How unique is your .onion? An analysis of the fingerprintability of tor onion services

Rebekah Overdorf, Marc Juarez, Gunes Acar, Rachel Greenstadt, Claudia Diaz

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    Recent studies have shown that Tor onion (hidden) service websites are particularly vulnerable to website ingerprinting attacks due to their limited number and sensitive nature. In this work we present a multi-level feature analysis of onion site ingerprintability, considering three state-of-the-art website ingerprinting methods and 482 Tor onion services, making this the largest analysis of this kind completed on onion services to date. Prior studies typically report average performance results for a given website ingerprinting method or countermeasure. We investigate which sites are more or less vulnerable to ingerprinting and which features make them so. We ind that there is a high variability in the rate at which sites are classiied (and misclassiied) by these attacks, implying that average performance igures may not be informative of the risks that website ingerprinting attacks pose to particular sites. We analyze the features exploited by the diferent website ingerprinting methods and discuss what makes onion service sites more or less easily identiiable, both in terms of their traic traces as well as their webpage design. We study misclassiications to understand how onion services sites can be redesigned to be less vulnerable to website ingerprinting attacks. Our results also inform the design of website ingerprinting countermeasures and their evaluation considering disparate impact across sites.

    Original languageEnglish (US)
    Title of host publicationCCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security
    PublisherAssociation for Computing Machinery
    Pages2021-2036
    Number of pages16
    ISBN (Electronic)9781450349468
    DOIs
    StatePublished - Oct 30 2017
    Event24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017 - Dallas, United States
    Duration: Oct 30 2017Nov 3 2017

    Publication series

    NameProceedings of the ACM Conference on Computer and Communications Security
    ISSN (Print)1543-7221

    Other

    Other24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017
    CountryUnited States
    CityDallas
    Period10/30/1711/3/17

    Fingerprint

    Websites

    Keywords

    • Anonymous communications systems
    • Tor
    • Web privacy
    • Website ingerprinting

    ASJC Scopus subject areas

    • Software
    • Computer Networks and Communications

    Cite this

    Overdorf, R., Juarez, M., Acar, G., Greenstadt, R., & Diaz, C. (2017). How unique is your .onion? An analysis of the fingerprintability of tor onion services. In CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (pp. 2021-2036). (Proceedings of the ACM Conference on Computer and Communications Security). Association for Computing Machinery. https://doi.org/10.1145/3133956.3134005

    How unique is your .onion? An analysis of the fingerprintability of tor onion services. / Overdorf, Rebekah; Juarez, Marc; Acar, Gunes; Greenstadt, Rachel; Diaz, Claudia.

    CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 2017. p. 2021-2036 (Proceedings of the ACM Conference on Computer and Communications Security).

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Overdorf, R, Juarez, M, Acar, G, Greenstadt, R & Diaz, C 2017, How unique is your .onion? An analysis of the fingerprintability of tor onion services. in CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. Proceedings of the ACM Conference on Computer and Communications Security, Association for Computing Machinery, pp. 2021-2036, 24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, United States, 10/30/17. https://doi.org/10.1145/3133956.3134005
    Overdorf R, Juarez M, Acar G, Greenstadt R, Diaz C. How unique is your .onion? An analysis of the fingerprintability of tor onion services. In CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery. 2017. p. 2021-2036. (Proceedings of the ACM Conference on Computer and Communications Security). https://doi.org/10.1145/3133956.3134005
    Overdorf, Rebekah ; Juarez, Marc ; Acar, Gunes ; Greenstadt, Rachel ; Diaz, Claudia. / How unique is your .onion? An analysis of the fingerprintability of tor onion services. CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 2017. pp. 2021-2036 (Proceedings of the ACM Conference on Computer and Communications Security).
    @inproceedings{f9bfe74258f142d898d3ed9dd78e149c,
    title = "How unique is your .onion? An analysis of the fingerprintability of tor onion services",
    abstract = "Recent studies have shown that Tor onion (hidden) service websites are particularly vulnerable to website ingerprinting attacks due to their limited number and sensitive nature. In this work we present a multi-level feature analysis of onion site ingerprintability, considering three state-of-the-art website ingerprinting methods and 482 Tor onion services, making this the largest analysis of this kind completed on onion services to date. Prior studies typically report average performance results for a given website ingerprinting method or countermeasure. We investigate which sites are more or less vulnerable to ingerprinting and which features make them so. We ind that there is a high variability in the rate at which sites are classiied (and misclassiied) by these attacks, implying that average performance igures may not be informative of the risks that website ingerprinting attacks pose to particular sites. We analyze the features exploited by the diferent website ingerprinting methods and discuss what makes onion service sites more or less easily identiiable, both in terms of their traic traces as well as their webpage design. We study misclassiications to understand how onion services sites can be redesigned to be less vulnerable to website ingerprinting attacks. Our results also inform the design of website ingerprinting countermeasures and their evaluation considering disparate impact across sites.",
    keywords = "Anonymous communications systems, Tor, Web privacy, Website ingerprinting",
    author = "Rebekah Overdorf and Marc Juarez and Gunes Acar and Rachel Greenstadt and Claudia Diaz",
    year = "2017",
    month = "10",
    day = "30",
    doi = "10.1145/3133956.3134005",
    language = "English (US)",
    series = "Proceedings of the ACM Conference on Computer and Communications Security",
    publisher = "Association for Computing Machinery",
    pages = "2021--2036",
    booktitle = "CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security",

