RegulaTOR: A Powerful Website Fingerprinting Defense

by   James K Holland, et al.

Website Fingerprinting (WF) attacks are used by passive, local attackers to determine the destination of encrypted internet traffic by comparing the sequences of packets sent to and received by the user to a previously recorded data set. As a result, WF attacks are of particular concern to privacy-enhancing technologies such as Tor. In response, a variety of WF defenses have been developed, though they tend to incur a high bandwidth and latency overhead or require additional infrastructure, making them difficult to implement in practice. Some lighter-weight defenses have been presented as well; still, they attain only moderate effectiveness against recently published WF attacks. In this paper, we aim to present a realistic and novel defense, Regulator, that demonstrates improved overhead and high effectiveness against current WF attacks. In the closed-world setting, this defense reduces the accuracy of the state-of-the-art attack, Tik-Tok, against lightweight defenses from 66 latency and a bandwidth overhead 38.1 defense. In the open-world setting, Regulator limits a precision-tuned Tik-Tok attack to an F-score of .087, compared to .625 for the best comparable lightweight defense.



page 1

page 2

page 3

page 4


Deep Fingerprinting: Undermining Website Fingerprinting Defenses with Deep Learning

Website fingerprinting enables a local eavesdropper to determine which w...

WFDefProxy: Modularly Implementing and Empirically Evaluating Website Fingerprinting Defenses

Tor, an onion-routing anonymity network, has been shown to be vulnerable...

A Real-time Defense against Website Fingerprinting Attacks

Anonymity systems like Tor are vulnerable to Website Fingerprinting (WF)...

TG-PSM: Tunable Greedy Packet Sequence Morphing Based on Trace Clustering

Common privacy enhancing technologies fail to effectively hide certain s...

PCP: Preemptive Circuit Padding against Tor circuit fingerprinting

Online anonymity and privacy has been based on confusing the adversary b...

Optimizing Precision for Open-World Website Fingerprinting

Traffic analysis attacks to identify which web page a client is browsing...

AWA: Adversarial Website Adaptation

One of the most important obligations of privacy-enhancing technologies ...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.