Defense Implementation for Website Fingerprinting Attacks on Nginx Web Server

Graduate Thesis uoadl:2880041 110 Read counter

Unit:
Department of Informatics and Telecommunications
Πληροφορική
Deposit date:
2019-08-06
Year:
2019
Author:
KOKKINAKOS PANAGIOTIS
Supervisors info:
Κωνσταντίνος Χατζηκοκολάκης, Αναπληρωτής Καθηγητής, Τμήμα Πληροφορικής & Τηλεπικοινωνιών, Σχολή Θετικών Επιστημών
Original Title:
Defense Implementation for Website Fingerprinting Attacks on Nginx Web Server
Languages:
English
Greek
Translated title:
Defense Implementation for Website Fingerprinting Attacks on Nginx Web Server
Summary:
Website Fingerprinting attack gives a passive adversary the ability to know which sites a
client visits, even when the packages that are being exchanged between the client and
the site are encrypted. This is possible by analyzing the network traffic between those
two, and extracting network patterns that are unique to each site.
For this kind of attacks, we implement an application-level defense called ALPaCA
(Application Layer Padding Concerns Adversaries), as proposed by Giovanni Cherubin,
Jamie Hayes, and Marc Juarez. We implement ALPaCA as a Rust library, and develop
an Nginx module which uses ALPaCA to protect the sites for which it is enabled.
In this thesis, we implement the first Website fingerprinting defense which can be used
on a web server.
The defense’s purpose is to lower the adversary’s predictive accuracy as of which site
the client visits, by altering the network traffic, and specifically the packages from the
site’s server towards the client.
The code of this thesis can be found at the following links:
https://github.com/PanosKokk/ngx_http_alpaca_module
https://github.com/PanosKokk/libalpaca
Main subject category:
Technology - Computer science
Keywords:
website fingerprinting, privacy, anonymity
Index:
Yes
Number of index pages:
2
Contains images:
Yes
Number of references:
9
Number of pages:
30
Thesis.pdf (758 KB) Open in new window