Evaluating Website Fingerprinting Attacks on Tor

Slide Note
Embed
Share

This research evaluates website fingerprinting attacks on the Tor network in the real world. It discusses the methodology of deanonymizing Tor users through predicting visited websites, emphasizing the need for labels to train machine learning classifiers. The study presents a threat model involving data gathering, label generation, and ML classifier training to carry out the attack successfully.

absalom
absalom Follow

Uploaded on Aug 14, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Distinguished Paper Award, Internet Defense 2nd Prize! Online Website Fingerprinting: Evaluating Website Fingerprinting Attacks on Tor in the Real World Giovanni Cherubin, Alan Turing Institute Microsoft Research Rob Jansen, U.S. Naval Research Laboratory Carmela Troncoso, EPFL SPRING Lab Rob Jansen, Ph.D. Computer Security Research Scientist Center for High Assurance Computer Systems U.S. Naval Research Laboratory 31st USENIX Security Symposium Boston, MA, USA August 10th, 2022

  2. How Tor Works Anonymous Communication and Tor Separates identification from routing Provides unlinkable communication Promotes user safety and privacy online U.S. Naval Research Laboratory Evaluating Website Fingerprinting Attacks on Tor in the Real World | 2

  3. Deanonymizing Tor Users Website fingerprinting attack Predict website visited by user Requires access to entry side only ? predict website U.S. Naval Research Laboratory Evaluating Website Fingerprinting Attacks on Tor in the Real World | 3

  4. Deanonymizing Tor Users Problem: Need labels to train ML classifiers for website prediction Genuine labels are encrypted Website fingerprinting attack Predict website visited by user Requires access to entry side only ? predict website Encrypted by Tor U.S. Naval Research Laboratory Evaluating Website Fingerprinting Attacks on Tor in the Real World | 4

  5. Website Fingerprinting Threat Model Step 1: gather data & labels Use automated browser (selenium) to crawl websites xyz.com xyz.com U.S. Naval Research Laboratory Evaluating Website Fingerprinting Attacks on Tor in the Real World | 5

  6. Website Fingerprinting Threat Model Step 1: gather data & labels Use automated browser (selenium) to crawl websites xyz.com xyz.com Step 2: train ML classifier Use collected data & labels U.S. Naval Research Laboratory Evaluating Website Fingerprinting Attacks on Tor in the Real World | 6

  7. Website Fingerprinting Threat Model Step 1: gather data & labels Use automated browser (selenium) to crawl websites xyz.com xyz.com Step 2: train ML classifier Use collected data & labels cats.com ? cats.com Step 3: deploy against users Use ML model to predict website U.S. Naval Research Laboratory Evaluating Website Fingerprinting Attacks on Tor in the Real World | 7

  8. Criticisms of Website Fingerprinting Threat Model Synthetic too simple & unrealistic! browser: version, config, location behavior: URL choice, tabs, order world: static, small, closed Step 1: gather data & labels Use automated browser (selenium) to crawl websites xyz.com xyz.com Step 2: train ML classifier Use collected data & labels cats.com ? cats.com Step 3: deploy against users Use ML model to predict website U.S. Naval Research Laboratory Evaluating Website Fingerprinting Attacks on Tor in the Real World | 8

  9. What is the threat of WF attacks in the real world? Synthetic model Overly simple and unrealistic High ML accuracy in simple model Genuine model Consider genuine data & labels from a Tor exit relay Our new approach Stop using!! U.S. Naval Research Laboratory Evaluating Website Fingerprinting Attacks on Tor in the Real World | 9

  10. Key Insight: Exits Observe Genuine Data & Labels Step 1: gather data & labels Run a Tor exit relay and use to to collect genuine Tor traffic Exit can observe: 1. New circuit 2. DNS lookup 3. Website load Genuine labels: resolved domains Genuine data: circuit traffic patterns DNS cats.com 198.71.232.3 U.S. Naval Research Laboratory Evaluating Website Fingerprinting Attacks on Tor in the Real World | 10

  11. Key Insight: Exits Observe Genuine Data & Labels Step 1: gather data & labels Run a Tor exit relay and use to to collect genuine Tor traffic Exit can observe: 1. New circuit 2. DNS lookup 3. Website load Genuine labels: resolved domains Genuine data: circuit traffic patterns Step 2: train ML classifier Use collected data & labels DNS cats.com 198.71.232.3 U.S. Naval Research Laboratory Evaluating Website Fingerprinting Attacks on Tor in the Real World | 11

  12. Key Insight: Exits Observe Genuine Data & Labels Step 1: gather data & labels Run a Tor exit relay and use to to collect genuine Tor traffic Exit can observe: 1. New circuit 2. DNS lookup 3. Website load Genuine labels: resolved domains Genuine data: circuit traffic patterns Step 2: train ML classifier Use collected data & labels DNS cats.com ? cats.com 198.71.232.3 Step 3: deploy against users Use ML model to predict website U.S. Naval Research Laboratory Evaluating Website Fingerprinting Attacks on Tor in the Real World | 12

