Self-Defense Against Website Fingerprinting Using ALPaCA

Postgraduate Thesis uoadl:2920810 48 Read counter

Unit:
Κατεύθυνση / ειδίκευση Υπολογιστικά Συστήματα: Λογισμικό και Υλικό (ΣΥΣ)
Πληροφορική
Deposit date:
2020-07-29
Year:
2020
Author:
Skleparis Efstratios
Supervisors info:
Χατζηκοκολάκης Κωνσταντίνος, Αναπληρωτής Καθηγητής, Τμήμα Πληροφορικής και Τηλεπικοινωνιών, Εθνικόν και Καποδιστριακόν Πανεπιστήμιον Αθηνών
Original Title:
Self-Defense Against Website Fingerprinting Using ALPaCA
Languages:
English
Greek
Translated title:
Self-Defense Against Website Fingerprinting Using ALPaCA
Summary:
Website Fingerprinting is a type of traffic analysis attack where a passive adversary endeavours to identify a user’s web browsing activity by analysing traffic patterns of encrypted network packets sequence without any other knowledge. A number of defenses have been designed to counter these attacks both in network and application-layer. However, most of the defenses are impractical for deployment in the real-world since they require to modify the traffic of all users simultaneously (e.g. by altering the traffic in the TOR network).

ALPaCA is an application-layer server-side Website Fingerprinting defense proposed recently in the literature. In this thesis, we evaluate and present ALPaCA (Application Layer Padding Concerns Adversaries) optimal configuration settings in a “self-defense” scenario namely one in which an administrator can apply the defense to his own website, but has no control whatsoever over other websites, as is typically the case in real-world scenarios. The configuration settings can be set by the .onion site administrator directly at the Nginx dynamic module which uses ALPaCA to protect the websites for which it is enabled.

Our proposed configuration settings, obtained from the Quantitative Information Flow theory, efficiently decrease the adversary’s predictive accuracy to infer which .onion site the user visits, by altering the network traffic generated by the web application server. We present an experimental evaluation, for a variety of configurations including the optimal ones as well as those studied in the original ALPaCA paper, for both binary and exact classification adversaries.
Main subject category:
Technology - Computer science
Keywords:
Website fingerprinting, privacy, anonymity, Tor
Index:
Yes
Number of index pages:
3
Contains images:
Yes
Number of references:
25
Number of pages:
44

eskleparis_msc_thesis.pdf
627 KB
File access is restricted only to the intranet of UoA.