Measuring the impact of site configurations on site fingerprinting over the web and Tor

Reddy, Sanjeev

Permalink

https://hdl.handle.net/2142/108024 Copy

Description

Title

Measuring the impact of site configurations on site fingerprinting over the web and Tor

Author(s)

Reddy, Sanjeev

Issue Date

2020-05-11

Director of Research (if dissertation) or Advisor (if thesis)

Borisov, Nikita

Department of Study

Computer Science

Discipline

Computer Science

Degree Granting Institution

University of Illinois at Urbana-Champaign

Degree Name

M.S.

Degree Level

Thesis

Keyword(s)

• web fingerprinting
• HTTP/2
• server push
• Tor
• onion services

Abstract

As security and privacy on the web become topics of significant concern, there have been increased efforts to expedite the deployment of encryption-based transport- and link-layer protection mechanisms such as HTTPS. Although encryption protects the data being transmitted between a client and a server, site visits generate unique traffic patterns due to contents of the site and the manner in which the server responds to user requests for site resources. These patterns can be learned by an adversary, and then be used to predict which site (or web page within a site) a user is visiting—a technique known as web fingerprinting. Web fingerprinting allows an adversary to compromise user privacy even in the presence of encryption mechanisms or anonymity systems, such as the Tor network. In this thesis, we examine how changes to a site’s configuration (i.e., the size of the site, site content, hosting strategies, etc.) can influence an adversary’s ability to successfully fingerprint a user’s visit to a site over the web and Tor. We pay particular attention to the impact of HTTP/2 and Server Push—new web standards which significantly change network traffic patterns by altering the order in which site resources are served. Additionally, we experiment with padding site sizes, renaming site resources, and hosting sites from both single and multiple servers in order to observe the effect of each of these changes on fingerprinting accuracy. In order to collect traces from sites that reflect our experimental changes, we create models of real-world sites and onion services that capture the resource dependency structures of the original sites. We then modify these models to reflect our desired configuration changes and serve them via HTTP/1.1 and HTTP/2 with server push. We collect traces of visits to these models conducted over the web, as well as the Tor network, and evaluate the performance of state-of-the-art fingerprinting classifiers on both sets of traces. We find that HTTP/2 with server push can successfully reduce fingerprinting accuracy when compared to HTTP/1.1, and that real-world sites visited over the web benefit from single-server hosting, site padding, and constant-length Huffman-encoded resource names. We also find that HTTP/2 with server push reduces the fingerprintability of regular sites and onion services accessed over the Tor network, but inconsistencies in our data prevent us from drawing any conclusions regarding the efficacy of site padding, resource renaming, and single- vs. multi-server hosting when fingerprinting Tor traffic. We suggest future work that should help gather more conclusive results for our Tor experiments.

Graduation Semester

2020-05

Type of Resource

Thesis

Permalink

http://hdl.handle.net/2142/108024

Copyright and License Information

Copyright 2020 Sanjeev Reddy

Owning Collections