Title: Website Fingerprinting at Internet Scale.

Authors: Panchenko, A., Lanze, F., Zinnen, A., Henze, M., Pennekamp, J., Wehrle, K. and Engel, T.

Publisher: ISOC

ISBN: 1-891562-41-X

DOI: 10.14722/ndss.2016.23477

Event Website: https://www.internetsociety.org/events/ndss-symposium-2016/ndss-2016-programme

Abstract: The website fingerprinting attack aims to identify the content (i.e., a webpage accessed by a client) of encrypted and anonymized connections by observing patterns of data flows such as packet size and direction. This attack can be performed by a local passive eavesdropper – one of the weakest adversaries in the attacker model of anonymization networks such as Tor. In this paper, we present a novel website fingerprinting attack. Based on a simple and comprehensible idea, our approach out performs all state-of-the-art methods in terms of classification accuracy while being computationally dramatically more efficient. In order to evaluate the severity of the website fingerprinting attack in reality, we collected the most representative dataset that has ever been built, where we avoid simplified assumptions made in the related work regarding selection and type of webpages and the size of the universe. Using this data, we explore the practical limits of website fingerprinting at Internet scale. Although our novel approach is by orders of magnitude computationally more efficient and superior in terms of detection accuracy, for the first time we show that no existing method – including our own – scales when applied in realistic settings. With our analysis, we explore neglected aspects of the attack and investigate the realistic probability of success for different strategies a real-world adversary may follow.



PRIVACY FLAG is at the moment one of the six EU projects on privacy innovation. The others are listed below:
VisiOn – Visual Privacy Management in User Centric Open Environments
Operando – Online privacy enforcement, rights assurance & optimization
Panoramix – Privacy and Accountability in Networks via Optimized Randomized Mix-nets
• Types – Towards transparencY and Privacy in the onlinE advertising business
SafeCloud – Secure and Resilient Cloud Architecture, www.safecloud-project.eu

PRIVACY FLAG also shares common interests with EU Projects in areas such as Internet of Things (IoT) and Smart Cities. These are:
Organicity EU project – Co-creating smart cities of the future
• U4IoT – User Engagement for Large Scale Pilots in the Internet of Things. (Project started in 01/01/2017)
• ANASTACIA – Advanced Networked Agents for Security and Trust Assessment in CPS/IOT Architectures (Project started in 01/01/2017)
• CREATE-IoT – Cross Fertilisation Through Alignment, Synchronisation and Exchanges For IoT (Project started in 01/01/2017)
WeLive – A neW concept of public administration based on citizen co-created mobile urban services

PRIVACY FLAG goal is to amplify the European privacy innovation community and promote the community’s position in an international context.