The Impact of QUIC on the Website-Fingerprinting Landscape and Prospective Defences
Open access
Author
Date
2022Type
- Doctoral Thesis
ETH Bibliography
yes
Altmetrics
Abstract
Our usage of the World Wide Web is now deeply intertwined with every aspect of our modern lives. As we travel the Web, the sites we visit, the videos we watch, and the items we buy reflect our interests, beliefs, and desires. This wealth of user information is now used not only to profile, but also to control millions of people.
Despite the use of encryption and intermediate proxies on the Web, website fingerprinting can reveal a user’s visited websites. In network-based website fingerprinting, an adversary located in the network between the user and their encryption proxy statistically analyses features of the encrypted traffic (packet sizes, timings, etc.) to identify the website. Existing studies on these attacks and their defences have focused on web traffic transferred over the transmission control protocol (TCP), however, the Web is now undergoing a transition to the new QUIC protocol. This research therefore aims to bridge the gap between the current state of website-fingerprinting and the modern Web layered atop QUIC.
In this dissertation, we study the transition's impact on current website-fingerprinting attacks and explore new defence possibilities created by QUIC. First, we investigate whether attackers need to consider the transition, whether current attacks apply to the new Web, and if websites visited over QUIC are more difficult to fingerprint. By employing state-of-the-art attacks on QUIC-TCP datasets, we find that these attacks remain a threat with QUIC and, although QUIC is not more difficult to fingerprint, an adversary would need to consider both QUIC and TCP in their analyses to avoid being evaded by the use of the other protocol.
Second, we show that QUIC's new features (multiplexed data streams, padding, etc.) and its presence in the Web present unique defence opportunities. We use QUIC to design a defence framework that bidirectionally shapes network traffic towards a target defence, solely from the client. Our results from two defence case studies demonstrate the potential of client-side only defences to reduce barriers to deploying defences.
Finally, we improve the strategies used by traffic-splitting defences, which utilise features like QUIC's connection migration, to defend by distributing traffic on multiple network paths. We devise an optimisation-based splitting strategy and a model that helps to explain the effectiveness of various splitting strategies. We show that this model can be used as an estimate of the effectiveness of a splitting strategy and use it to improve existing traffic-splitting strategies.
These findings indicate that website fingerprinting continues to be a threat to users in the modern Web layered atop QUIC, but that QUIC also provides opportunities for deployable, innovative defences. Furthermore, our combined QUIC and TCP website-fingerprinting methods and datasets, and our demonstration of a QUIC-based client-side only defence provide the foundation for further research in the QUIC website-fingerprinting landscape. Show more
Permanent link
https://doi.org/10.3929/ethz-b-000603491Publication status
publishedExternal links
Search print copy at ETH Library
Publisher
ETH ZurichSubject
website fingerprinting; QUIC; traffic analysis; privacy; machine learningOrganisational unit
03975 - Perrig, Adrian / Perrig, Adrian
More
Show all metadata
ETH Bibliography
yes
Altmetrics