【 摘 要 】

The Internet has become an integral part of modern life. At the same time, as we spend increasingly more time online, our digital trails, including the identities of the websites we visit, can reveal sensitive personal information. As a result, researchers have devised schemes that seek to enable users to obfuscate the network traffic fingerprints of the websites they visit; however, being ad hoc attempts, these schemes have all been later found to be ineffective against more sophisticated attacks. Thus, researchers have recently proposed a family of provable defenses called BuFLO, or Buffered Fixed-Length Obfuscator, that provides strong privacy guarantees at the expense of high overhead.Orthogonal to these defenses, the popular Tor anonymity network provides some protection against these attacks but is nonetheless susceptible. In this dissertation, we propose a simple design that uses BuFLO to protect web browsing traffic over Tor: tunnel the BuFLO channel through Tor. In order to evaluate the design, for both live experiments as well as large-scale simulations, we need precise models of the traffic profiles generated by a browser's visiting websites. This in turn requires us to obtain a fine-grained model of the web page loading process, two key components of which are the browser and the web page. After diving into the immensely complex web page loading process, we instrument the browser in order to extract bits of information as it loads a web page; this enables us to obtain the models for 50 top Alexa-ranked global websites. Following that, we build a traffic generator framework to generate network traffic according to the models. Next, we design and implement from scratch CS-Tamaraw, a congestion-sensitive version of Tamaraw, the most secure member of the BuFLO family.With all the pieces in hand, we perform live experiments to confirm that CS-Tamaraw provides the predicted gains in privacy as in the original study. However, when CS-Tamaraw is tunneled through Tor as we propose, its defense degrades significantly. We then conduct experiments to determine whether CS-Tamaraw is at fault. Both CS-Tamaraw and a simple, barebone, application-layer defense work largely as expected without Tor but are similarly afflicted when tunneled through Tor. Further investigations suggest that the unexpected results are due to artifacts in network conditions and not due to flaws in the design or implementation of CS-Tamaraw. We end after discussing the large-scale simulation studies with various levels of adoption of CS-Tamaraw.

【 预 览 】

附件列表

Files	Size	Format	View
Performance and security tradeoffs of provable website traffic fingerprinting defenses over Tor	803KB	PDF	download