A critical evaluation of website fingerprinting attacks

Marc Juarez, Sadia Afroz, Gunes Acar, Claudia Diaz, Rachel Greenstadt

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    Recent studies on Website Fingerprinting (WF) claim to have found highly effective attacks on Tor. However, these studies make assumptions about user settings, adversary capabilities, and the nature of the Web that do not necessarily hold in practical scenarios. The following study critically evaluates these assumptions by conducting the attack where the assumptions do not hold. We show that certain variables, for example, user's browsing habits, differences in location and version of Tor Browser Bundle, that are usually omitted from the current WF model have a significant impact on the efficacy of the attack. We also empirically show how prior work succumbs to the base rate fallacy in the open-world scenario. We address this problem by augmenting our classification method with a verification step. We conclude that even though this approach reduces the number of false positives over 63%, it does not completely solve the problem, which remains an open issue for WF attacks. Copyright is held by the owner/author(s).

    Original languageEnglish (US)
    Title of host publicationProceedings of the ACM Conference on Computer and Communications Security
    PublisherAssociation for Computing Machinery
    Pages263-274
    Number of pages12
    ISBN (Electronic)9781450329576, 9781450329576, 9781450331470, 9781450331500, 9781450331517, 9781450331524, 9781450331531, 9781450331548, 9781450331555, 9781450332392
    DOIs
    Publication statusPublished - Nov 3 2014
    Event21st ACM Conference on Computer and Communications Security, CCS 2014 - Scottsdale, United States
    Duration: Nov 3 2014Nov 7 2014

    Publication series

    NameProceedings of the ACM Conference on Computer and Communications Security
    ISSN (Print)1543-7221

    Other

    Other21st ACM Conference on Computer and Communications Security, CCS 2014
    CountryUnited States
    CityScottsdale
    Period11/3/1411/7/14

      Fingerprint

    Keywords

    • Privacy
    • Tor
    • Website Fingerprinting

    ASJC Scopus subject areas

    • Software
    • Computer Networks and Communications

    Cite this

    Juarez, M., Afroz, S., Acar, G., Diaz, C., & Greenstadt, R. (2014). A critical evaluation of website fingerprinting attacks. In Proceedings of the ACM Conference on Computer and Communications Security (pp. 263-274). (Proceedings of the ACM Conference on Computer and Communications Security). Association for Computing Machinery. https://doi.org/10.1145/2660267.2660368