  13. Key Insight: Exits Observe Genuine Data & Labels Benefits Captures real world diversity of browsers, behavior, world size, choice of pages Can stop trying to fix the synthetic model Exit can observe: 1. New circuit 2. DNS lookup 3. Website load Genuine labels: resolved domains Genuine data: circuit traffic patterns DNS cats.com ? cats.com 198.71.232.3 U.S. Naval Research Laboratory Evaluating Website Fingerprinting Attacks on Tor in the Real World | 13

  14. Key Insight: Exits Observe Genuine Data & Labels Benefits Captures real world diversity of browsers, behavior, world size, choice of pages Can stop trying to fix the synthetic model Exit can observe: 1. New circuit 2. DNS lookup 3. Website load Genuine labels: resolved domains Genuine data: circuit traffic patterns DNS cats.com ? Caveats Train at exit, deploy at entry noise Domain, not page label Need safe eval methods cats.com 198.71.232.3 U.S. Naval Research Laboratory Evaluating Website Fingerprinting Attacks on Tor in the Real World | 14

  15. Safe Evaluation using Online Learning Our safe evaluation plan: Hash domain labels using keyed HMAC Never learn true labels data: (-1,+1, ) label: HMAC(cats.com) DNS cats.com 198.71.232.3 U.S. Naval Research Laboratory Evaluating Website Fingerprinting Attacks on Tor in the Real World | 15

  16. Safe Evaluation using Online Learning k-nn model Our safe evaluation plan: Hash domain labels using keyed HMAC Never learn true labels HMAC(cats.com) correct? yes or no 1. predict label ? 2. update k-nn mev Use online learning Adapted Triplet Fingerprinting [CCS 19] Compute means in real time, discard data Individual data items never stored data: (-1,+1, ) label: HMAC(cats.com) DNS triplet feature extractor cats.com 198.71.232.3 U.S. Naval Research Laboratory Evaluating Website Fingerprinting Attacks on Tor in the Real World | 16

  17. Safe Evaluation using Online Learning k-nn model Our safe evaluation plan: Hash domain labels using keyed HMAC Never learn true labels HMAC(cats.com) correct? yes or no 1. predict label ? 2. update k-nn mev Use online learning Adapted Triplet Fingerprinting [CCS 19] Compute means in real time, discard data Individual data items never stored data: (-1,+1, ) label: HMAC(cats.com) DNS triplet feature extractor Other safety precautions Never deanonymizes Tor users Destroyed models, HMAC key after eval cats.com Tor Safety Board reviewed plan See paper for details! 198.71.232.3 U.S. Naval Research Laboratory Evaluating Website Fingerprinting Attacks on Tor in the Real World | 17

  18. Evaluation Train and evaluate at exit relay No noise from transferring to entry Upper bound on attack accuracy Details 1 week evaluation 3.9M data sequences, 671k unique sites Multi-class classification predict a monitored site, or unmonitored Performance metric instant accuracy (i.e., moving average) # correct / # total predictions (10k window) U.S. Naval Research Laboratory Evaluating Website Fingerprinting Attacks on Tor in the Real World | 18

  19. Evaluation Train and evaluate at exit relay No noise from transferring to entry Upper bound on attack accuracy Details 1 week evaluation 3.9M data sequences, 671k unique sites Multi-class classification predict a monitored site, or unmonitored Performance metric instant accuracy (i.e., moving average) # correct / # total predictions (10k window) U.S. Naval Research Laboratory Evaluating Website Fingerprinting Attacks on Tor in the Real World | 19

  20. Evaluation accuracy above 95% when monitoring 5 sites Train and evaluate at exit relay No noise from transferring to entry Upper bound on attack accuracy Details 1 week evaluation 3.9M data sequences, 671k unique sites Multi-class classification predict a monitored site, or unmonitored Performance metric instant accuracy (i.e., moving average) # correct / # total predictions (10k window) U.S. Naval Research Laboratory Evaluating Website Fingerprinting Attacks on Tor in the Real World | 20

  21. Evaluation accuracy above 95% when monitoring 5 sites Train and evaluate at exit relay No noise from transferring to entry Upper bound on attack accuracy Details 1 week evaluation 3.9M data sequences, 671k unique sites Multi-class classification predict a monitored site, or unmonitored Performance metric instant accuracy (i.e., moving average) # correct / # total predictions (10k window) accuracy quickly falls below 80% when monitoring 25 sites U.S. Naval Research Laboratory Evaluating Website Fingerprinting Attacks on Tor in the Real World | 21

  22. Genuine vs. Synthetic Data Offline phase Crawl synthetic list of domains Synthetic: use crawl to train a classifier offline Online phase Train two classifiers online Hybrid: update copy of synthetic classifier with genuine data Real: train new classifier on genuine data only 1 week evaluation 1.2M data sequences observed 183 of 1,074 synthetic domains Binary classification monitored set contains 5 sites predict either monitored or unmonitored U.S. Naval Research Laboratory Evaluating Website Fingerprinting Attacks on Tor in the Real World | 22

