CityVigo
Period7/11/127/13/12

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Website detection using remote traffic analysis'. Together they form a unique fingerprint.

Cite this