Peek-a-Boo Box Construction Mrs. Nadine Allen Pearson Elementary
Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You:...
Transcript of Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You:...
![Page 1: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/1.jpg)
Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures FailKevin P DyerPortland State University
Joint work with:Scott Coull, RedJack LLCThomas Ristenpart, University of Wisconsin-MadisonThomas Shrimpton, Portland State University
1
Wednesday, May 23, 12
![Page 2: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/2.jpg)
Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail...
...to prevent website fingerprinting.
2
Wednesday, May 23, 12
![Page 3: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/3.jpg)
- only proxy’s IP address revealed- encryption hides everything else
Attacker’s goal is to identify the
webpage requested.
The client makes a single request for a webpage over an encrypted link.
Client Proxy
3
Security Intuition:
Wednesday, May 23, 12
![Page 4: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/4.jpg)
Attacker learns: • packet lengths• packet directions• packet timings}Enables traffic analysis attacks.
Client Proxy
4
[Sun et al. ’02][Bissias et al. ‘05][Liberatore and Levine ’06][Herrmann et al. ’09][Wright et al. ’09]
[Lu et al. ’10][Chen et al. ’10][Luo et al. ’11][Panchenko et al. ’11]
But show otherwise
Wednesday, May 23, 12
![Page 5: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/5.jpg)
[Liberatore and Levine ’06] Attack Scenario
SSH protected link
2. Attacker knows the finite universe of webpages.
Adversary knows the universe of sites.
1. Attacker knows whatclient software is used.
3. Attacker has labeled training data.
ProxyClient
5
Wednesday, May 23, 12
![Page 6: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/6.jpg)
[Liberatore and Levine ’06] Attack
naive Bayes Classifier:(packet direction, packet length) counts
Attacker can identify randomly chosenwebpage with 68% accuracy!
Packet lengths are a damaging side-channel
SSH protected link
k=1000webpages
ProxyClient
6
Wednesday, May 23, 12
![Page 7: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/7.jpg)
ProxyClient
Countermeasure
7
Example countermeasures:• Pad to MTU• Pad to random-length• “Mice-elephants” padding• Traffic Morphing [Wright et al. ’09]• SSL RFC-compliant padding [SSL 3.0 RFC ’99]• ...
Wednesday, May 23, 12
![Page 8: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/8.jpg)
ProxyClient
Countermeasure
Example countermeasures:• Pad to MTU• Pad to random-length• “Mice-elephants” padding• Traffic Morphing [Wright et al. ’09]• SSL RFC-compliant padding [SSL 3.0 RFC ’99]• ...
Do these countermeasuresprevent TA attacks?
8
Wednesday, May 23, 12
![Page 9: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/9.jpg)
k=2
k=1000
# ofwebpages
8% [LL]68% [LL]
No Countermeasure Pad to MTU
Prior work does not provide a clear answer
9
Wednesday, May 23, 12
![Page 10: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/10.jpg)
k=2
k=1000
# ofwebpages
68% [LL] 8% [LL]
86% [W]98% [W]
No Countermeasure Pad to MTU
10
Prior work does not provide a clear answer
Wednesday, May 23, 12
![Page 11: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/11.jpg)
k=2
k=1000
# ofwebpages
k=77598% [H]
No Countermeasure Pad to MTU
68% [LL] 8% [LL]
86% [W]98% [W]
11
Prior work does not provide a clear answer
Wednesday, May 23, 12
![Page 12: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/12.jpg)
What about other values
of k?
k=2
k=1000
# ofwebpages
k=77598% [H]
68% [LL] 8% [LL]
86% [W]98% [W]
No Countermeasure Pad to MTU
12
Prior work does not provide a clear answer
Wednesday, May 23, 12
![Page 13: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/13.jpg)
What about other values
of k?
k=2
k=1000
# ofwebpages
68% [LL]
k=775
8% [LL]
98% [H]
No Countermeasure Pad to MTU
13
Prior work does not provide a clear answer
Does the data setused impact efficacy?
86% [W]98% [W]
Wednesday, May 23, 12
![Page 14: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/14.jpg)
What about other values
of k?
What about other classification strategies?
k=2
k=1000
# ofwebpages
68% [LL]
k=775
8% [LL]
98% [H]
No Countermeasure Pad to MTU
14
Prior work does not provide a clear answer
Does the data setused impact efficacy?
86% [W]98% [W]
Wednesday, May 23, 12
![Page 15: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/15.jpg)
What about other values
of k?
k=2
k=1000
# ofwebpages
68% [LL]
k=775
8% [LL]
98% [H]
No Countermeasure Pad to MTU What about other countermeasures?
15
Prior work does not provide a clear answer
What about other classification strategies?
Does the data setused impact efficacy?
86% [W]98% [W]
Wednesday, May 23, 12
![Page 16: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/16.jpg)
Our work
1. Comprehensive evaluation of traffic analysis countermeasures.
16
No countermeasure works in the LL setting.
