A Systematic Approach To Developing And Evaluating Website Fingerprinting Defenses

Fingerprinting attacks have emerged as a serious threat against privacy mechanisms, such as SSL, Tor, and encrypting tunnels. Researchers have proposed numerous attacks and defenses, and the Tor project now includes both network- and browser-level defenses against these attacks, but published defenses have high overhead, poor security, or both.This paper (1) systematically analyzes existing attacks and defenses to understand which traffic features convey the most information (and therefore are most important for defenses to hide), (2) proves lower bounds on the bandwidth costs of any defense that achieves a given level of security, (3) presents a mathematical framework for evaluating performance of fingerprinting attacks and defenses in the open-world, given their closed-world performance, and (4) presents a new defense, Tamaraw, that achieves a better security/bandwidth trade-off than any previously proposed defense.Our feature-based analysis provides clear directions to defense designers on which features need to be hidden. Our lower bounds on bandwidth costs help us understand the limits of fingerprinting defenses and to determine how close we are to "success". Our open-world/close-world connection enables researchers to perform simpler closed-world experiments and predict open-world performance. Tamaraw provides an "existence proof" for efficient, secure defenses.