Skip to main content

An empirical study of web browsers’ resistance to traffic analysis and website fingerprinting attacks

Abstract

Anonymity protocols are employed to establish encrypted tunnels to protect the privacy of Internet users from traffic analysis attacks. However, the attackers strive to infer some traffic patterns’ characteristics (e.g. packet directions, packet sizes, inter-packet timing, etc.) in order to expose the identities of Internet users and their activities. A recent and popular traffic analysis attack is called website fingerprinting which reveals the identity of websites visited by target users. Existing work in the literature studied the website fingerprinting attack using a single web browser, namely Firefox. In this paper we propose a unified traffic analysis attack model composed of a sequence of phases that demonstrate the efficiency of website fingerprinting attack using popular web browsers under Tor (The Onion Router). In addition, we reveal the main factors that affect the accuracy of website fingerprinting attack over Tor anonymous system and using different browsers. To the best of our knowledge, no previous study uncovered such factors by deploying real-world traffic analysis attack utilizing the top five web browsers. The outcomes of the research are very relevant to Internet users (individuals/companies/governments) since they allow to assess to which extent their privacy is preserved in presence of traffic analysis attacks, in particular, website fingerprinting over different browsers. A recommendation for future research direction regarding the investigation of website fingerprinting over different scenarios is also provided.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Notes

  1. http://www.alexa.com/topsites.

References

  1. Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. Naval Research Lab, Washington DC (2004)

    Book  Google Scholar 

  2. Berthold, O., Federrath, H., Köpsell, S.: Web MIXes: a system for anonymous and unobservable Internet access. In: Designing privacy enhancing technologies, pp. 115–129. Springer, New York (2001)

    Chapter  Google Scholar 

  3. Warren, S.D., Brandeis, L.D.: The right to privacy. Harvard Law Rev. 4, 193–220 (1890)

    Article  Google Scholar 

  4. Clarke, R.: Internet privacy concerns confirm the case for intervention. Commun. ACM 42(2), 60–67 (1999)

    Article  Google Scholar 

  5. Culnan, M.J.: “How Did They Get My Name?”: an exploratory investigation of consumer attitudes toward secondary information use. MIS Q. 341–363 (1993)

    Article  Google Scholar 

  6. Chung, W., Paynter, J.: Privacy issues on the Internet. In: System Sciences. HICSS. Proceedings of the 35th Annual Hawaii International Conference on 2002, p. 9 pp. IEEE (2002)

  7. Hintz, A.: Fingerprinting websites using traffic analysis. In: International Workshop on Privacy Enhancing Technologies, pp. 171–178. Springer (2002)

  8. Tor: The Second-Generation Onion Router. http://oai.dtic.mil/oai/oai?&verb=getRecord&metadataPrefix=html&identifier=ADA465464 (2017)

  9. Bissias, G.D., Liberatore, M., Jensen, D., Levine, B.N.: Privacy vulnerabilities in encrypted HTTP streams. In: International Workshop on Privacy Enhancing Technologies, pp. 1–11. Springer (2005)

  10. Panchenko, A., Niessen, L., Zinnen, A., Engel, T.: Website fingerprinting in onion routing based anonymization networks. In: Proceedings of the 10th annual ACM workshop on Privacy in the electronic society, pp. 103–114. ACM (2011)

  11. Al-Shehari, T., Shahzad, F.: Improving Operating system fingerprinting using machine learning techniques. Int. J. Comput. Theor. Eng. 6(1), 57 (2014)

    Article  Google Scholar 

  12. Herrmann, D., Wendolsky, R., Federrath, H.: Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier. In: Proceedings of the 2009 ACM workshop on Cloud computing security, pp. 31–42. ACM (2009)

  13. Cai, X., Zhang, X.C., Joshi, B., Johnson, R.: Touching from a distance: Website fingerprinting attacks and defenses. In: Proceedings of the 2012 ACM conference on Computer and communications security, pp. 605–616. ACM (2012)

  14. Craven, R.M.: Traffic analysis of anonymity systems. Clemson University, Clemson (2010)

    Google Scholar 

  15. Tor project: Anonymity Online. https://www.torproject.org. (2017)

  16. Pfitzmann, A., Köhntopp, M.: Anonymity, unobservability, and pseudonymity—a proposal for terminology. In: Designing privacy enhancing technologies, pp. 1–9. Springer, New York (2001)

    Google Scholar 

  17. Chaum, D.L.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84–90 (1981)

    Article  Google Scholar 

  18. Möller, U., Cottrell, L., Palfrader, P., Sassaman, L.: Mixmaster protocol—version 2. Draft, July 154, 28 (2003)

  19. Mathewson, N., Dingledine, R.: Practical traffic analysis: Extending and resisting statistical disclosure. In: Privacy Enhancing Technologies, pp. 17–34. Springer, New York (2004)

    Chapter  Google Scholar 

  20. Berthold, O., Hannes, F., Stefan, K.: Web MIXes: A system for anonymous and unobservable Internet access. In: Designing privacy enhancing technologies. Springer, Berlin, Heidelberg (2001)

    Chapter  Google Scholar 

  21. Zantout, B., Haraty, R.: I2P data communication system. In: Proceedings of ICN, pp. 401–409 (2011)

  22. Bielova, N.: Survey on JavaScript security policies and their enforcement mechanisms in a web browser. J. Logic Algebr. Progr. 82(8), 243–262 (2013)