2. In-depth analysis of traffic features
Coarse features (e.g., time, bandwidth) enable high-accuracy attacksdespite countermeasures
Wednesday, May 23, 12
![Page 17: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/17.jpg)
Our work
1. Comprehensive evaluation of traffic analysis countermeasures.
17
No countermeasure works in the LL setting.
2. In-depth analysis of traffic features
Pessimistic conclusion: efficient countermeasures can’t hide “coarse” features.
Coarse features (e.g., time, bandwidth) enable high-accuracy attacksdespite countermeasures
Wednesday, May 23, 12
![Page 18: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/18.jpg)
Our Comprehensive Analysis
9 countermeasures
6 classifiers
10 “universe” sizes
2 data sets
5 padding schemes2 TLS/SSH “inspired” padding schemes
2 versions of traffic morphing
[Liberatore and Levine] naive Bayes, Jaccard[Wright et al.] naive Bayes
[Lu et al.] edit distance[Herrmann et al.] multinomial naive-Bayes[Panchenko et al.] support vector machine
k=2,4,8,16,32,64,128,256,512,775
Liberatore and Levine (2000 websites)Herrmann et al. (775 websites)
18
Wednesday, May 23, 12
![Page 19: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/19.jpg)
The countermeasures
19
• Session Random 255• Packet Random 255• Linear Padding • Exponential Padding• Mice-Elephants Padding• Pad to MTU• Packet Random MTU• Traffic Morphing• Direct Target Sampling
Wednesday, May 23, 12
![Page 20: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/20.jpg)
The countermeasures
20
• Session Random 255• Packet Random 255• Linear Padding • Exponential Padding• Mice-Elephants Padding• Pad to MTU• Packet Random MTU• Traffic Morphing• Direct Target Sampling
Every packet on the wire is padded to a fixed length.
Wednesday, May 23, 12
![Page 21: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/21.jpg)
The countermeasures
21
• Session Random 255• Packet Random 255• Linear Padding • Exponential Padding• Mice-Elephants Padding• Pad to MTU• Packet Random MTU• Traffic Morphing• Direct Target Sampling
[Wright et al. ’09]- Pads packets- Chops packets- Sends dummy packets- Mimics packet-length distributions
Every packet on the wire is padded to a fixed length.
Wednesday, May 23, 12
![Page 22: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/22.jpg)
Some representative results
22
None Pad to MTU Traffic Morphing
Herrmann et al. 99% 2% 3%
Liberatore and Levine 97% 41% 17%
Panchenko et al. 96% 82% 81%
Classifier accuracy at k=512
Wednesday, May 23, 12
![Page 23: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/23.jpg)
Some representative results
23
None Pad to MTU Traffic Morphing
Herrmann et al. 99% 2% 3%
Liberatore and Levine 97% 41% 17%
Panchenko et al. 96% 82% 81%
Classifier accuracy at k=512
Best performer with no countermeasure applied.
Wednesday, May 23, 12
![Page 24: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/24.jpg)
Some representative results
24
None Pad to MTU Traffic Morphing
Herrmann et al. 99% 2% 3%
Liberatore and Levine 97% 41% 17%
Panchenko et al. 96% 82% 81%
Classifier accuracy at k=512
Best performer with countermeasures applied.
Best performer with no countermeasure applied.
Wednesday, May 23, 12
![Page 25: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/25.jpg)
Under the hood of the [Panchenko ’11] classifier
Pad to MTU 82% at k=512Traffic Morphing 81% at k=512
25
Wednesday, May 23, 12
![Page 26: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/26.jpg)
Support vector machine
Features used:Packet lengths upstreamPacket lengths downstreamBurst bandwidth upstreamBurst bandwidth downstreamHTML marker downstreamNumber markers upstreamNumber markers downstreamTotal bytes transmitted upstreamTotal bytes transmitted downstreamPercentage of downstream packetsTotal number of packets upstreamTotal number of packets downstreamOccurring packet lengths downstreamOccurring packet lengths upstream
WHY?
Pad to MTU 82% at k=512Traffic Morphing 81% at k=512
26
Under the hood of the [Panchenko ’11] classifier
Wednesday, May 23, 12
![Page 27: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/27.jpg)
Support vector machine
Features used:Packet lengths upstreamPacket lengths downstreamBurst bandwidth upstreamBurst bandwidth downstreamHTML marker downstreamNumber markers upstreamNumber markers downstreamTotal bytes transmitted upstreamTotal bytes transmitted downstreamPercentage of downstream packetsTotal number of packets upstreamTotal number of packets downstreamOccurring packet lengths downstreamOccurring packet lengths upstream
WHY?
Pad to MTU 82% at k=512Traffic Morphing 81% at k=512
X
?
27
Under the hood of the [Panchenko ’11] classifier
Wednesday, May 23, 12
![Page 28: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/28.jpg)
Support vector machine
Features used:Packet lengths upstreamPacket lengths downstreamBurst bandwidth upstreamBurst bandwidth downstreamHTML marker downstreamNumber markers upstreamNumber markers downstreamTotal bytes transmitted upstreamTotal bytes transmitted downstreamPercentage of downstream packetsTotal number of packets upstreamTotal number of packets downstreamOccurring packet lengths downstreamOccurring packet lengths upstream
WHY?
