Website fingerprinting on early QUIC traffic
- URL: http://arxiv.org/abs/2101.11871v2
- Date: Mon, 15 Nov 2021 14:27:42 GMT
- Title: Website fingerprinting on early QUIC traffic
- Authors: Pengwei Zhan, Liming Wang, Yi Tang
- Abstract summary: We study the vulnerabilities of GQUIC, IQUIC, and HTTPS to WFP attacks from the perspective of traffic analysis.
GQUIC is the most vulnerable to WFP attacks among GQUIC, IQUIC, and HTTPS, while IQUIC is more vulnerable than HTTPS, but the vulnerability of the three protocols is similar in the normal full traffic scenario.
- Score: 12.18618920843956
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Cryptographic protocols have been widely used to protect the user's privacy
and avoid exposing private information. QUIC (Quick UDP Internet Connections),
including the version originally designed by Google (GQUIC) and the version
standardized by IETF (IQUIC), as alternatives to the traditional HTTP,
demonstrate their unique transmission characteristics: based on UDP for
encrypted resource transmitting, accelerating web page rendering. However,
existing encrypted transmission schemes based on TCP are vulnerable to website
fingerprinting (WFP) attacks, allowing adversaries to infer the users' visited
websites by eavesdropping on the transmission channel. Whether GQUIC and IQUIC
can effectively resist such attacks is worth investigating. In this paper, we
study the vulnerabilities of GQUIC, IQUIC, and HTTPS to WFP attacks from the
perspective of traffic analysis. Extensive experiments show that, in the early
traffic scenario, GQUIC is the most vulnerable to WFP attacks among GQUIC,
IQUIC, and HTTPS, while IQUIC is more vulnerable than HTTPS, but the
vulnerability of the three protocols is similar in the normal full traffic
scenario. Features transferring analysis shows that most features are
transferable between protocols when on normal full traffic scenario. However,
combining with the qualitative analysis of latent feature representation, we
find that the transferring is inefficient when on early traffic, as GQUIC,
IQUIC, and HTTPS show the significantly different magnitude of variation in the
traffic distribution on early traffic. By upgrading the one-time WFP attacks to
multiple WFP Top-a attacks, we find that the attack accuracy on GQUIC and IQUIC
reach 95.4% and 95.5%, respectively, with only 40 packets and just using simple
features, whereas reach only 60.7% when on HTTPS. We also demonstrate that the
vulnerability of IQUIC is only slightly dependent on the network environment.
Related papers
- Rethinking the Vulnerabilities of Face Recognition Systems:From a Practical Perspective [53.24281798458074]
Face Recognition Systems (FRS) have increasingly integrated into critical applications, including surveillance and user authentication.
Recent studies have revealed vulnerabilities in FRS to adversarial (e.g., adversarial patch attacks) and backdoor attacks (e.g., training data poisoning)
arXiv Detail & Related papers (2024-05-21T13:34:23Z) - EmInspector: Combating Backdoor Attacks in Federated Self-Supervised Learning Through Embedding Inspection [53.25863925815954]
Federated self-supervised learning (FSSL) has emerged as a promising paradigm that enables the exploitation of clients' vast amounts of unlabeled data.
While FSSL offers advantages, its susceptibility to backdoor attacks has not been investigated.
We propose the Embedding Inspector (EmInspector) that detects malicious clients by inspecting the embedding space of local models.
arXiv Detail & Related papers (2024-05-21T06:14:49Z) - A Quantum of QUIC: Dissecting Cryptography with Post-Quantum Insights [2.522402937703098]
QUIC is a new network protocol standardized in 2021.
It was designed to replace the TCP/TLS stack and is based on UDP.
This paper presents a detailed evaluation of the impact of cryptography on QUIC performance.
arXiv Detail & Related papers (2024-05-15T11:27:28Z) - A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure.
This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus.
We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
arXiv Detail & Related papers (2024-01-19T14:52:04Z) - Feature Analysis of Encrypted Malicious Traffic [3.3148826359547514]
In recent years there has been a dramatic increase in the number of malware attacks that use encrypted HTTP traffic for self-propagation or communication.
Antivirus software and firewalls typically will not have access to encryption keys, and therefore direct detection of encrypted data is unlikely to succeed.
Previous work has shown that traffic analysis can provide indications of malicious intent, even in cases where the underlying data remains encrypted.
arXiv Detail & Related papers (2023-12-06T12:04:28Z) - Tamper-Evident Pairing [55.2480439325792]
Tamper-Evident Pairing (TEP) is an improvement of the Push-Button configuration (PBC) standard.
TEP relies on the Tamper-Evident Announcement (TEA), which guarantees that an adversary can neither tamper a transmitted message without being detected, nor hide the fact that the message has been sent.
This paper provides a comprehensive overview of the TEP protocol, including all information needed to understand how it works.
arXiv Detail & Related papers (2023-11-24T18:54:00Z) - Application-layer Characterization and Traffic Analysis for Encrypted QUIC Transport Protocol [14.40132345175898]
We propose a novel rule-based approach to estimate the application-level traffic attributes without decrypting QUIC packets.
Based on the size, timing, and direction information, our proposed algorithm analyzes the associated network traffic.
The inferred HTTP attributes can be used to evaluate the QoE of application-layer services and identify the service categories for traffic classification in the encrypted QUIC connections.
arXiv Detail & Related papers (2023-10-10T20:09:46Z) - Breaking On-Chip Communication Anonymity using Flow Correlation Attacks [2.977255700811213]
We investigate the security strength of existing anonymous routing protocols in Network-on-Chip (NoC) architectures.
We show that the existing anonymous routing is vulnerable to machine learning (ML) based flow correlation attacks on NoCs.
We propose lightweight anonymous routing with traffic obfuscation techniques to defend against ML-based flow correlation attacks.
arXiv Detail & Related papers (2023-09-27T14:32:39Z) - Efficient and Low Overhead Website Fingerprinting Attacks and Defenses
based on TCP/IP Traffic [16.6602652644935]
Website fingerprinting attacks based on machine learning and deep learning tend to use the most typical features to achieve a satisfactory performance of attacking rate.
To defend against such attacks, random packet defense (RPD) with a high cost of excessive network overhead is usually applied.
We propose a filter-assisted attack against RPD, which can filter out the injected noises using the statistical characteristics of TCP/IP traffic.
We further improve the list-based defense by a traffic splitting mechanism, which can combat the mentioned attacks as well as save a considerable amount of network overhead.
arXiv Detail & Related papers (2023-02-27T13:45:15Z) - Measurement-driven Security Analysis of Imperceptible Impersonation
Attacks [54.727945432381716]
We study the exploitability of Deep Neural Network-based Face Recognition systems.
We show that factors such as skin color, gender, and age, impact the ability to carry out an attack on a specific target victim.
We also study the feasibility of constructing universal attacks that are robust to different poses or views of the attacker's face.
arXiv Detail & Related papers (2020-08-26T19:27:27Z) - A Self-supervised Approach for Adversarial Robustness [105.88250594033053]
Adversarial examples can cause catastrophic mistakes in Deep Neural Network (DNNs) based vision systems.
This paper proposes a self-supervised adversarial training mechanism in the input space.
It provides significant robustness against the textbfunseen adversarial attacks.
arXiv Detail & Related papers (2020-06-08T20:42:39Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.