  23. Genuine vs. Synthetic Data Offline phase Crawl synthetic list of domains Synthetic: use crawl to train a classifier offline Online phase Train two classifiers online Hybrid: update copy of synthetic classifier with genuine data Real: train new classifier on genuine data only 1 week evaluation 1.2M data sequences observed 183 of 1,074 synthetic domains Binary classification monitored set contains 5 sites predict either monitored or unmonitored synthetic classifier performs poorly against genuine data U.S. Naval Research Laboratory Evaluating Website Fingerprinting Attacks on Tor in the Real World | 23

  24. Genuine vs. Synthetic Data synthetic data does not improve model over genuine data Offline phase Crawl synthetic list of domains Synthetic: use crawl to train a classifier offline Online phase Train two classifiers online Hybrid: update copy of synthetic classifier with genuine data Real: train new classifier on genuine data only 1 week evaluation 1.2M data sequences observed 183 of 1,074 synthetic domains Binary classification monitored set contains 5 sites predict either monitored or unmonitored synthetic classifier performs poorly against genuine data U.S. Naval Research Laboratory Evaluating Website Fingerprinting Attacks on Tor in the Real World | 24

  25. Training and Testing on Opposite Ends Fully synthetic evaluation Crawled 1k URLs 10x each Monitored set size: Train and test on exit Train on exit, test on entry Loss in accuracy: 5 50 750 52.2% 34.1% 18.1% 91.2% 76.2% 86.4% 65.1% 4.8% Pinned entry and exit on each circuit 11.1% Collected data sequences in both positions on each circuit Closed-world batch classification 50%-50% train-test split loss in accuracy is low for feasible (i.e. small) monitored sets U.S. Naval Research Laboratory Evaluating Website Fingerprinting Attacks on Tor in the Real World | 25

  26. Main Takeaways Insights Future Research Areas Improve accuracy when training on genuine data WF can be feasible with genuine data and small monitored sets, online learning can mitigate concept drift Reduce distortion when transferring models from exit to entry Synthetic data is not useful when the adversary deploys in the real world Defenses that make it harder to learn from genuine data, increase distortion Simple defenses may be more effective than we thought Adversary has to simulate defense on top of undefended exit data Read the paper! Contact rob.g.jansen@nrl.navy.mil robgjansen.com @robgjansen U.S. Naval Research Laboratory Evaluating Website Fingerprinting Attacks on Tor in the Real World | 26

Related


Types Cyber Attacks: Cyber Security Training Workshop

Types Cyber Attacks: Cyber Security Training Workshop

anara
Basics of Fingerprinting Classification and Cataloguing

Basics of Fingerprinting Classification and Cataloguing

simone
Understanding DNA Probes and Fingerprinting in Animal Biotechnology

Understanding DNA Probes and Fingerprinting in Animal Biotechnology

clement
Basics of Fingerprinting and Fingerprint Characters

Basics of Fingerprinting and Fingerprint Characters

chantal
Managing Covid-19 Cyber and Data Protection Risks

Managing Covid-19 Cyber and Data Protection Risks

kaisen
Mitigation of DMA-based Rowhammer Attacks on ARM

Mitigation of DMA-based Rowhammer Attacks on ARM

baylee
Postmortem Fingerprinting Techniques in Deceased Individuals

Postmortem Fingerprinting Techniques in Deceased Individuals

raia
Understanding Denial-of-Service Attacks and Defense Strategies

Understanding Denial-of-Service Attacks and Defense Strategies

delphi
Understanding Network Denial of Service (DoS) Attacks

Understanding Network Denial of Service (DoS) Attacks

zahra
Biomedical Forensics: Solving Mysteries Through DNA Analysis

Biomedical Forensics: Solving Mysteries Through DNA Analysis

mans106
Preventing Active Timing Attacks in Low-Latency Anonymous Communication

Preventing Active Timing Attacks in Low-Latency Anonymous Communication

kmike
Strategies to Protect School Systems from Cyber Attacks

Strategies to Protect School Systems from Cyber Attacks

alins
Understanding Fingerprinting: Types, Classification, and Patterns

Understanding Fingerprinting: Types, Classification, and Patterns

tor_be
Overview of Forensic Fingerprinting Techniques

Overview of Forensic Fingerprinting Techniques

gain_53
Understanding Sensor-Based Mobile Web Fingerprinting and Attacks

Understanding Sensor-Based Mobile Web Fingerprinting and Attacks

qcort
TORKARI: High Strength Reinforcing Steel Innovation by Torsteel Group

TORKARI: High Strength Reinforcing Steel Innovation by Torsteel Group

arowl
PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval

PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval

nknob
Understanding the Tor Network: An In-Depth Overview

Understanding the Tor Network: An In-Depth Overview

aleeci
Automated Signature Extraction for High Volume Attacks in Cybersecurity

Automated Signature Extraction for High Volume Attacks in Cybersecurity

klos_k
Understanding the Sniper Attack on Tor Network

Understanding the Sniper Attack on Tor Network

ala_u
Traffic Analysis for Measuring Tor from Within

Traffic Analysis for Measuring Tor from Within

kod_mcc
Targeted Deanonymization via the Cache Side Channel: Attacks and Defenses

Targeted Deanonymization via the Cache Side Channel: Attacks and Defenses

jmora

More Related Content