Towards Real-World Design and Evaluation of Website Fingerprinting Defenses

The Hong Kong University of Science and Technology
Department of Computer Science and Engineering


PhD Thesis Defence


Title: "Towards Real-World Design and Evaluation of Website Fingerprinting 
Defenses"

By

Mr. Jiajun GONG


Abstract

Website Fingerprinting (WF) attacks threaten user privacy on anonymity 
networks such as Tor because they can be used by network surveillants to 
identify the web pages a user is visiting by extracting the size and 
timing information of the user’s encrypted network traffic; however, Tor 
is currently undefended against WF because existing defenses have not 
convincingly shown their effectiveness. Some defenses have been overcome 
by newer attacks; other defenses have never been implemented and tested in 
a real open-world scenario, as they had unsolved practical issues for 
deployment. In this thesis, we focused on designing and evaluating 
effective defenses that can be deployed in the real Tor network. We 
proposed three effective defenses that incurred different overhead levels, 
targeting users with different security preferences. To deploy and 
evaluate the effectiveness of the WF defenses, we built a general platform 
for WF defense implementation.

We first proposed two zero-delay defenses, FRONT, and GLUE. FRONT and GLUE 
are two practical defenses specifically designed for achieving low 
overhead. We observed that WF attacks rely on the feature-rich trace 
front, so FRONT focuses on obfuscating the trace front with dummy packets. 
It also randomizes the number and distribution of dummy packets for 
trace-to-trace randomness to impede the attacker’s learning process. GLUE 
adds dummy packets between separate traces so that they appear to the 
attacker as a long consecutive trace, rendering the attacker unable to 
find their start or end points, let alone classify them. Our experiments 
show that with only 33% data overhead, FRONT reduces the F1-score of the 
best attack from 0.94 to 0.47. By comparison, the best-known lightweight 
defense, WTF-PAD, only reduces it to 0.70. With around 22% — 44% data 
overhead, GLUE can lower the true positive rate and precision of the best 
WF attacks to less than 15%, approaching the performance of the best 
heavyweight defenses.

FRONT is strong and efficient as a lightweight defense, but it is 
ineffective if we want to reduce the attacker’s true positive rate below 
50%. To further thwart WF attacks, we proposed a strong defense, Surakav. 
Surakav makes use of a Generative Adversarial Network (GAN) to generate 
realistic sending patterns and regulates buffered data according to these 
patterns. Experiments show that Surakav is able to reduce the attacker’s 
true positive rate by 57% with 55% data overhead and 16% time overhead, 
saving 42% data overhead compared to FRONT. In the heavyweight setting, 
Surakav outperforms the strongest known defense, Tamaraw, requiring 50% 
less overhead in data and time to lower the attacker’s true positive rate 
to only 8%.

We observed that most WF defenses are claimed to be effective only in 
simulation; few have been implemented and tested in the real world. To 
determine how these defenses perform in the real world, we 
built WFDefProxy, a general platform for WF defense implementation on Tor 
as pluggable transports. We created the first full implementation of five 
WF defenses: FRONT, Surakav, Tamaraw, RegulaTor, and Random-WT. We 
evaluated each defense extensively by directly collecting defended 
datasets in the real Tor network under WFDefProxy. We spotted that defense 
simulations can be inaccurate, leading to an inaccurate conclusion on a 
defense performance. Therefore, it is important to evaluate defenses as 
implementations instead of only simulations to avoid potential 
misjudgment.


Date:			Monday, 5 December 2022

Time:			3:00pm - 5:00pm

Venue:			Room 3494
 			lifts 25/26

Chairperson:		Prof. Yongli MI (CBE)

Committee Members:	Prof. Charles ZHANG (Supervisor)
 			Prof. Tao WANG (Supervisor, Simon Fraser U)
 			Prof. Cunsheng DING
 			Prof. Shuai WANG
 			Prof. Jun ZHANG (ECE)
 			Prof. Ee-Chien CHANG (National U of Singapore)


**** ALL are Welcome ****