    Article  Google Scholar 

  23. Garsiel, T., Irish, P.: How browsers work: Behind the scenes of modern web browsers. Google Project, August (2011)

  24. Liberatore, M., Levine, B.N.: Inferring the source of encrypted HTTP connections. In: Proceedings of the 13th ACM conference on Computer and communications security, pp. 255–263. ACM (2006)

  25. Shi, Y., Matsuura, K.: Fingerprinting Attack on the Tor Anonymity System. In: ICICS, pp. 425–438. Springer, New York (2009)

    Chapter  Google Scholar 

  26. Wang, T., Goldberg, I.: Improved website fingerprinting on tor. In: Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society, pp. 201–212. ACM (2013)

  27. Zhioua, S.: The web browser factor in traffic analysis attacks. Secur. Commun. Netw. 8(18), 4227–4241 (2015)

    Article  Google Scholar 

  28. Fuchs, C., Boersma, K., Albrechtslund, A., Sandoval, M.: Internet and surveillance: The challenges of Web 2.0 and social media, vol. 16. Routledge, (2013)

  29. Abu-Amara, M.: A combined solution for the Internet access denial caused by malicious Internet service providers. Secur. Commun. Netw. 7(11), 2078–2093 (2014)

    Article  Google Scholar 

  30. Lyon, D.: Surveillance after September 11, vol. 11. Polity, (2003)

  31. Zhang, Y., Su, S., Wang, Y., Chen, W., Yang, F.: Privacy-assured substructure similarity query over encrypted graph-structured data in cloud. Secur. Commun. Netw. 7(11), 1933–1944 (2014)

    Article  Google Scholar 

  32. Johnson, A., Wacek, C., Jansen, R., Sherr, M., Syverson, P.: Users get routed: Traffic correlation on Tor by realistic adversaries. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & communications security, pp. 337–348. ACM (2013)

  33. Navarro, G.: A guided tour to approximate string matching. ACM Comput. Surv. (CSUR) 33(1), 31–88 (2001)

    Article  Google Scholar 

  34. Gehrig, A.P.: Detection of spoofing of remote client system information. In. Google Patents, (2015)

  35. Browserscope: How Does Your Browser Compare? http://www.browserscope.org/. (2017)

  36. Browser testing on BrowserStack. https://www.caniuse.com/. (2017)

  37. Internet Explorer Dev. Center: Asynchronous script execution. http://msdn.microsoft.com/en-us/library/ie/hh673524. (2017)

  38. Ihrig, C.: Profiling Page Loads with the Navigation Timing API. (1 September 2012). (2017)

  39. Crowley, M.: Pro Internet Explorer 8 & 9 Development: Developing Powerful Applications for the Next Generation of IE. Apress, New York (2011)

    Google Scholar 

  40. Wang, W., Motani, M., Srinivasan, V.: Dependent link padding algorithms for low latency anonymity systems. In: Proceedings of the 15th ACM conference on Computer and communications security, pp. 323–332. ACM (2008)

  41. Butkiewicz, M., Madhyastha, H.V., Sekar, V.: Understanding website complexity: measurements, metrics, and implications. In: Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference, pp. 313–328. ACM (2011)

  42. Akhawe, D., Felt, A.P.: Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness. In: USENIX security symposium (2013)

  43. Barker, T.: What is Performance. In: Pro JavaScript Performance. pp. 1–12. Springer, New York (2012)

    Chapter  Google Scholar 

  44. Guha, A., Fredrikson, M., Livshits, B., Swamy, N.: Verified security for browser extensions. In: Security and Privacy (SP), IEEE Symposium on 2011, pp. 115–130. IEEE (2011)

  45. Holland, M.C.: Assessment of content delivery services using performance measurements from within an end user client application. In. Google Patents, (2017)

  46. Dutton, S.: “Measuring Page Load Speed with Navigation Timing - HTML5 Rocks.” HTML5 Rocks - A Resource for Open Web HTML5 Developers, Creative Commons Attribution 3.0 License (2011). https://www.html5rocks.com/en/tutorials/webperformance/basics/

  47. Rainie, L., et al:. “Anonymity, Privacy, and Security Online.” Pew Research Center: Internet, Science & Tech. (2013). https://www.pewinternet.org/2013/09/05/anonymity-privacy-and-security-online/

  48. StatCounter Global Stats. http://gs.statcounter.com/. (2017)

  49. Okazaki, N., Toyoda, K., Yokoyama, E., So, H., Katayama, T., Park, M.: Countermeasure against fingerprinting attack in Tor by separated contents retrieval. IEICE Commun. Express 4(12), 370–375 (2015)

    Article  Google Scholar 

  50. Yang, Q., Gasti, P., Zhou, G., Farajidavar, A., Balagani, K.S.: On inferring browsing activity on smartphones via USB power analysis side-channel. IEEE Trans. Inf. Forensics Secur. 12(5), 1056–1066 (2017)

    Article  Google Scholar 

  51. Gu, X., Yang, M., Luo, J.: A novel website fingerprinting attack against multi-tab browsing behavior. In: Computer Supported Cooperative Work in Design (CSCWD), IEEE 19th International Conference on 2015, pp. 234–239. IEEE (2015)

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Sami Zhioua.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Al-Shehari, T., Zhioua, S. An empirical study of web browsers’ resistance to traffic analysis and website fingerprinting attacks. Cluster Comput 21, 1917–1931 (2018). https://doi.org/10.1007/s10586-018-2817-4

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-018-2817-4

Keywords

  • User privacy
  • Anonymity system
  • Traffic analysis
  • Website fingerprinting
  • Web browsers