FEARLESS engineering http://hightechforum.org/tag/privacy/ Can we overcome this …
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
FEARLESS engineering
http://hightechforum.org/tag/privacy/
Can we overcome this …
FEARLESS engineering
With this?
FEARLESS engineering
Actually …
Tor
FEARLESS engineering
Can we overcome this …
The real question is:
FEARLESS engineering
… using fingerprinting?
UT DALLAS Erik Jonsson School of Engineering & Computer Science
FEARLESS engineering
Khaled Al-Naami Swarup Chandra Ahmad MustafaLatifur Khan Zhiqiang Lin Kevin Hamlen Bhavani
Thuraisingham
Adaptive Encrypted Traffic Fingerprinting
With Bidirectional Dependence
This work is funded by NSF, AFOSR, and NSA.
FEARLESS engineering
Outline
• Attack
• BIND
• Defenses
• Experiments
• Base rate fallacy
• Adaptive Learning
FEARLESS engineering
Outline
FEARLESS engineering
Traffic fingerprinting
FEARLESS engineering
Website Fingerprinting (WFP)
• A Traffic Analysis (TA) attack.
• Threatens web navigation privacy.
• Attackers learn information about a website accessed by the user.
• Website = Fingerprint = Signature
FEARLESS engineering
Website Fingerprinting
• The Goal is to identify the websites
• Can also help identify threats– Bad people
• Can harm certain individuals – Journalists
– Activists
– Bloggers
FEARLESS engineering
WFP Diagram – Tor
FEARLESS engineering
How about mobile apps?
• Apps Fingerprinting
• Threatens apps navigation privacy.
• Attackers learn information about apps accessed by the user.
• App = Fingerprint = Signature
FEARLESS engineering
App Fingerprinting
• Marketing view:– advertisement
– network bandwidth management
– app recommendations
• Adversarial view:– targeted attacks on well-known vulnerable apps
FEARLESS engineering
Apps Fingerprinting
FEARLESS engineering
Encrypted Data
FEARLESS engineering
Outline
FEARLESS engineering
BIND: fingerprinting with BI-directioNal Dependence
BIND
FEARLESS engineering
BIND
Observation is that traffic exchanged in the two directions of a connection depend upon each other.
Therefore, design a new fingerprinting mechanism (BIND)that leverages this sequence dependence.
FEARLESS engineering
FEARLESS engineering
Outline
FEARLESS engineering
Arms Race
Defenders morph packets
AttackersBIND
FEARLESS engineering
Attackers and Defenders – Arms Race
• The competition between attackers and defenders is continually evolving
• Attackers collect the packets and apply ML.
• Defenders morph packets (website A to look like website B)
• The coarser the features, the more resistant
• BIND: coarse-feature approach
FEARLESS engineering
Defenses (DTS – Distribution-Based)
• DTS: Direct Target Sampling– A: Src Webpage B: Target Webpage– DA and DB (Packet Length Distributions)
– For every packet of length i from A sample packet of length j from DB
• if j > i then pad i to j and send
• else send i
• Continue sampling by adding dummy packets until distance L1(A’, B) < 0.3
FEARLESS engineering
Defenses (TM - Distribution-Based)
• TM: Traffic Morphing– Similar to DTS but sample to pad packets using convex optimization (to minimize
padding overhead)
– Y = AXProbabilities to be calc.pmf of target pmf of source
s: packet size
FEARLESS engineering
Defenses (TM - Distribution-Based)
• Continue sampling by adding dummy packets until distance L1(A’, B) < 0.3
FEARLESS engineering
FEARLESS engineering
Outline
FEARLESS engineering
Closed-world scenario
FEARLESS engineering
Open-world scenario
FEARLESS engineering
Closed-world vs Open-world
Item Closed-world Open-world
Set Finite set of websites - Monitored- Non-Monitored
Classification Multi-class (websites) Binary
Goal Predict website Predict if a Monitored or non-Monitored website
Universe -> ∞
M (Finite)
M’(Infinite & Diverse)
http://www.geeksforgeeks.org/getting-started-with-classification/
Closed-worldOpen-world
FEARLESS engineering
Datasets and setup
FEARLESS engineering
Apps dataset collection process
FEARLESS engineering
Summary of previous and proposed approaches
FEARLESS engineering
Closed world – w/o Defenses
Accuracy %
FEARLESS engineering
Open world – w/o Defenses
TPR and FPR %
FEARLESS engineering
Closed world – w/ Traffic Morphing Defense
FEARLESS engineering
Open world – w/ Traffic Morphing/Tamaraw
FEARLESS engineering
Running Time (cw)
FEARLESS engineering
Running Time (ow)
• WKNN and BINDWKNN (> 30 min) – due to weight computations.
• BINDRF (< 60 sec)
• Yet, BINDRF outperformed BINDWKNN (or WKNN)
FEARLESS engineering
Outline
FEARLESS engineering
Base Detection Rate (BDR) – Open-world
actual M -M
classifed
D tp fp -D fn tn
FEARLESS engineering
BDR – prior probability of a targeted client
FEARLESS engineering
Outline
FEARLESS engineering
Adaptive Learning
FEARLESS engineering
Adaptive Learning
FEARLESS engineering
Adaptive Learning
FEARLESS engineering
Conclusion
• A coarse-feature extraction approach (BIND) over encrypted data– Capturing dependences between consecutive packet sequences
• Across multiple domains– HTTPS, Tor, Smartphone Apps
• Closed-world and open-world settings
• The approach is more resilient to defenses
• BDR
• Adaptive Learning
FEARLESS engineering
Future work
• Incremental Learning– Change Point Detection
• Multi-tab browsing– Tor
• New defenses– Work presented represents attacker
– Implementing a more successful defense that BIND can’t evade
FEARLESS engineering
Thank you!Questions?
Related Documents
