|
The more people use the Internet, the more they risk sharing information they don't want other people to know. Tor is a technology that every day helps millions of people protect their privacy online. Tor users -- ranging from ordinary citizens to companies with valuable intellectual property -- gain protection for the content of their online messages and activities, as well as whom they interact with and when. For the most part, Tor is very secure. However, it has a known vulnerability to an attack called website fingerprinting. An attacker, such as someone eavesdropping on a wireless connection, can analyze recognizable patterns in data that websites send to visitors, potentially determining which websites a user visits. Studies have shown that, in some situations, this attack can be successful up to 90% of the time. Developers of Tor and a team of researchers will collaborate to build and deploy new defenses against website fingerprinting, which substantially lower attack accuracy without degrading user experience or increasing the costs of running the system. By widely deploying such a defense, Tor's security is greatly improved. This also provides an experimental platform and data that other researchers can use for their own experiments, helping to further strengthen Tor.
Previous approaches to defending against website fingerprinting increased latency, so that web pages load 2 to 4 times slower than normal. To design an effective defense that doesn't unacceptably slow browsing or increase bandwidth overhead, this project builds on a technique called Adaptive Padding, which has shown promising results in preliminary work. Adaptive Padding works by noticing distinctive gaps in data packets flowing over the network between a website and Tor user and filling these gaps with extra packets to obfuscate the website's fingerprint. The research team first developed a platform for evaluating Adaptive Padding and other defenses in Tor, allowing security experiments in the live Tor network without full deployment or endangering user privacy. Leveraging this platform, the team performs extensive experiments on website fingerprinting defenses and attacks, leading towards deployment. The project focuses on defenses that can be practically deployed and significantly improve user security. Since defenses meeting these requirements have been understudied to date, this project enhances knowledge in this area. Finally, the findings of the project are fully transitioned to Tor to make Internet browsing safer and more secure.
|
TTP: Small: Collaborative: Defending Against Website Fingerprinting in Tor