Website Fingerprinting (WF) attacks exploit Network Side Channels (NSCs) in order to obtain user’s web activity, leak secrets or identify the requested web page. The means through which a malicious user could exploit are, among all, packet timing, packet sizes and traffic shape, even when the communication channel is encrypted or anonymized. Specifically, he gathers network traffic generated while a user accesses a website, and then exerts a series of techniques to discover patterns of the network flow to infer the type of website the victim inquires. State-of-the-art WF attacks have been shown to be effective even against privacy technologies that have as main goal to protect and hide the identity of the users during their network activities (such as Tor, VPNs). These threats are of particular concern since break the privacy, and the anonymity, expected by users who employ such frameworks. With our proposal, we explore a new method for improving the flaws that distinguish the principal defences that have been presented, while still maintaining good performances against WF attacks. The other defences suppose to modify the network protocol, pair each web page to a decoy one or demand too much bandwidth. In this thesis we present a traffic analysis attack for WF, that leverages a deep learning’s model called Convolutional Neural Networks (CNN), in both traditional and anonymity networks (especially against Tor). With CNN, the attacker is able to identify individual pages in the same website with more than 92% and 95% of accuracy, respectively for traditional and Tor networks. Then, we propose a novel defence, named Divergent, which is capable of reducing the impact of the attack. Our countermeasure lowers the confidence of the output of the adver- sarial model, introducing only 23% of bandwidth overhead and almost 0% of time overhead on average. Divergent is based on the idea of changing the traffic fingerprint strictly tight to a resource upon each client’s request, leveraging randomness and dummy packets.

Website Fingerprinting (WF) attacks exploit Network Side Channels (NSCs) in order to obtain user’s web activity, leak secrets or identify the requested web page. The means through which a malicious user could exploit are, among all, packet timing, packet sizes and traffic shape, even when the communication channel is encrypted or anonymized. Specifically, he gathers network traffic generated while a user accesses a website, and then exerts a series of techniques to discover patterns of the network flow to infer the type of website the victim inquires. State-of-the-art WF attacks have been shown to be effective even against privacy technologies that have as main goal to protect and hide the identity of the users during their network activities (such as Tor, VPNs). These threats are of particular concern since break the privacy, and the anonymity, expected by users who employ such frameworks. With our proposal, we explore a new method for improving the flaws that distinguish the principal defences that have been presented, while still maintaining good performances against WF attacks. The other defences suppose to modify the network protocol, pair each web page to a decoy one or demand too much bandwidth. In this thesis we present a traffic analysis attack for WF, that leverages a deep learning’s model called Convolutional Neural Networks (CNN), in both traditional and anonymity networks (especially against Tor). With CNN, the attacker is able to identify individual pages in the same website with more than 92% and 95% of accuracy, respectively for traditional and Tor networks. Then, we propose a novel defence, named Divergent, which is capable of reducing the impact of the attack. Our countermeasure lowers the confidence of the output of the adver- sarial model, introducing only 23% of bandwidth overhead and almost 0% of time overhead on average. Divergent is based on the idea of changing the traffic fingerprint strictly tight to a resource upon each client’s request, leveraging randomness and dummy packets.

Divergent: niente è come sembra. Una nuova difesa contro attacchi di tipo Website fingerprinting

VAROTTO, FRANCESCO
2021/2022

Abstract

Website Fingerprinting (WF) attacks exploit Network Side Channels (NSCs) in order to obtain user’s web activity, leak secrets or identify the requested web page. The means through which a malicious user could exploit are, among all, packet timing, packet sizes and traffic shape, even when the communication channel is encrypted or anonymized. Specifically, he gathers network traffic generated while a user accesses a website, and then exerts a series of techniques to discover patterns of the network flow to infer the type of website the victim inquires. State-of-the-art WF attacks have been shown to be effective even against privacy technologies that have as main goal to protect and hide the identity of the users during their network activities (such as Tor, VPNs). These threats are of particular concern since break the privacy, and the anonymity, expected by users who employ such frameworks. With our proposal, we explore a new method for improving the flaws that distinguish the principal defences that have been presented, while still maintaining good performances against WF attacks. The other defences suppose to modify the network protocol, pair each web page to a decoy one or demand too much bandwidth. In this thesis we present a traffic analysis attack for WF, that leverages a deep learning’s model called Convolutional Neural Networks (CNN), in both traditional and anonymity networks (especially against Tor). With CNN, the attacker is able to identify individual pages in the same website with more than 92% and 95% of accuracy, respectively for traditional and Tor networks. Then, we propose a novel defence, named Divergent, which is capable of reducing the impact of the attack. Our countermeasure lowers the confidence of the output of the adver- sarial model, introducing only 23% of bandwidth overhead and almost 0% of time overhead on average. Divergent is based on the idea of changing the traffic fingerprint strictly tight to a resource upon each client’s request, leveraging randomness and dummy packets.
2021
Divergent: nothing as it seems. A novel defence against Website Fingerprinting attacks
Website Fingerprinting (WF) attacks exploit Network Side Channels (NSCs) in order to obtain user’s web activity, leak secrets or identify the requested web page. The means through which a malicious user could exploit are, among all, packet timing, packet sizes and traffic shape, even when the communication channel is encrypted or anonymized. Specifically, he gathers network traffic generated while a user accesses a website, and then exerts a series of techniques to discover patterns of the network flow to infer the type of website the victim inquires. State-of-the-art WF attacks have been shown to be effective even against privacy technologies that have as main goal to protect and hide the identity of the users during their network activities (such as Tor, VPNs). These threats are of particular concern since break the privacy, and the anonymity, expected by users who employ such frameworks. With our proposal, we explore a new method for improving the flaws that distinguish the principal defences that have been presented, while still maintaining good performances against WF attacks. The other defences suppose to modify the network protocol, pair each web page to a decoy one or demand too much bandwidth. In this thesis we present a traffic analysis attack for WF, that leverages a deep learning’s model called Convolutional Neural Networks (CNN), in both traditional and anonymity networks (especially against Tor). With CNN, the attacker is able to identify individual pages in the same website with more than 92% and 95% of accuracy, respectively for traditional and Tor networks. Then, we propose a novel defence, named Divergent, which is capable of reducing the impact of the attack. Our countermeasure lowers the confidence of the output of the adver- sarial model, introducing only 23% of bandwidth overhead and almost 0% of time overhead on average. Divergent is based on the idea of changing the traffic fingerprint strictly tight to a resource upon each client’s request, leveraging randomness and dummy packets.
network security
side channel attacks
protocols
CONTI, MAURO
Lauree magistrali
File in questo prodotto:
File Dimensione Formato  
Varotto_Francesco.pdf

accesso aperto

Dimensione 1.31 MB
Formato Adobe PDF
Visualizza/Apri
1.31 MB Adobe PDF Visualizza/Apri

The text of this website © Università degli studi di Padova. Full Text are published under a non-exclusive license. Metadata are under a CC0 License

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.12608/33780