Website Fingerprinting Through the Cache Occupancy Channel and its Real World Practicality.

Anatoly Shusterman, Zohar Avraham, Eliezer Croitoru, Yarden Haskal, Lachlan Kang, Dvir Levi, Yosef Meltser, Prateek Mittal, Yossi Oren, Yuval Yarom

Research output: Contribution to journalArticlepeer-review

Abstract

Website fingerprinting attacks use statistical analysis on network traffic to compromise user privacy. The classical attack model used to evaluate website fingerprinting attacks assumes an on-path adversary, who observes traffic traveling between the user's computer and the network. In this article we investigate a different attack model, in which the adversary sends JavaScript code to the target user's computer. This code mounts a cache side-channel attack to identify other websites being browsed. Using machine learning techniques to classify traces of cache activity, we achieve high classification accuracy in both the open-world and the closed-world models. Our attack is more resistant than network-based fingerprinting to the effects of response caching, and resilient both to network-based defenses and to side-channel countermeasures. We carry out a real-world evaluation of several aspects of our attack, exploring the impact of the changes in websites and browsers over time, as well as of the attacker's ability to guess the software and hardware configuration of the target user's computer. To protect against cache-based website fingerprinting, new defense mechanisms must be introduced to privacy-sensitive browsers and websites. We investigate one such mechanism, and show that it reduces the effectiveness of the attack and completely eliminates it when used in the Tor Browser.
Original languageEnglish
Article number5
Pages (from-to)2042-2060
Number of pages19
JournalIEEE Transactions on Dependable and Secure Computing
Volume18
Issue number5
DOIs
StatePublished - 2021

Keywords

  • Browsers
  • Privacy
  • Computational modeling
  • Side-channel attacks
  • Tools
  • Relays
  • statistical analysis
  • telecommunication traffic
  • online front-ends

Fingerprint

Dive into the research topics of 'Website Fingerprinting Through the Cache Occupancy Channel and its Real World Practicality.'. Together they form a unique fingerprint.

Cite this