Conference proceeding
Glove: A Bespoke Website Fingerprinting Defense
Proceedings of the 13th Workshop on privacy in the electronic society, pp.131-134
WPES '14
11/03/2014
DOI: 10.1145/2665943.2665950
Abstract
Website fingerprinting attacks have recently emerged as a serious threat against web browsing privacy mechanisms, such as SSL, Tor, and encrypting tunnels. Researchers have proposed numerous attacks and defenses, and the Tor project currently includes both network- and browser-level defenses against these attacks, but published defenses have high overhead, poor security, or both.
In this paper we present preliminary results of {Glove}, a new SSH based defense. Glove is based on the observation that current defenses are expensive not because website traces are different, but because the defense, operating blindly, does not know how to add cover traffic and therefore, puts it everywhere. Instead, Glove uses existing knowledge of a websites traces to add cover traffic conservatively while maintaining high levels of security. Further, Glove satisfies the information theoretic definitions of security defined in prior work -- i.e., it is resistant to any fingerprinting adversary. Our simulations show that Glove performs better than all currently proposed SSH based defenses in terms of the security-overhead trade-off.
Details
- Title: Subtitle
- Glove: A Bespoke Website Fingerprinting Defense
- Creators
- Rishab NithyanandXiang CaiRob Johnson
- Resource Type
- Conference proceeding
- Publication Details
- Proceedings of the 13th Workshop on privacy in the electronic society, pp.131-134
- Publisher
- ACM
- Series
- WPES '14
- DOI
- 10.1145/2665943.2665950
- ISSN
- 1543-7221
- Language
- English
- Date published
- 11/03/2014
- Academic Unit
- Computer Science; Public Policy Center (Archive); Center for Social Science Innovation
- Record Identifier
- 9984002482702771
Metrics
12 Record Views