Visible to the public Biblio

Filters: Author is Nikita Borisov, University of Illinois at Urbana-Champaign  [Clear All Filters]
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 
Xun Gong, University of Illinois at Urbana-Champaign, Nikita Borisov, University of Illinois at Urbana-Champaign, Negar Kiyavash, University of Illinois at Urbana-Champaign, Nabil Schear, University of Illinois at Urbana-Champaign.  2012.  Website Detection Using Remote Traffic Analysis. 12th International Symposium on Privacy Enhancing Technologies (PETS 2012).

Recent work in traffic analysis has shown that traffic patterns leaked through side channels can be used to recover important semantic information. For instance, attackers can find out which website, or which page on a website, a user is accessing simply by monitoring the packet size distribution. We show that traffic analysis is even a greater threat to privacy than previously thought by introducing a new attack that can be carried out remotely. In particular, we show that, to perform traffic analysis, adversaries do not need to directly observe the traffic patterns. Instead, they can gain sufficient information by sending probes from a far-off vantage point that exploits a queuing side channel in routers.

To demonstrate the threat of such remote traffic analysis, we study a remote website detection attack that works against home broadband users. Because the remotely observed traffic patterns are more noisy than those obtained using previous schemes based on direct local traffic monitoring, we take a dynamic time warping (DTW) based approach to detecting fingerprints from the same website. As a new twist on website fingerprinting, we consider a website detection attack, where the attacker aims to find out whether a user browses a particular web site, and its privacy implications. We show experimentally that, although the success of the attack is highly variable, depending on the target site, for some sites very low error rates. We also show how such website detection can be used to deanonymize message board users.