    }

    TY - GEN

    T1 - How unique is your .onion? An analysis of the fingerprintability of tor onion services

    AU - Overdorf, Rebekah

    AU - Juarez, Marc

    AU - Acar, Gunes

    AU - Greenstadt, Rachel

    AU - Diaz, Claudia

    PY - 2017/10/30

    Y1 - 2017/10/30

    N2 - Recent studies have shown that Tor onion (hidden) service websites are particularly vulnerable to website ingerprinting attacks due to their limited number and sensitive nature. In this work we present a multi-level feature analysis of onion site ingerprintability, considering three state-of-the-art website ingerprinting methods and 482 Tor onion services, making this the largest analysis of this kind completed on onion services to date. Prior studies typically report average performance results for a given website ingerprinting method or countermeasure. We investigate which sites are more or less vulnerable to ingerprinting and which features make them so. We ind that there is a high variability in the rate at which sites are classiied (and misclassiied) by these attacks, implying that average performance igures may not be informative of the risks that website ingerprinting attacks pose to particular sites. We analyze the features exploited by the diferent website ingerprinting methods and discuss what makes onion service sites more or less easily identiiable, both in terms of their traic traces as well as their webpage design. We study misclassiications to understand how onion services sites can be redesigned to be less vulnerable to website ingerprinting attacks. Our results also inform the design of website ingerprinting countermeasures and their evaluation considering disparate impact across sites.

    AB - Recent studies have shown that Tor onion (hidden) service websites are particularly vulnerable to website ingerprinting attacks due to their limited number and sensitive nature. In this work we present a multi-level feature analysis of onion site ingerprintability, considering three state-of-the-art website ingerprinting methods and 482 Tor onion services, making this the largest analysis of this kind completed on onion services to date. Prior studies typically report average performance results for a given website ingerprinting method or countermeasure. We investigate which sites are more or less vulnerable to ingerprinting and which features make them so. We ind that there is a high variability in the rate at which sites are classiied (and misclassiied) by these attacks, implying that average performance igures may not be informative of the risks that website ingerprinting attacks pose to particular sites. We analyze the features exploited by the diferent website ingerprinting methods and discuss what makes onion service sites more or less easily identiiable, both in terms of their traic traces as well as their webpage design. We study misclassiications to understand how onion services sites can be redesigned to be less vulnerable to website ingerprinting attacks. Our results also inform the design of website ingerprinting countermeasures and their evaluation considering disparate impact across sites.

    KW - Anonymous communications systems

    KW - Tor

    KW - Web privacy

    KW - Website ingerprinting

    UR - http://www.scopus.com/inward/record.url?scp=85041437456&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=85041437456&partnerID=8YFLogxK

    U2 - 10.1145/3133956.3134005

    DO - 10.1145/3133956.3134005

    M3 - Conference contribution

    AN - SCOPUS:85041437456

    T3 - Proceedings of the ACM Conference on Computer and Communications Security

    SP - 2021

    EP - 2036

    BT - CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

    PB - Association for Computing Machinery

    ER -