Pad to MTU 82% at k=512Traffic Morphing 81% at k=512
X
?
28
Under the hood of the [Panchenko ’11] classifier
Wednesday, May 23, 12
![Page 29: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/29.jpg)
Digging deeper: Understanding the features
29
1. Identify “coarse” feature.
2. Implement a feature-specific classifier.
3. Run classifier against all countermeasures.
Time Bandwidth Burst Bandwidth
Wednesday, May 23, 12
![Page 30: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/30.jpg)
“Coarse” Traffic Features with Pad to MTU
None Pad to MTUtime 2.8s 2.8sbandwidth 277KB 347KBbursts 13 13
None Pad to MTUtime 5.2s 5.2sbandwidth 1794KB 2560KBbursts 107 107
30
Wednesday, May 23, 12
![Page 31: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/31.jpg)
Feature: Time Elapsed
Useful for small values of k
“Pad to MTU” 5% at k=512
31
Wednesday, May 23, 12
![Page 32: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/32.jpg)
Feature: Bandwidth
More robust to large values k than the time classifier
Still a “coarse” measurement
“Pad to MTU” 42% at k=512
32
Wednesday, May 23, 12
![Page 33: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/33.jpg)
Feature: Burst Bandwidth
“Pad to MTU” 71% at k=512
33
Wednesday, May 23, 12
![Page 34: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/34.jpg)
34
80% at k=512
Putting coarse features together: simple naive Bayes classifier using•Total download time•Total bandwidth•Burst bandwidth
Wednesday, May 23, 12
![Page 35: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/35.jpg)
35
80% at k=512
Putting coarse features together: simple naive Bayes classifier using•Total download time•Total bandwidth•Burst bandwidth
82% at k=512
Wednesday, May 23, 12
![Page 36: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/36.jpg)
36
80% at k=512
Putting coarse features together: simple naive Bayes classifier using•Total download time•Total bandwidth•Burst bandwidth
82% at k=512
Coarse features are sufficient for high-accuracy
classification.
Wednesday, May 23, 12
![Page 37: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/37.jpg)
Can countermeasures obfuscate coarse features?
37
- fixed-length packets
- packets at a fixed interval
- packets for at least a fixed amount of time
In theory we can obfuscate all features by sending:
... but this destroys efficiency
Wednesday, May 23, 12
![Page 38: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/38.jpg)
Can countermeasures obfuscate coarse features?
time 2.8s
bandwidth 277KB
bursts 13
time 5.2s
bandwidth 1794KB
bursts 107
38
Wednesday, May 23, 12
![Page 39: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/39.jpg)
Can countermeasures obfuscate coarse features?
time 2.8s
bandwidth 277KB
bursts 13
time 5.2s
bandwidth 1794KB
bursts 107
1794/277 = 6.48
39
Wednesday, May 23, 12
![Page 40: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/40.jpg)
Where do we go from here?
40
Bad news: efficient countermeasure don’t work in the LL setting
Wednesday, May 23, 12
![Page 41: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/41.jpg)
Where do we go from here?
41
Bad news: efficient countermeasure don’t work in the LL setting
Open question 1: What is the impact of real-world artifacts?Caching, inter-leaved downloading, hurdles to training
Wednesday, May 23, 12
![Page 42: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/42.jpg)
Where do we go from here?
42
Bad news: efficient countermeasure don’t work in the LL setting
Open question 2: Can we improve application-layer countermeasures?HTTPOS [Luo et al. ’11], Camouflage [Panchenko et al. ’11]
Open question 1: What is the impact of real-world artifacts?Caching, inter-leaved downloading, hurdles to training
Wednesday, May 23, 12
![Page 43: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/43.jpg)
Where do we go from here?
43
VoIP [Wright et al. ’07, ’08] [White et al. ’11],Web App leaks [Chen et al. ’10]...
Bad news: efficient countermeasure don’t work in the LL setting
Open question 1: What is the impact of real-world artifacts?
Open question 2: Can we improve application-layer countermeasures?HTTPOS [Luo et al. ’11], Camouflage [Panchenko et al. ’11]
Open question 3: Do these countermeasures work for other settings?
Caching, inter-leaved downloading, hurdles to training
Wednesday, May 23, 12
![Page 44: Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis ... · Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail Kevin P Dyer Portland State](https://reader034.fdocuments.in/reader034/viewer/2022042916/5f576023d40a81006077951c/html5/thumbnails/44.jpg)
Summary
Coarse features are sufficient for high-accuracy
classification.
44
1. None of the countermeasures work (in the LL setting)
2. Countermeasures fail because they don’t conceal “coarse” features
3. Efficient countermeasures can’t hide “coarse” features
Wednesday, May 23, 12