Touching from a Distance: Fingerprinting attacks on Tor

Friday, October 26, 2012 - 11:00am - 12:00pm EDT

  • Location:2 MetroTech Center, 10.099
    Brooklyn, NY, US
  • Contact:Torsten Suel
    suel@poly.edu
    718 260 3354

Speaker: Rob Johnson, Stony Brook University

Abstract:

We present a novel web page fingerprinting attack that is able to defeat several recently proposed defenses against traffic analysis attacks, including the application-level defenses HTTPOS and randomized pipelining over Tor.  Regardless of the defense scheme, our attack was able to guess which of 100 web pages a victim was visiting at least 50% of the time and, with some defenses,  over 90% of the time. Our attack is based on a simple model of network behavior and out-performs previously proposed ad hoc attacks. We then build a web site fingerprinting attack that is able to identify whether a victim is visiting a particular web site with over 90% accuracy in our experiments.

Our results strongly suggest that ad hoc defenses against traffic analysis are not likely to succeed. Consequently, we describe a defense scheme that provides provable security properties, albeit with potentially higher overheads.

Bio:

Rob Johnson is an Assistant Professor at Stony Brook University and conducts research in Software Security, System Security, Usable Security, and Cryptography. Rob is director of the Security, Privacy, And Theory (SPLAT) lab at Stony Brook, the Cryptography Lab at the New York Center for Excellencein Wireless and Information Technology (CEWIT), and the Smart Grid Cyber-security Testing Lab of the New York Advanced Energy Research and Technology Center (AERTC).  He graduated from UC Berkeley in 2006, where he studied with David Wagner.