The HOT project has been going for about four months now, and in this post we briefly summarise what has been done so far and the plan for the following four months.
Done so far
We’ve identified the three most relevant WF attacks:
and the most relevant PTs:
In the process of getting to these conclusions, we’ve:
- looked at the WF setting,
- the basic measurements,
- the more advanced measurements, and
- the kNN attack in detail.
Beyond that, April has largely been spent on contributing to DNS-based traffic correlation attacks. For these types of attacks, we’ve developed some tools for large scale measurements on DNS requests made when browsing the Internet. More about that in the future. This brings us to the next four months of HOT.
The next four months
As has been made apparent by recent WF-related work [1,2], understanding the impact of WF attacks is largely a question of scale. Building upon the work for DNS-based correlation attacks, we plan to spend our time roughly as follows:
- Better understand attacks and scale (May-July), and
- evaluate current PTs (August).
Due to recent advancements in WF-related work, the role and need for PTs to evaluate defenses in this context is less clear. We therefore wait as long as possible before evaluating current PTs as a starting point to designing our own defense.
Sources
- [0] T. Wang, X. Cai, R. Nithyanand, R. Johnson and I. Goldberg. Effective Attacks and Provable Defenses for Website Fingerprinting. USENIX 2014.
- [1] A. Panchenko, F. Lanze, A. Zinnen, M. Henze, J. Pennekamp, K. Wehrle and T. Engel. Website Fingerprinting at Internet Scale.
- [2] J Hayes and G Danezis. k-fingerprinting: a Robust Scalable Website Fingerprinting Technique
- [3] D. Fifield, C. Lan, R. Hynes, P. Wegmann and V. Paxson Blocking-resistant communication through domain fronting