Withdraw
Loading…
Measuring the impact of site configurations on site fingerprinting over the web and Tor
Reddy, Sanjeev
Loading…
Permalink
https://hdl.handle.net/2142/108024
Description
- Title
- Measuring the impact of site configurations on site fingerprinting over the web and Tor
- Author(s)
- Reddy, Sanjeev
- Issue Date
- 2020-05-11
- Director of Research (if dissertation) or Advisor (if thesis)
- Borisov, Nikita
- Department of Study
- Computer Science
- Discipline
- Computer Science
- Degree Granting Institution
- University of Illinois at Urbana-Champaign
- Degree Name
- M.S.
- Degree Level
- Thesis
- Keyword(s)
- web fingerprinting
- HTTP/2
- server push
- Tor
- onion services
- Abstract
- As security and privacy on the web become topics of significant concern, there have been increased efforts to expedite the deployment of encryption-based transport- and link-layer protection mechanisms such as HTTPS. Although encryption protects the data being transmitted between a client and a server, site visits generate unique traffic patterns due to contents of the site and the manner in which the server responds to user requests for site resources. These patterns can be learned by an adversary, and then be used to predict which site (or web page within a site) a user is visiting—a technique known as web fingerprinting. Web fingerprinting allows an adversary to compromise user privacy even in the presence of encryption mechanisms or anonymity systems, such as the Tor network. In this thesis, we examine how changes to a site’s configuration (i.e., the size of the site, site content, hosting strategies, etc.) can influence an adversary’s ability to successfully fingerprint a user’s visit to a site over the web and Tor. We pay particular attention to the impact of HTTP/2 and Server Push—new web standards which significantly change network traffic patterns by altering the order in which site resources are served. Additionally, we experiment with padding site sizes, renaming site resources, and hosting sites from both single and multiple servers in order to observe the effect of each of these changes on fingerprinting accuracy. In order to collect traces from sites that reflect our experimental changes, we create models of real-world sites and onion services that capture the resource dependency structures of the original sites. We then modify these models to reflect our desired configuration changes and serve them via HTTP/1.1 and HTTP/2 with server push. We collect traces of visits to these models conducted over the web, as well as the Tor network, and evaluate the performance of state-of-the-art fingerprinting classifiers on both sets of traces. We find that HTTP/2 with server push can successfully reduce fingerprinting accuracy when compared to HTTP/1.1, and that real-world sites visited over the web benefit from single-server hosting, site padding, and constant-length Huffman-encoded resource names. We also find that HTTP/2 with server push reduces the fingerprintability of regular sites and onion services accessed over the Tor network, but inconsistencies in our data prevent us from drawing any conclusions regarding the efficacy of site padding, resource renaming, and single- vs. multi-server hosting when fingerprinting Tor traffic. We suggest future work that should help gather more conclusive results for our Tor experiments.
- Graduation Semester
- 2020-05
- Type of Resource
- Thesis
- Permalink
- http://hdl.handle.net/2142/108024
- Copyright and License Information
- Copyright 2020 Sanjeev Reddy
Owning Collections
Graduate Dissertations and Theses at Illinois PRIMARY
Graduate Theses and Dissertations at IllinoisDissertations and Theses - Computer Science
Dissertations and Theses from the Dept. of Computer ScienceManage Files
Loading…
Edit Collection Membership
Loading…
Edit Metadata
Loading…
Edit Properties
Loading…
Embargoes
Loading…