SaTC: CORE: Small: Models and Measurements for Website Fingerprinting

SaTC：核心：小型：网站指纹识别的模型和测量

• 批准号: 1815757
• 负责人: Nicholas Hopper
• 金额: $ 49.97万
• 依托单位: University of Minnesota-Twin Cities
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-09-01 至 2023-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1815757&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Models; Measurements

Many private interactions between individuals and their friends, families, employers, and institutions are now carried out on the Internet; disclosure of the contents of these interactions or even the mere associations between these parties can expose people to real financial or physical risks. As a result, encryption and services such as virtual private networks or the Tor project that conceal the connection between a user and the websites they visit are growing in popularity. Website fingerprinting attacks use information that is not concealed by these techniques, such as file sizes and download times, to re-identify the websites a user visits, but while these attacks work in a lab environment, it is a challenge to evaluate them in practical settings and develop effective protections against them. This project will apply statistics and machine learning to develop new probabilistic models of the "fingerprint" of a website, metrics of the amount of information these models reveal, and privacy preserving algorithms and datasets to test these models. The results of these models and tests will be used to assess the threat posed by website fingerprinting and inform the design of new defense mechanisms. As a result, users will benefit from improved protection techniques, while other researchers can use the resulting models, datasets, and metrics to study the effectiveness of website fingerprinting defenses. The work and data will also be used to support both undergraduate and graduate education through both courses and research training.This project will seek to address three key challenges in website fingerprinting research -- privacy-preserving characterization of background traffic, maintaining fingerprint databases, and evaluation and comparison of defenses -- by developing new representations of website fingerprints that can assign a likelihood to any fingerprint being generated by a specific type of download. Using these representations, the project will pursue four main thrusts. First, the project will use these models to determine the extent to which website fingerprints can directly infer identifying features of a download without requiring a database of all possible web pages, moving from existing closed world approaches to website fingerprinting toward more broadly applicable open world approaches. Second, the project will develop algorithms to train the models on live traffic while preserving the privacy of individual users using concepts from differential privacy. Third, using the trained models, the project will provide the first assessment of attacks and defenses on realistic data, and use metrics from information theory to compare those attacks and defenses on an equal footing. Finally, the project will use the results of these evaluations to develop new defensive techniques that can be applied directly to the content of privacy-sensitive sites and to systems designed to protect users' downloads such as the Tor network.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

现在，个人与朋友，家人，雇主和机构之间进行了许多私人互动，现在在互联网上进行；披露这些相互作用的内容，甚至这些当事方之间的仅仅关联都可以使人们面临实际的财务或物理风险。结果，掩盖用户和他们访问的网站之间连接的虚拟专用网络或TOR项目等加密和服务正在越来越受欢迎。 网站指纹攻击使用这些技术不隐藏的信息，例如文件大小和下载时间，以重新识别用户访问的网站，但是尽管这些攻击在实验室环境中起作用，但在实验室环境中起作用，在实践环境中评估它们并开发有效的保护措施是一个挑战。 该项目将应用统计信息和机器学习来开发网站“指纹”的新概率模型，这些模型显示的信息量的指标以及保留算法和数据集的隐私性来测试这些模型。 这些模型和测试的结果将用于评估网站指纹构成的威胁，并为新的防御机制的设计提供信息。 结果，用户将受益于改进的保护技术，而其他研究人员可以使用所得模型，数据集和指标来研究网站指纹防御的有效性。 The work and data will also be used to support both undergraduate and graduate education through both courses and research training.This project will seek to address three key challenges in website fingerprinting research -- privacy-preserving characterization of background traffic, maintaining fingerprint databases, and evaluation and comparison of defenses -- by developing new representations of website fingerprints that can assign a likelihood to any fingerprint being generated by a specific type of download. 使用这些表示形式，该项目将追求四个主要推力。 首先，该项目将使用这些模型来确定网站指纹可以直接推断下载的特征在不需要所有可能的网页数据库的情况下，从现有的封闭世界方法转变为网站指纹转向更广泛适用的开放世界方法。 其次，该项目将开发算法来培训模型在实时流量上，同时使用来自差异隐私的概念保留单个用户的隐私。 第三，使用训练有素的模型，该项目将对现实数据的攻击和防御措施进行首次评估，并使用信息理论的指标来比较这些攻击和防御。 最后，该项目将使用这些评估的结果来开发新的防御技术，这些技术可以直接应用于隐私敏感站点的内容以及旨在保护用户下载（例如TOR Network）的系统。该奖项反映了NSF的法定任务，并被认为是通过基金会的智力优点和广泛影响的评估来审查CRETERIA的NSF的法定任务。

项目成果

p1-FP: Extraction, Classification, and Prediction of Website Fingerprints with Deep Learning

p1-FP：利用深度学习提取、分类和预测网站指纹

• DOI: 10.2478/popets-2019-0043
• 发表时间: 2019
• 期刊: Proceedings on Privacy Enhancing Technologies
• 作者: Oh, Se Eun;Sunkam, Saikrishna;Hopper, Nicholas
• 通讯作者: Hopper, Nicholas

SoK: A Critical Evaluation of Efficient Website Fingerprinting Defenses

• DOI: 10.1109/sp46215.2023.10179289
• 发表时间: 2023-05
• 期刊: 2023 IEEE Symposium on Security and Privacy (SP)
• 作者: Nate Mathews;James K. Holland;Se Eun Oh;Mohammad Saidur Rahman;Nicholas Hopper;M. Wright

Padding-only Defenses Add Delay in Tor

仅填充防御会增加 Tor 的延迟

• DOI: 10.1145/3559613.3563207
• 发表时间: 2022
• 期刊: WPES'22: Proceedings of the 21st Workshop on Privacy in the Electronic Society
• 作者: Witwer, Ethan;Holland, James K.;Hopper, Nicholas
• 通讯作者: Hopper, Nicholas

RegulaTor: A Straightforward Website Fingerprinting Defense

Regulator：简单的网站指纹防御

• DOI: 10.2478/popets-2022-0049
• 发表时间: 2022
• 期刊: Proceedings on Privacy Enhancing Technologies
• 作者: Holland, James K;Hopper, Nicholas
• 通讯作者: Hopper, Nicholas

DeepCoFFEA: Improved Flow Correlation Attacks on Tor via Metric Learning and Amplification

DeepCoFFEA：通过度量学习和放大改进对 Tor 的流相关攻击

• DOI: 10.1109/sp46214.2022.9833801
• 发表时间: 2022
• 期刊: IEEE Symposium on Security and Privacy (SP
• 作者: Oh, Se Eun;Yang, Taiji;Mathews, Nate;Holland, James K;Rahman, Mohammad Saidur;Hopper, Nicholas;Wright, Matthew
• 通讯作者: Wright, Matthew